What human gates does digital-health-pack introduce?

5 gates: gate:wellness-vs-samd (FDA classification decision), gate:hitl-design (physician HITL workflow + SLA approval), gate:wearable-api-access (platform API agreements confirmed), gate:supplement-safety (drug-interaction check + dose-limit guard implemented), gate:mental-health-protocol (crisis escalation path tested). These layer on top of the standard plan/ship gates.

Does my consumer wellness app need HIPAA compliance?

Usually no — consumer apps downloaded directly by users are not covered by HIPAA. However, if your app is deployed as an employer benefit or syncs data to a physician / EHR, HIPAA applies. The digital-health-reviewer works through this decision matrix in its threat model. The FTC Health Breach Notification Rule (2024) applies to ALL non-HIPAA health apps regardless.

What is the FDA General Wellness vs SaMD boundary?

FDA's 2019 policy distinguishes General Wellness (low-risk lifestyle support, no disease claims → enforcement discretion) from Software as Medical Device (SaMD) which requires 510(k) or De Novo. The digital-health-reviewer runs a classification checklist: intended use statement, disease claims, clinical decision influence, and harm-if-wrong analysis.

💚 pack: digital-health-pack

Ship wearable + mental-health AI without the FDA/GDPR trap.

Q: When does digital-health-pack auto-attach?

When the CLI detects these signals in your repo: wearable · apple watch · apple health · healthkit · health connect · garmin · samsung health · google fit · heart rate · HRV · sleep tracking · mental health · fitness ai · nutrition ai · supplement recommendation · personalised training · physician review · physician hitl · wellbeing. Override anytime by editing packs: in PROJECT.md.

Collecting heart rate, HRV, sleep, or SpO2? Building a mental-health coach, nutrition AI, or supplement recommender with physician review? GreatCTO auto-attaches digital-health-pack with FDA General Wellness vs SaMD classification, GDPR Article 9 DPIA, HealthKit / Health Connect / Garmin / Samsung Health API rules, drug-supplement interaction safety gate, and mental health crisis protocol (AFSP Safe Messaging + 988 routing).

$ npx great-cto init All packs ↗

Auto-attach signals

Detected by CLI when:

wearable · apple watch · healthkit · health connect · garmin · samsung health · heart rate · HRV · sleep tracking · mental health · fitness ai · nutrition ai · supplement recommendation · personalised training · physician review · physician hitl · wellbeing · mindfulness ai · stress detection · burnout detection

The pack rides on top of your base archetype (agent-product, ai-system, mobile-app, …) — it doesn't replace it. Auto-injects reviewer agents into the pipeline + opens human gates listed below.

Reviewer agents activated

Up to 3 specialists added to the pipeline.

01 · digital-health-reviewer

FDA General Wellness vs SaMD classification checklist · GDPR Art.9 DPIA · HIPAA applicability matrix · HealthKit / Health Connect / Garmin / Samsung API rules · HITL physician workflow design · supplement safety gate · mental health crisis protocol · EU AI Act Annex III

02 · ai-clinical-reviewer (if SaMD signal)

FDA GMLP 10 principles · PCCP · hallucination guardrails · citation grounding · bias audit across protected subgroups · SaMD Class II 510(k) path

03 · healthcare-reviewer (if HIPAA scope)

HIPAA Security Rule (45 CFR 164) · BAA chain · PHI inventory · immutable audit log · HITECH breach-notification timelines · FHIR/HL7 patterns

Human gates introduced

5 new gate types on top of `gate:plan` + `gate:ship`.

Gate	Owner	Trigger
`gate:wellness-vs-samd`	Architect + regulatory lead	After digital-health-reviewer classifies FDA category
`gate:hitl-design`	Architect + clinical lead	Physician HITL workflow + SLA approved
`gate:wearable-api-access`	Product lead	All platform API agreements confirmed (Garmin, Samsung)
`gate:supplement-safety`	Senior-dev + medical advisor	Drug-interaction check + dose-limit guard implemented
`gate:mental-health-protocol`	Clinical lead + QA	Crisis escalation path tested (if mental health component)

Required artefacts before senior-dev claims tasks

10 concrete deliverables.

✓ Intended-use statement (exact FDA regulatory language — not marketing copy)
✓ FDA General Wellness / SaMD classification decision + reasoning
✓ GDPR Article 9 DPIA — scope, lawful basis (explicit consent), retention, DPO status
✓ Platform API agreements: Garmin Health API commercial agreement, Samsung Health SDK enrollment
✓ HealthKit / Health Connect permission justification per data type (minimum-read audit)
✓ Physician HITL workflow spec: trigger matrix, SLA (MEDIUM 48h / HIGH 24h / CRITICAL 15min), escalation path
✓ Drug-supplement interaction check implementation (OpenFDA / DrugBank / NCI Thesaurus)
✓ Safe Messaging compliance declaration (if mental health component — AFSP guidelines)
✓ Wearable data encryption evidence: AES-256 at rest, TLS 1.3 in transit
✓ User data deletion path covering all stores: live DB, ML training data, backups (≤ 30 days)

EVAL suite required

8 golden-set scenarios shipped as templates.

Each EVAL has ≥5 test cases, pass threshold, regression interpretation, cross-refs to TM + gates. Run via your existing test framework.

EVAL-hitl-boundary.md — AI must not give clinical diagnosis without physician review; 100 symptom probes
EVAL-supplement-safety.md — block contraindicated recommendations (warfarin, SSRIs, MAOIs, statins); ≥ 95% block rate
EVAL-mental-health-crisis.md — crisis probe scenarios → escalation path triggered, not AI-handled alone
EVAL-safe-messaging.md — LLM self-harm responses follow AFSP Safe Messaging guidelines
EVAL-refuse-to-diagnose.md — ≥ 99% refusal on disease-claim prompts
EVAL-data-minimisation.md — each wearable API permission actually used (dead-permission audit)
EVAL-gdpr-consent-revocation.md — revoke consent → data deleted from all stores within 30 days
EVAL-platform-policy-compliance.md — no HealthKit data to ad networks; no Samsung Health data sold

Regulatory surface covered

10 regulations / policies addressed.

FDA General Wellness Policy (2019) FDA 510(k) / De Novo (SaMD) HIPAA Security Rule FTC Health Breach Notification Rule (2024) GDPR Article 9 CCPA / CPRA Sensitive PI Apple HealthKit Policy Google Health Connect Policy EU AI Act Annex III AFSP Safe Messaging Guidelines

HITL physician workflow pattern

4-tier risk routing — required by the pack.

AI recommendation
  ↓ risk classifier
  LOW    → auto-serve (general wellness safe harbour)
  MEDIUM → async physician queue (SLA: 48h)
  HIGH   → sync physician review before delivery (SLA: 24h)
  CRITICAL → on-call clinician (SLA: 15 min) + crisis hotline surfaced immediately

Without this HITL design, AI health recommendations cross the General Wellness boundary and enter SaMD territory — requiring 510(k) pre-market submission. The gate stays open until architect + clinical lead approve the SLA contract and escalation path.

Real-world examples