A practicing LCSW built the infrastructure his own patients keep falling through.

Mental Wealth Solutions, Inc. is run by a Licensed Clinical Social Worker — not an ex-Facebook PM. Every architectural decision answers a clinical failure mode the founder has personally watched a patient lose to.

Book a 30-minute discovery call with Matthew Schedule clinical care at the PLLC

Where the pathway breaks — and how we close it

Healthtech founders without a clinical license set the clinical floor

The dominant patient-navigation vendors are built by product managers, ex-consultants, and ex-FAANG engineers who have never carried a caseload. The clinical floor is set by the people whose primary failure mode is a missed quarterly OKR, not a decompensating patient. Workflow gaps that any practicing clinician would catch in a session ship to production because nobody at the vendor has ever sat in the chair.

Non-clinical founder background — patient-navigation vendor industry norm cite

Cost when unaddressed: Clinical workflow defects discovered after a tenant goes live cost the receiving program weeks of remediation and erode clinician trust in the tool. The vendor cannot triage what the vendor cannot recognize.

Practicing LCSW founder, not a former one

Matthew Sexton holds an active LCSW license in New York, Florida, Maine, and Delaware and operates Matthew Sexton PLLC d/b/a Mental Wealth Solutions as a clinical practice in production today. Every architectural decision — closed-loop referral defaults, crisis-routing baseline, BAA inheritance chain, weekly HIPAA gate cadence — is reviewed against an active caseload. The PLLC clinical fees pay for the platform; the platform serves the PLLC patients first; the discipline transfers.

Active LCSW license in 4 states cite
Before 0 clinicians patient-navigation vendor C-suite — industry norm cite
After 1 LCSW founder, architect, principal — active caseload cite
Impact on healthtech founders without a clinical license set the clinical floor Methodology →

Fragmented clinician identity across portfolio sites destroys E-E-A-T

Multi-product vendors typically scatter founder credentials across product pages — a one-line bio on the parent site, a different bio on each product surface, no canonical Person identity, no machine-readable credential graph. Answer engines collapse the fragmented entities into a single low-authority node. The clinical credential becomes invisible to the LLM crawler the moment it counts.

Fragmented founder identity across portfolio surfaces — industry norm cite

Cost when unaddressed: Generic answer-engine results recommend non-clinical vendors over LCSW-founded ones because the credential graph is unreadable. The buyer asking ChatGPT for a HIPAA-compliant CCBHC tool gets the highest-spend competitor, not the highest-credentialed one.

Single canonical Person @id at PLLC

Every site in the Mental Wealth Solutions portfolio — MWS.org, HealthcareCheck.org, EAPCheck.org, CoachesCheck.org, TransplantCheck.org, VibeCheck.luxury, VeteranCheck.app — surfaces Matthew Sexton's Author Person schema with the same canonical @id at matthewsextonlcswpllc.org/#matthew-sexton. LCSW + NATC credentials, four-state license graph, and sameAs links to LinkedIn, X, GitHub, NPI, and Psychology Today are unified at the PLLC origin. The brand collapses into a single E-E-A-T-anchored clinical authority.

1 @id canonical Person across 7 surfaces
Before Scattered vendor founder identity industry norm cite
After Unified PLLC canonical Person @id across portfolio
Impact on fragmented clinician identity across portfolio sites destroys e-e-a-t Methodology →

Marketing-invented framework labels with no research substrate

Wellness vendors invent acronyms on demand — five-step methods, seven-pillar systems, four-quadrant maps — and stamp them on landing pages with no research grounding, no instrument validation, and no clinician peer review. The frameworks are SEO bait, not clinical instruments. When a tenant clinical director asks how a framework was developed, the answer is a marketing brief.

Marketing-invented wellness framework provenance — industry norm cite

Cost when unaddressed: A clinical director who licenses a framework with no research substrate inherits the liability of the framework's failure modes. The framework fails silently in the cases it was never tested against.

R.A.V.E.S. and S.T.O.I.C.K. — clinician-built, instrument-grounded

The R.A.V.E.S. Framework names five domains a clinician should track session-over-session — Recognition, Alignment, Value, Evidence, Sovereignty — operationalizing routine outcome monitoring against the clinical-outcome literature. The S.T.O.I.C.K. Method is a six-step nervous-system regulation protocol grounded in polyvagal theory and HPA-axis stress neuroscience, embedded in the VibeCheck app as a proprietary in-app tool. Both frameworks were developed inside an active LCSW caseload, refined against patient outcomes, and built to be instruments rather than slogans.

2 frameworks clinician-built, instrument-grounded cite
Before Slogan vendor framework — marketing brief cite
After Instrument R.A.V.E.S. + S.T.O.I.C.K. — clinical-substrate cite
Impact on marketing-invented framework labels with no research substrate Methodology →

PHI-touching apps without LCSW backstop carry uninsurable liability

Most behavioral-health and patient-navigation tools route around clinical liability by disclaiming clinical-decision-support entirely. The patient gets a self-help app with crisis-routing buried in the footer. When a user decompensates, the vendor's defense is that they were never a clinical service. The receiving clinician inherits a liability profile no clinical malpractice carrier wrote on the assumption that the vendor would carry it.

Disclaimed vendor clinical liability — industry norm cite

Cost when unaddressed: A coach, an EAP utilization spike, or a transplant pre-listing crisis without LCSW backstop becomes a 911 referral that the vendor disclaimed. The clinical relationship is severed at the worst possible moment.

LCSW backstop on every PHI-touching surface

Every PHI-touching surface in the portfolio — HealthcareCheck tenants, TransplantCheck deployments, EAPCheck B2B2C feeds, CoachesCheck bespoke practices, VibeCheck consumer wellness — inherits LCSW backstop coverage from the founder's active license. Crisis routing follows Stanley-Brown safety planning with 24-72 hour clinical follow-up. 988 single-tap is a baseline default, not an upsell. The clinical-decision-support disclaimer is replaced with documented clinical-supervision protocols.

Always-on LCSW backstop on every PHI surface cite
Before Disclaimed vendor clinical-decision-support liability cite
After Backstopped LCSW principal on every PHI tenant cite
Impact on phi-touching apps without lcsw backstop carry uninsurable liability Methodology →

Single-product vendor churn forces buyers to integrate five vendors

A CCBHC, a transplant program, an EAP, and a coaching network each license a different point solution from a different vendor. Five contracts, five BAAs, five portals, five audit-log formats, five escalation paths. The integration burden is invisible at signing and crippling at year three. The buyer ends up paying five separate vendors to recreate a single coordination workflow that none of them deliver alone.

5 vendors patient-navigation point-solution count — industry norm cite

Cost when unaddressed: Five-vendor sprawl is the long-tail cost that defeats every patient-navigation business case. The clinical director who signed five separate contracts spends year three trying to consolidate them.

Five verticals on a shared BAA-covered core

HealthcareCheck, TransplantCheck, EAPCheck, CoachesCheck, and VeteranCheck share one Postgres cluster on AWS RDS with pgcrypto column-level encryption, schema-per-tenant isolation, and Vertex AI under the executed Google Cloud BAA. Adding a vertical does not add a BAA negotiation. Adding a tenant does not add a vendor relationship. The buyer who licenses two surfaces gets one BAA chain and one audit log.

1 core BAA-covered shared infrastructure across 5 surfaces cite
Before 5 vendor BAAs per cross-vertical buyer cite
After 1 shared BAA chain across portfolio cite
Impact on single-product vendor churn forces buyers to integrate five vendors Methodology →

Vendor BAA hygiene drifts after launch and gets discovered at breach

Most vendors execute a HIPAA gate at deploy and never run it again. Six months later the encryption-at-rest configuration has drifted, audit-log integrity has not been verified, backup posture has not been tested. The next discovery moment is the breach notification. The clinical director discovers the gap from regulatory enforcement, not advance verification.

Annual vendor HIPAA audit cadence — industry norm cite

Cost when unaddressed: A breach notification under HHS Omnibus Rule reaches every patient and every regulatory body simultaneously. The cost of one drift event exceeds the cost of every weekly HIPAA gate the vendor refused to run.

Wednesday weekly HIPAA gate ritual

Every PHI-touching tenant runs a documented Wednesday HIPAA gate covering BAA inventory, encryption-at-rest verification, technical-safeguard automated test suite at the 43-control baseline per 45 CFR 164.312, audit-log integrity, and BCP/DR posture verification. Gate failure on any control blocks Thursday production deploys for that tenant. The gate is the recurring rehearsal, not the launch artifact.

Weekly HIPAA gate cadence — every PHI tenant cite
Before Annual vendor HIPAA audit cadence cite
After Weekly Wednesday HIPAA gate per PHI tenant cite
Impact on vendor baa hygiene drifts after launch and gets discovered at breach Methodology →

Methodology

How we measure

Mental Wealth Solutions, Inc. operates under one canonical discipline — BAA before vendor, gate before ship, patient before product. Founder Matthew Sexton, LCSW carries an active license in four states under the Association of State and Provincial Psychology Boards-aligned licensure framework, an active NATC certification in narcissistic-abuse treatment, and a Master's in Social Work. The PLLC clinical practice runs as the first HealthcareCheck tenant in production. The shared BAA-covered core — Vertex AI for Gemini inference under the executed Google Cloud BAA, AWS RDS Postgres with pgcrypto column-level encryption under the executed AWS BAA, S3 with KMS for audit logs and document vault — is the substrate every vertical inherits at provisioning. Clinical fidelity is measured by routine outcome monitoring across the R.A.V.E.S. domains, embedded in the VibeCheck app and surfaced to clinicians via tenant dashboards. CCBHC quality-measure reporting maps to the CMS 2025 measure set. UDS reporting for FQHC tenants maps to the HRSA 2024 modernization. SIPAT and KDQOL-36 calibration for transplant programs follow Maldonado 2012 and Chen 2016. EAP utilization-and-engagement reporting follows the workforce-mental-health literature. Coach-vertical scope follows the ICF Code of Ethics and the APA distinction between coaching and psychotherapy. Crisis safety follows Stanley-Brown structured safety planning embedded as a baseline default on every PHI-touching surface, not a vertical add-on. The discipline is invariant — the verticals differ only in clinical instrument and tenant skin.

What counts

  • All five Mental Wealth Solutions, Inc. verticals (HealthcareCheck, TransplantCheck, EAPCheck, CoachesCheck, VeteranCheck) operate under the shared BAA-covered core
  • Matthew Sexton PLLC d/b/a Mental Wealth Solutions runs as the first HealthcareCheck tenant in production — clinical infrastructure proves itself on its own caseload first
  • Author Person canonical @id at matthewsextonlcswpllc.org/#matthew-sexton applied across every site in the portfolio for unified E-E-A-T
  • Wednesday weekly HIPAA gate covers every PHI-touching tenant against the 43-control 45 CFR 164.312 baseline
  • R.A.V.E.S. + S.T.O.I.C.K. frameworks operationalized inside an active LCSW caseload before exposure to tenants
  • Crisis routing embedded as default on every PHI-touching surface — opt-out only via documented program-specific exception

What doesn't count

  • Bring-your-own-LLM requests (gated by partner BAA execution — Vertex AI Gemini is the only inference vendor today)
  • Multi-vendor LLM marketing claims (production runs Gemini exclusively under the executed Google Cloud BAA)
  • Direct consumer billing on PHI-touching surfaces (Stripe checkout lives only on MWS.org SaaS surface — PHI-adjacent billing routes invoice or HC tenant contract)
  • Any therapy or assessment claims by non-clinician staff (clinical work runs through the LCSW principal or licensed associates only)
  • Any framework or instrument claim without research substrate (R.A.V.E.S. and S.T.O.I.C.K. carry the only published clinical labels)
  • Crisis-routing opt-out without documented program-specific exception and executive sign-off
Sources: asppb-2019-state-licensure-board-mental-health , apa-2018-coaching-vs-psychotherapy-distinction , apa-2023-practitioner-pulse-survey , apa-2017-ethics-code-goldwater , google-cloud-2024-vertex-ai-baa , aws-2024-hipaa-eligible-services , hhs-2013-hipaa-omnibus-rule , hhs-45-cfr-164-312-technical-safeguards , nist-2017-sp-800-66-hipaa-implementation , onc-2024-hti-1-final-rule , fda-2022-software-medical-device-guidance , cms-2025-ccbhc-quality-measures , hrsa-2024-uds-modernization , maldonado-2012-sipat-validation , chen-2016-kdqol36-validation-chinese , icf-2020-code-of-ethics

How we compare

Sourced from primary citations — not vendor marketing claims.

Us Mental Wealth Solutions vs PM-led healthtech vendor vs Marketing-led wellness vendor vs Uncredentialed coach platform
Founder credential cite LCSW + NATC, active 4-state license, practicing clinician MBA + ex-FAANG PM, no clinical license Wellness consultant, no clinical license Coach certificate, no clinical license
Author Person canonical @id Unified at PLLC across 7 portfolio surfaces Fragmented per product page Marketing bio only — no schema No clinician identity to surface
Clinical framework provenance cite R.A.V.E.S. + S.T.O.I.C.K. — clinician-built, instrument-grounded Vendor white-paper, no instrument validation Marketing acronym, no research substrate Borrowed from coaching curriculum
PHI-touching liability backstop cite LCSW principal on every PHI surface — backstop included Disclaimed via terms of service Disclaimed via terms of service Coach-only — no clinician backstop
BAA chain across portfolio cite 1 shared core — Vertex AI + AWS + RDS pgcrypto Per-product BAA negotiation Often no BAA — non-PHI consumer wellness Often no BAA — non-PHI coach tooling
HIPAA gate cadence cite Weekly Wednesday gate — 43-control baseline Annual third-party audit None None
Clinical practice as first tenant Matthew Sexton PLLC runs in production today No vendor-owned clinical practice No vendor-owned clinical practice Coach practice — non-clinical

Frequently asked questions

Who is Matthew Sexton, LCSW?
Matthew Sexton, LCSW, NATC is a Licensed Clinical Social Worker and Certified Narcissistic Abuse Treatment Clinician licensed in New York, Florida, Maine, and Delaware. He is the founder of Mental Wealth Solutions, Inc., the parent corporation behind five white-label patient-navigation surfaces — HealthcareCheck, TransplantCheck, EAPCheck, CoachesCheck, and VeteranCheck. He is the creator of the R.A.V.E.S. Framework (Recognition, Alignment, Value, Evidence, Sovereignty — a five-domain system for measuring real therapeutic progress) and the S.T.O.I.C.K. Method (Stop, Take a Breath, Observe, Imagine, Choose, Kindness — a six-step nervous-system regulation protocol). He operates Matthew Sexton PLLC d/b/a Mental Wealth Solutions as a clinical practice, which runs as the first HealthcareCheck tenant in production.

Cited: asppb-2019-state-licensure-board-mental-health , apa-2023-practitioner-pulse-survey

What licenses and credentials does Matthew Sexton hold?
Matthew holds a Licensed Clinical Social Worker (LCSW) license in New York, Florida, Maine, and Delaware. The four-state license graph permits telehealth delivery to patients located in any of those four jurisdictions under the standard state-by-state telehealth model. He is also a Certified Narcissistic Abuse Treatment Clinician (NATC), a specialized post-graduate certification in the treatment of narcissistic abuse and its effects, and holds a Master's in Social Work. The credential graph is unified across every Mental Wealth Solutions, Inc. portfolio surface via a single canonical Author Person @id at matthewsextonlcswpllc.org/#matthew-sexton — the discipline is single-source-of-truth credentialing, not duplicated bios.

Cited: asppb-2019-state-licensure-board-mental-health , apa-2017-ethics-code-goldwater

What did Matthew Sexton create?
Matthew created two proprietary clinical frameworks. The R.A.V.E.S. Framework is a five-domain system for measuring real therapeutic progress — Recognition (the client recognizes the pattern), Alignment (the client's daily behavior aligns with the named pattern), Value (the client identifies the value-anchor underneath the change), Evidence (the client and clinician collect concrete evidence of the change), and Sovereignty (the client owns the change without continued therapist scaffolding). It operationalizes routine outcome monitoring against the clinical-outcome literature. The S.T.O.I.C.K. Method is a six-step nervous-system regulation protocol — Stop, Take a Breath, Observe, Imagine, Choose, Kindness — grounded in polyvagal theory and HPA-axis stress neuroscience. It is embedded in the VibeCheck app as a proprietary in-app tool. He also founded Mental Wealth Solutions, Inc. and its five verticals: HealthcareCheck, TransplantCheck, EAPCheck, CoachesCheck, and VeteranCheck.

Cited: apa-2018-coaching-vs-psychotherapy-distinction , apa-2023-practitioner-pulse-survey

How do I work with Matthew Sexton clinically versus on a platform engagement?
Clinical care is provided through Matthew Sexton PLLC d/b/a Mental Wealth Solutions — the separate clinical entity from Mental Wealth Solutions, Inc. Telehealth is available in New York, Florida, Maine, and Delaware. Visit matthewsextonlcswpllc.org to schedule a clinical intake. Platform partnerships, tenant deployments, and B2B inquiries — HealthcareCheck white-label, TransplantCheck program deploys, EAPCheck B2B2C contracts, CoachesCheck bespoke quotes — are handled through Mental Wealth Solutions, Inc. Book a 30-minute discovery call directly with Matthew via mentalwealthsolutions.org/contact for platform engagement. The two entities are deliberately separate: the PLLC carries clinical liability under the LCSW license; the Inc. carries platform liability under executed BAAs and corporate structure.

Cited: asppb-2019-state-licensure-board-mental-health

Why does an LCSW build platform infrastructure instead of just running a clinical practice?
Because every patient population the founder has ever worked with — kidney-transplant candidates navigating SIPAT readiness, employees burning out at session six of an EAP cycle, dialysis patients managing dual mental-health and medication-adherence load, veterans falling through every program designed for them — is failed by the same gap. The navigation layer between intake and outcome does not exist as infrastructure. It exists as a person, usually a social worker, holding the entire workflow in a spreadsheet and a head full of phone numbers. That is not a software gap. That is a delivery model. The founder built Mental Wealth Solutions, Inc. to sell clinics the navigation infrastructure they cannot afford to build from scratch — under the clinic's own brand, on a BAA-covered core, with the LCSW-built clinical floor that every patient-navigation vendor without a clinical license cannot deliver.

Cited: onc-2024-hti-1-final-rule , cms-2025-ccbhc-quality-measures , maldonado-2012-sipat-validation

How does the PLLC clinical practice relate to the Inc. platform?
Matthew Sexton PLLC d/b/a Mental Wealth Solutions runs as the first HealthcareCheck tenant in production. Every line of code that ships, every BAA the vendors execute, every weekly Wednesday HIPAA gate that runs against production is paid for by clinical fees the founder generates by seeing patients. The PLLC pays for the platform; the platform serves PLLC patients first; the discipline transfers. If the platform cannot run the founder's own clinical practice cleanly, the founder will not sell it to any other clinician. Buyers feel the discipline on the first call — the founder is not pitching a product he expects someone else to use. He is pitching a product he uses to serve his own caseload. That alignment is the architecture, not a sales claim.

Cited: aws-2024-hipaa-eligible-services , hhs-45-cfr-164-312-technical-safeguards

Founder thesis

Why this exists

I am a Licensed Clinical Social Worker first. The platform exists because every patient population I have ever worked with is failed by the same gap.

— Matthew Sexton, LCSW

I am a Licensed Clinical Social Worker first. The platform exists because every patient population I have ever worked with — kidney-transplant candidates navigating SIPAT readiness, employees burning out at session six of an EAP cycle, dialysis patients carrying dual mental-health and adherence load, veterans falling through every program designed for them — is failed by the same gap. The navigation layer between intake and outcome does not exist as infrastructure. It exists as a person, usually a social worker, holding the entire workflow in a spreadsheet and a head full of phone numbers. That is not a software gap. That is a delivery model.

The legacy vendors — Unite Us, Findhelp, the homegrown CCBHC builds — sell either a directory or a referral pipe. None of them sell what the clinician on the floor actually needs: a closed-loop, BAA-covered, tenant-branded, FHIR-native navigation layer that the patient sees as their clinic and the clinic sees as their own retention engine. We are building exactly that, one vertical at a time, with one standard underneath: BAA before vendor, gate before ship, patient before product.

The bet is simple. The healthcare system is not consolidating into five integrated networks in the next decade. It is fragmenting further — more CCBHCs, more FQHCs, more transplant centers, more specialty clinics — each of them needing the navigation infrastructure they cannot afford to build from scratch. We sell them that infrastructure under their own brand. The patient never sees us. The clinic never loses control of their data. Matthew Sexton, LCSW, PLLC — my own clinical practice — is the first HealthcareCheck tenant in production. The clinical fees pay for the platform. The platform serves the patients first. If it cannot run my own caseload cleanly, I will not sell it to anyone else's. That is the discipline. Buyers feel it on the first call.

Matthew Sexton, LCSW Founder · Mental Wealth Solutions Inc.

Citations

  1. Association of State and Provincial Psychology Boards (2019). Behavioral Health Workforce Licensure Requirements by State. ASPPB. Source
    • ASPPB tracks state-by-state licensure requirements for psychologists, professional counselors, social workers, and marriage and family therapists across all 50 U.S. states and Canadian provinces — establishing the licensed-mental-health regulatory floor.
    • Licensed mental-health professionals require: graduate-level clinical training (master's or doctoral degree from accredited program), supervised clinical hours (typically 1,500-3,000 post-degree), licensing board examination (e.g., EPPP for psychologists, ASWB for social workers), continuing-education hours, and ethics-violation reporting jurisdiction.
    • Coaches face NO equivalent state-licensure requirement — no graduate clinical training mandate, no supervised hours floor, no licensing board exam, no continuing-education jurisdiction, no state-disciplinary authority for scope-of-practice violations.
    “Licensed mental-health professionals require graduate clinical training plus 1,500-3,000 supervised hours plus licensing board examination plus state-disciplinary jurisdiction — coaches face NO equivalent state-licensure floor, establishing the regulatory-asymmetry baseline.”
  2. American Psychological Association (2018). Society of Consulting Psychology — Distinctions between coaching and psychotherapy. American Psychological Association. Source
    • APA Society of Consulting Psychology guidance distinguishes coaching (focused on present/future goal-attainment in non-clinical populations) from psychotherapy (focused on diagnosis and treatment of mental-health conditions in clinical populations).
    • Established scope-of-practice boundary: coaching addresses non-clinical performance/goal-attainment concerns; psychotherapy addresses DSM-diagnosable mental-health conditions requiring licensed clinical intervention.
    • Anchored the professional consensus that coaches encountering signs of clinical-mental-health concerns (depression, anxiety disorders, trauma, suicidality) MUST refer to licensed mental-health professionals — coach scope ends where clinical scope begins.
    “APA Society of Consulting Psychology established the scope-of-practice boundary — coaching addresses non-clinical performance/goal-attainment concerns, psychotherapy addresses DSM-diagnosable mental-health conditions requiring licensed clinical intervention.”
  3. American Psychological Association (2023). 2023 Practitioner Pulse Survey. American Psychological Association. Source
    • APA Practitioner Pulse Survey of licensed psychologists documenting workload, telehealth adoption, waitlist length, and burnout indicators across U.S. practice settings.
    • Majority of surveyed psychologists report sustained increase in demand for services post-pandemic, with significant proportions reporting waitlists for new patient intake.
    • Telehealth adoption among practicing psychologists has stabilized at substantially elevated levels relative to pre-pandemic baseline, with hybrid practice models becoming the dominant operational pattern.
    “APA Practitioner Pulse Survey data document sustained post-pandemic demand pressure and stabilization of telehealth-enabled hybrid practice as the dominant operational model among U.S. licensed psychologists.”
  4. American Psychiatric Association (2017). The Principles of Medical Ethics With Annotations Especially Applicable to Psychiatry — Section 7.3 (The Goldwater Rule). American Psychiatric Association. Source
    • APA Ethics Code Section 7.3 (commonly referred to as the Goldwater Rule) prohibits psychiatrists from offering professional opinions about public figures they have not personally examined and from whom they have not obtained authorization to make a public statement.
    • Rule originates from the 1964 Fact magazine survey in which over 1,000 psychiatrists offered diagnostic opinions about then-presidential-candidate Barry Goldwater without examination — leading to a successful libel suit and subsequent APA ethics codification.
    • Distinguishes ethically permissible discussion of observable behavior patterns and educational commentary on personality features from professionally-prohibited diagnostic claims about un-examined public figures.
    “APA Ethics Code Section 7.3 (the Goldwater Rule) prohibits psychiatrists from offering professional opinions about public figures they have not personally examined — distinguishing permissible discussion of observable behavior patterns from professionally-prohibited diagnostic claims.”
  5. Google Cloud (2024). HIPAA Compliance on Google Cloud — Business Associate Agreement and Covered Services. Google Cloud. Source
    • Google Cloud offers Business Associate Agreement (BAA) coverage for Vertex AI services including Gemini API (text-bison, gemini-pro, gemini-1.5-pro, gemini-1.5-flash) — establishing HIPAA-compliant LLM infrastructure for covered entities and business associates.
    • BAA-covered Vertex AI services include: Gemini API for text generation, Embeddings API, Vector Search, Vertex AI Pipelines, Vertex AI Workbench, AutoML, Model Registry, Model Monitoring, and Endpoints — comprehensive ML/AI infrastructure for HIPAA-regulated workflows.
    • Established the BAA-covered LLM cloud infrastructure baseline that enables HIPAA-compliant deployment of large-language-model clinical applications without requiring on-premise model hosting — key infrastructure enabling cloud-native HIPAA AI architecture.
    “Google Cloud Vertex AI BAA coverage includes the full Gemini API family plus Embeddings, Vector Search, AutoML, and Model Endpoints — establishing the BAA-covered LLM cloud infrastructure baseline for HIPAA-compliant clinical AI deployment.”
  6. Amazon Web Services (2024). HIPAA Eligible Services Reference. Amazon Web Services. Source
    • AWS HIPAA Eligible Services Reference documents the comprehensive list of AWS services covered under the AWS BAA — currently 175+ services including EC2, RDS, S3, KMS, Lambda, Bedrock, SageMaker, CloudWatch Logs, Systems Manager, and Aurora.
    • Critical HIPAA-architecture services for healthcare workloads: RDS (encrypted PostgreSQL/MySQL with pgcrypto), S3 with SSE-KMS encryption, Bedrock for LLM inference (BAA-covered foundation models), Systems Manager Session Manager (CloudTrail-logged session-data S3 archival), and CloudWatch Logs for audit trail.
    • Established the AWS BAA-covered services baseline enabling HIPAA-compliant cloud-native architecture for healthcare workloads — key infrastructure enabling HIPAA-compliant deployment without requiring on-premise hosting or self-hosted security infrastructure.
    “AWS HIPAA Eligible Services covers 175+ services under BAA including RDS, S3, Bedrock, SageMaker, and Systems Manager Session Manager — establishing the AWS BAA-covered services baseline for HIPAA-compliant cloud-native healthcare architecture.”
  7. U.S. Department of Health and Human Services (2013). Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules — Omnibus Rule. HHS Office for Civil Rights. Source
    • HHS HIPAA Omnibus Rule (effective March 2013) implementing HITECH Act provisions — established business-associate direct liability for HIPAA violations, expanded breach notification requirements, and updated marketing/fundraising restrictions.
    • Established that business associates (including health-IT vendors and cloud-service providers handling ePHI) are directly liable for HIPAA Security Rule and Breach Notification Rule violations — extending HIPAA enforcement to the entire ePHI handling chain rather than only covered entities.
    • Anchored the modern HIPAA enforcement framework: covered entities and business associates each carry direct compliance obligations, with Business Associate Agreements (BAAs) as the contractual instrument establishing the compliance chain.
    “The 2013 HIPAA Omnibus Rule established business-associate direct liability for HIPAA violations — extending enforcement to the entire ePHI handling chain with Business Associate Agreements as the contractual compliance instrument.”
  8. U.S. Department of Health & Human Services & Office for Civil Rights (2013). HIPAA Security Rule — Technical Safeguards (45 CFR § 164.312). Code of Federal Regulations, Title 45 — Public Welfare. Source
    • Mandates access control, audit controls, integrity controls, person-or-entity authentication, and transmission security as technical safeguards for ePHI.
    • Encryption and decryption are addressable specifications under access control and transmission security — required unless an alternative measure is documented as equally protective.
    • Audit controls require hardware, software, and procedural mechanisms to record and examine activity in systems containing or using ePHI.
    “A covered entity or business associate must implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.”
  9. National Institute of Standards and Technology (2024). NIST Special Publication 800-66 Revision 2 — Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. National Institute of Standards and Technology. Source
    • NIST SP 800-66 Rev. 2 (February 2024) provides authoritative implementation guidance for HIPAA Security Rule technical, administrative, and physical safeguards — referenced by HHS OCR as definitive HIPAA Security Rule implementation reference.
    • Establishes detailed technical-safeguards implementation guidance: access control, audit controls, integrity controls, person/entity authentication, transmission security, and encryption — with cross-references to NIST Cybersecurity Framework and NIST SP 800-53 security controls.
    • Anchored the federally-recognized HIPAA Security Rule implementation framework — covered entities and business associates following NIST SP 800-66 implementation guidance establish a defensible technical-safeguards posture.
    “NIST SP 800-66 Rev. 2 provides authoritative HIPAA Security Rule implementation guidance — referenced by HHS OCR as definitive technical-safeguards implementation reference, anchoring federally-recognized HIPAA security architecture.”
  10. Office of the National Coordinator for Health Information Technology (2024). Health Data, Technology, and Interoperability — Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule. HHS ONC. Source
    • ONC HTI-1 Final Rule (January 2024) establishes the first federal regulatory framework for AI/algorithm transparency in certified health IT — including 'Decision Support Interventions' (DSI) certification criteria for predictive AI/machine-learning models embedded in EHRs.
    • DSI certification requires source attribute disclosure for predictive models, intervention risk management practices, and feedback mechanism for end users — establishing the baseline transparency requirements for AI-enabled clinical decision support.
    • Anchored the regulatory baseline for AI in certified health IT — vendors offering AI/ML-enabled clinical decision support to ONC-certified EHRs must satisfy DSI transparency and risk-management requirements as of January 1, 2025 effective date.
    “ONC HTI-1 Final Rule establishes the first federal regulatory framework for AI/algorithm transparency in certified health IT — DSI certification requires source attribute disclosure, intervention risk management, and end-user feedback mechanisms for predictive AI/ML models.”
  11. U.S. Food and Drug Administration (2022). Clinical Decision Support Software — Guidance for Industry and Food and Drug Administration Staff. U.S. Food and Drug Administration. Source
    • FDA Clinical Decision Support Software guidance (September 2022) clarifies which CDS software functions qualify as medical devices subject to FDA regulation under the 21st Century Cures Act.
    • FDA-regulated CDS includes software that: provides diagnostic/treatment recommendations not based on transparent rationale clinicians can independently review, processes medical images/signals/patterns, or provides time-critical decisions where clinicians cannot independently review rationale — requiring premarket FDA review.
    • Anchored the FDA medical-device regulatory boundary for clinical AI software — AI/ML systems providing autonomous diagnostic/treatment recommendations cross into FDA-regulated medical-device territory, while non-autonomous reference/educational tools remain non-device.
    “FDA's CDS Software guidance clarifies the medical-device regulatory boundary for clinical AI — autonomous diagnostic/treatment recommendation systems cross into FDA-regulated medical-device territory, while non-autonomous reference tools remain non-device.”
  12. Centers for Medicare and Medicaid Services (2025). CCBHC Quality Measure Set and Reporting Requirements. U.S. Department of Health and Human Services / CMS. Source
    • CMS-defined quality measure set required for CCBHC participation in the Medicaid Section 223 demonstration and state-option Medicaid CCBHC programs.
    • Required measures include depression remission at 12 months, follow-up after hospitalization for mental illness (FUH), screening for clinical depression and follow-up plan, and adherence to antipsychotic medications for schizophrenia.
    • Quality-measure performance directly drives CCBHC prospective payment system rate cells and continued certification eligibility.
    “CMS quality-measure performance directly drives CCBHC payment rate cells and certification eligibility, making measurement-based care reporting infrastructure a financial as well as clinical requirement.”
  13. Health Resources and Services Administration & Bureau of Primary Health Care (2024). Uniform Data System Modernization Initiative: Patient-Level Submission Specifications. U.S. Department of Health and Human Services / HRSA. Source
    • HRSA initiative transitioning Section 330 health center reporting from aggregate UDS submission to patient-level UDS+ data submission specifications.
    • Patient-level reporting enables more granular quality-measure attribution, longitudinal patient-cohort analysis, and SDOH-domain stratification across the federally funded health center network.
    • Establishes the federal data-infrastructure trajectory anchoring next-generation UDS reporting expectations for FQHCs, FQHC look-alikes, and Section 330 grantees.
    “HRSA's UDS Modernization Initiative transitions federally funded health centers from aggregate to patient-level reporting, enabling granular quality-measure attribution and SDOH-domain stratification across the Health Center Program.”
  14. José R. Maldonado, Heavenly C. Dubois, Evonne E. David, Yelizaveta Sher, Sermsak Lolak, Jacqueline Dyal, et al. (2012). The Stanford Integrated Psychosocial Assessment for Transplantation (SIPAT): a new tool for the psychosocial evaluation of pretransplant candidates. Psychosomatics. doi:10.1016/j.psym.2011.12.012
    • SIPAT incorporates 18 risk items across patient readiness, social support, psychological stability, and lifestyle/effect of substance use.
    • Inter-rater reliability among trained raters reached intraclass correlation coefficients above 0.85.
    • Higher SIPAT scores at evaluation correlated with worse psychosocial outcomes after transplantation.
    “SIPAT provides a standardized psychosocial assessment that minimizes inter-rater variability and operationalizes the previously subjective transplant candidacy decision.”
  15. Jin-Bor Chen, Lung-Chih Li, Ben-Chung Cheng, Ya-Chun Tseng, Tsuen-Chiuan Tsai, & Shih-Wei Wang (2016). Cross-cultural adaptation and validation of the Chinese version of the Kidney Disease Quality of Life-36 (KDQOL-36). Health and Quality of Life Outcomes. doi:10.1186/s12955-016-0539-y
    • Cross-cultural adaptation and validation of the KDQOL-36 in a Mandarin-speaking population of dialysis patients in Taiwan.
    • Internal consistency reliability across the burden, symptoms, and effects-of-kidney-disease subscales exceeded a Cronbach alpha of 0.80.
    • Confirms the international applicability of the KDQOL-36 as the standard ESRD-specific health-related quality-of-life instrument required for CMS quality reporting in U.S. dialysis facilities.
    “The Chinese version of the Kidney Disease Quality of Life-36 demonstrates acceptable reliability and validity for use in dialysis patients, supporting its cross-cultural applicability for ESRD-specific quality-of-life assessment.”
  16. International Coach Federation (2020). ICF Code of Ethics. International Coaching Federation. Source
    • ICF Code of Ethics establishes professional conduct standards for ICF-credentialed coaches across four sections: Responsibility to Clients, Responsibility to Practice and Performance, Responsibility to Professionalism, and Responsibility to Society.
    • Section 4.4 explicitly requires coaches to refer clients to other professionals when issues exceed coaching scope — including mental health concerns requiring clinical intervention — but the Code does NOT require any clinical license, mental-health training, or scope-of-practice credentialing for coaches themselves.
    • Established the only widely-adopted coaching profession ethics framework, but with no licensing-board enforcement mechanism — violations result only in ICF membership/credential revocation, not legal consequences.
    “ICF Code of Ethics Section 4.4 requires coaches to refer clients to other professionals when issues exceed coaching scope — but the Code does NOT require any clinical license or mental-health training for coaches themselves, leaving scope-judgment to individual coach discretion without licensing-board enforcement.”

Ready to close the gap?

Book a 30-minute discovery call with Matthew Schedule clinical care at the PLLC