Therapeutic Agent Affect Management Under Clinical Constraints

Regulatory Framework

The U.S. Health Insurance Portability and Accountability Act, together with the HITECH Act and the implementing regulations at 45 CFR Parts 160 and 164, governs the privacy and security of protected health information for any covered entity or business associate handling therapeutic data. 42 CFR Part 2 imposes additional, stricter constraints on records of substance use disorder treatment, including consent requirements that survive integration with general medical records. A therapeutic agent that aggregates session content, emotional inferences, and clinical decisions is generating PHI, and its handling of that PHI must be auditable at the level of the individual data element.

The FDA's regulatory framework for AI/ML-based Software as a Medical Device, articulated in the 2019 discussion paper, the 2021 Action Plan, the 2023 PCCP draft guidance, and subsequent guidance documents, establishes that therapeutic AI products that meet the SaMD definition are subject to premarket review proportional to risk. The Predetermined Change Control Plan (PCCP) mechanism allows for ongoing model evolution without resubmission, but only when the changes fall within a pre-specified envelope and the modification protocol is described with adequate specificity. An agent whose behavioral changes cannot be specified in advance cannot use the PCCP pathway.

IEC 62304 governs the lifecycle of medical-device software, requiring software safety classification (Class A, B, or C) and lifecycle activities proportional to that class. ISO 14971 governs risk management throughout the device lifecycle, requiring identification of hazards, estimation of risks, evaluation of risk acceptability, and implementation of risk controls with verified effectiveness. The EU MDR (Regulation 2017/745) imposes parallel and in some cases stricter requirements, with Annex I general safety and performance requirements applying to software that qualifies as a medical device, and the IEC 62366-1 usability engineering standard incorporated by reference.

ANSI/AAMI HE75 codifies human factors engineering for medical devices and is the authoritative reference for designing therapeutic interfaces that minimize use error. The APA Ethical Principles of Psychologists and Code of Conduct, while not regulatory in the FDA sense, establish the professional standards that govern licensed clinicians overseeing or deploying therapeutic AI, including informed consent, competence, multiple relationships, and the management of crisis situations. State licensure boards, telehealth-specific statutes such as the Interstate Medical Licensure Compact and the Psychology Interjurisdictional Compact (PSYPACT), and consumer-protection enforcement by the FTC over deceptive mental-health-app claims complete the regulatory perimeter.

Architectural Requirement

The architectural requirement that emerges is exacting. A therapeutic agent must (a) maintain a persistent, inspectable model of patient emotional state across sessions, with provenance for every inferred value, (b) maintain a parallel, inspectable model of its own therapeutic stance and the constraints upon it, (c) gate every intervention through a structural eligibility evaluation that incorporates emotional state, clinical authorization, and risk classification, (d) produce audit-grade records satisfying HIPAA, 42 CFR Part 2 where applicable, and FDA postmarket surveillance, (e) bound its behavioral envelope so that an FDA Predetermined Change Control Plan can describe it with the specificity the guidance requires, and (f) integrate human clinician oversight as a structural element rather than as a usability layer.

This is not a requirement that emergent LLM behavior can satisfy. It is a requirement for an architecture in which emotional state is a first-class typed entity with its own governance.

Why Procedural Compliance Fails

Current therapeutic AI products attempt compliance through procedural means: a system prompt that instructs the model to follow CBT or DBT protocols, a guardrail layer that filters outputs for crisis content, a privacy policy that asserts HIPAA compliance, and a clinician-in-the-loop process that reviews flagged sessions. This approach fails on every dimension that the regulatory framework actually evaluates.

The first failure is the absence of persistent emotional state. The therapeutic relationship is longitudinal; CBT, DBT, ACT, prolonged exposure, and grief work all depend on tracking emotional trajectories across sessions. An agent without persistent affective fields cannot detect that a patient's anxiety has been escalating for three sessions, that engagement has been dropping, or that emotional volatility is increasing toward crisis thresholds. The agent inferring emotion from the current session's text alone is doing single-shot sentiment estimation and calling it therapy. ISO 14971 risk analysis cannot identify hazards related to gradual deterioration that the system cannot perceive.

The second failure is intervention gating without structural eligibility. Exposure techniques, cognitive restructuring of core beliefs, and trauma-focused interventions are clinically contraindicated when the patient lacks the affective capacity to tolerate them. A system-prompt instruction to avoid such techniques in distress is not a control under IEC 62304 or ISO 14971; it is a hope. The hazard is foreseeable, the harm is documented in the clinical literature, and the absence of a structural gate is a deficiency in the risk management file that a notified body or FDA reviewer will identify.

The third failure is unbounded behavioral evolution. An LLM whose behavior changes with every model update, every prompt revision, and every retrieval-context shift cannot fit within a Predetermined Change Control Plan, because the modification protocol cannot be specified in advance. Each meaningful change requires resubmission, and meaningful changes are continuous, so the regulatory pathway closes.

The fourth failure is audit incompleteness. HIPAA requires accountability for PHI; 42 CFR Part 2 requires consent traceability for SUD records; FDA postmarket surveillance requires adverse-event capture. Procedural systems log conversations and model outputs, but they do not log the structured clinical events, intervention applied, eligibility evaluation, emotional state at decision time, governing policy, that the regulators are asking about. The logs answer the wrong question.

The fifth failure is human-factors inadequacy under ANSI/AAMI HE75 and IEC 62366-1. A therapeutic interface whose behavior is not predictable to the clinician cannot be evaluated for use error, because the clinician cannot anticipate how the agent will respond to a given patient state. APA ethical obligations regarding competence and informed consent are similarly compromised; the clinician cannot informedly consent the patient to interventions whose initiation conditions are opaque.

What AQ Primitive Provides

The Adaptive Query affective-state primitive defines emotional state as a set of named, typed, governed fields carried by the agent across sessions. Patient-side fields include anxiety, depression-indicator severity, engagement, emotional volatility, therapeutic alliance strength, suicidality risk, and substance-use craving where applicable. Agent-side fields include therapeutic confidence, intervention readiness, countertransference markers, and crisis-mode flags. Each field has a defined range, a defined update rule, a defined provenance record, and a defined governance binding.

Updates to affective fields are themselves governed transitions. When the agent infers that the patient's anxiety has risen, the inference is recorded with the evidence that produced it, the model and version that performed the inference, and the timestamp. The inference does not directly become the field value; it proposes a transition that the governance evaluates. An anomalous spike that contradicts session-long context can be quarantined rather than absorbed, preserving the field's stability against noisy single-turn signals.

Intervention eligibility is structurally bound to the fields. A policy can specify that exposure-based techniques are eligible only when patient anxiety is below a threshold, therapeutic alliance is above a minimum, suicidality risk is null, and a clinician authorization within a specified recency is present. The agent cannot perform the intervention when the eligibility evaluation fails. This is not a prompt instruction; it is a structural gate. ISO 14971 identifies the hazard, the gate is the risk control, and the lineage demonstrates the control's effectiveness for every session.

The behavioral envelope becomes specifiable. The PCCP can describe the universe of permitted interventions, the eligibility predicates over the affective fields, the bounds within which the inference models can be updated, and the postmarket signals that will trigger reevaluation. Updates to the underlying language model do not change the behavioral envelope, because the envelope is defined by the fields and policies rather than by the model's emergent behavior.

Audit becomes structural. Every clinical event, every intervention, every eligibility evaluation, every field update, every clinician authorization, is a transition in the agent's lineage. HIPAA accounting of disclosures, 42 CFR Part 2 consent traceability, FDA postmarket surveillance, and APA documentation expectations all draw from the same substrate.

Human-factors engineering under ANSI/AAMI HE75 and IEC 62366-1 becomes tractable because the agent's behavior is predictable to the clinician. The clinician can inspect the affective fields, see what is and is not currently eligible, and form an accurate mental model of how the agent will respond. Informed consent under APA ethics becomes meaningful because the conditions under which interventions occur can be described to the patient.

Compliance Mapping

HIPAA Privacy Rule and Security Rule obligations map onto the lineage and identity fields: every access to PHI is attributable, every disclosure is recorded, and the minimum-necessary standard is enforced through the eligibility field that gates which agent capabilities can read which patient fields. 42 CFR Part 2 SUD records receive additional governance in the policy field, with consent objects that condition disclosure transitions on explicit, traceable patient authorization.

FDA SaMD obligations map onto the architecture as follows: software safety classification under IEC 62304 corresponds to the risk class assigned to particular interventions, with Class C interventions bound to the strictest eligibility predicates. ISO 14971 risk-management activities are documented through the explicit hazard-to-control mapping that the affective fields and policies make legible. The Predetermined Change Control Plan describes the field schemas, the policy bindings, and the modification protocol; updates that conform to the plan do not require resubmission, while updates that change the schema or the policies do.

EU MDR Annex I general safety and performance requirements are addressed through the same controls, with the additional usability engineering requirements of IEC 62366-1 satisfied through the predictability of agent behavior given the affective state. ANSI/AAMI HE75 human factors guidance applies to the clinician interface that exposes the affective fields and eligibility evaluations.

APA ethical obligations are operationalized: competence is demonstrated through the bounded behavioral envelope; informed consent is supported by the inspectability of the conditions under which interventions occur; multiple relationships and boundary issues are governed by policies that prevent the agent from operating outside its therapeutic role; crisis management is structurally implemented through the suicidality field and its associated escalation policies.

Adoption Pathway

Adoption proceeds through a sequence calibrated to FDA expectations and clinical realities. The first stage is to deploy the affective-state architecture in non-device contexts, such as decision-support tools for licensed clinicians, where the agent does not directly treat patients but provides structured emotional tracking and intervention recommendations that the clinician approves. This stage validates the field schemas, the eligibility predicates, and the governance bindings under real clinical use without requiring premarket clearance.

The second stage is FDA pre-submission engagement (Q-Sub) for the first SaMD product built on the architecture. The pre-submission package presents the affective fields as the device's state, the policies as the risk controls, and the lineage as the postmarket surveillance substrate. The PCCP draft accompanies the submission, describing the modification protocol that the architecture's stability makes specifiable.

The third stage is clearance and limited deployment, with prospective clinical evaluation against the comparator of clinician-only care and against existing therapeutic chatbots. Outcomes are measurable structurally: trajectories of the affective fields correlated with intervention exposure, eligibility-gate activation rates, clinician-override rates, and adverse-event rates captured through the lineage.

The fourth stage is broader deployment under the cleared PCCP, with model updates flowing through the predetermined modification protocol. EU MDR conformity assessment proceeds in parallel, leveraging the same architecture against Annex I requirements. Reimbursement pathways through CPT codes for digital therapeutics and through CMS coverage decisions become available because the evidence base that the architecture generates meets the structural standards that payers require.

The fifth stage is integration into clinical practice guidelines and APA practice standards, at which point therapeutic AI built on affective-state architecture is recognized as the safe baseline and unbounded LLM-based therapeutic chatbots are recognized, both clinically and legally, as the comparison against which the architecture is justified. The pathway is long but it is concrete, and at every stage the architecture produces evidence that the procedural alternatives cannot.