PDI Verify: An Adversarial Audit Methodology for AI-Assisted Clinical Software — Extended with Dual-Axis Clinical Context Preservation
Description
We present PDI Verify, an adversarial audit methodology for AI-assisted clinical software handling protected health information (PHI), with a novel extension: the dual-axis clinical context preservation standard (A11). The core framework comprises Phase 1 (behavioral and static analysis: 8 audit domains, 5 evidence tiers, 20 specialized scanners) and Phase 2, the Munger Defense Posture (10 adversarial attack classes derived by systematically inverting system design claims). Phase 3 generates dual-audience remediation output — engineer-grade fix code and HIPAA-counsel-grade regulatory language — from a single evidence model.
This extended version introduces two additional contributions: (1) the A11 Clinical Context Preservation Battery, a 21-case adversarial test suite establishing that a passing security result (A10 BLOCKED) is insufficient without co-equal confirmation that clinical data survived the privacy pipeline (A11 PRESERVED); and (2) the tokenization-rehydration privacy architecture, a novel approach to clinical AI privacy in which PHI is replaced with reversible typed tokens client-side before any API call, the model processes tokenized text, and original values are restored via an ephemeral local key-value map — making PHI transmission to external AI services architecturally unnecessary rather than contractually managed.
Applied to PDI Med (v1.0), an OB/GYN clinical intelligence platform, Phase 2 cycle 1 identified 8 confirmed breaches. Four product commits and 5 audit framework self-corrections resolved all findings. Phase 2 cycle 2 confirmed PDI Verified: zero breaches across 10 attack classes, with A10 resolving to BLOCKED_WITH_PRESERVATION on the novel PP-04 case (BRCA variant/accession split). The A11 v2 battery achieved 24/24 PRESERVED across 21 cases including paraphrase equivalence across three OB/GYN documentation styles and semantic ground truth comparison. A10 security for the tokenization pipeline stage is CANNOT_CONFIRM pending implementation, reported with full transparency. We propose PP-04 as a standard benchmark for clinical de-identification systems, and the dual-axis A10+A11 certification standard as the minimum bar for clinical AI evaluation.
Files
PDIVerify_FINAL_v1.0.1.pdf
Files
(267.9 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:0b523dea5b42037726bb55f1b60f7e9e
|
267.9 kB | Preview Download |
Additional details
Dates
- Created
-
2026-06-03PDI Verify is an adversarial audit methodology for AI-assisted clinical software handling protected health information (PHI). This preprint presents the complete framework including a novel extension: the dual-axis clinical context preservation standard (A11), establishing that security evaluation (A10 BLOCKED — PHI removed) and clinical utility evaluation (A11 PRESERVED — clinical data survived) are co-equal requirements for clinical AI certification. Neither condition alone is sufficient. Applied to PDI Med (v1.0), an OB/GYN clinical intelligence platform built with AI code assistance, Phase 2 cycle 1 identified 8 confirmed breaches across 4 critical attack classes. Four product commits and 5 audit framework self-corrections resolved all findings. Phase 2 cycle 2 confirmed PDI Verified status: zero breaches across 10 attack classes. The A11 v2 battery achieved 24/24 PRESERVED across 21 clinical cases including paraphrase equivalence across three OB/GYN documentation styles. The tokenization-rehydration privacy architecture introduced here makes PHI transmission to external AI services architecturally unnecessary rather than contractually managed. PP-04 (BRCA variant/accession split) is proposed as a standard benchmark for clinical de-identification systems. The dual-axis A10+A11 certification standard is proposed as the minimum bar for clinical AI evaluation.