PDI-Med Bylaws

Physician Driven Innovations, LLC ("PDI-Med") exists to restore physician autonomy, reduce administrative burden, and raise the clinical standard of care through privacy-preserving tools that strengthen clinical reasoning, documentation quality, and longitudinal insight—without creating new surveillance, coercion, or punitive governance over clinicians.

PDI-Med is designed as a trust-first system. We treat privacy as an architectural constraint, not a policy preference; and we treat physician autonomy as a foundational ethic, not a marketing phrase.

These bylaws define the operating constitution of PDI-Med. Where ambiguity could create future drift, these bylaws choose clarity.

1. "PHI" means Protected Health Information as defined under HIPAA and applicable law, including identifiers and any information that could reasonably identify an individual patient.
2. "Identified Domain" refers to any environment where PHI may be present. Under PDI-Med architecture, the Identified Domain is controlled by the clinician/user and does not transmit PHI to PDI-Med servers.
3. "De-Identified Output" means text or structured data that has been scrubbed of direct identifiers and processed to reduce re-identification risk. De-Identified Output may be stored on PDI-Med servers.
4. "Synthetic Case" is a structured representation derived from clinical text that contains no PHI and is intended for physician learning, recall support, and aggregate insight generation. Synthetic Cases are not patient records and are not designed to enable re-identification.
5. "Vault" is a physician-controlled cryptographic construct used to support continuity of the physician's own dataset across time. PDI-Med's intended model is zero-knowledge: PDI-Med does not know the Vault's contents and does not possess keys capable of viewing PHI.
6. "Key" refers to physician-controlled cryptographic material enabling Vault access and/or continuity mapping. PDI-Med does not store raw keys in a form that allows PDI-Med to decrypt PHI.
7. "Federated Intelligence" means aggregate insights computed from Synthetic Cases across many users, designed to be descriptive, non-punitive, and non-identifying.
8. "Platform Integrity" refers to the security, privacy posture, anti-gaming safeguards, and non-corruptibility of PDI-Med systems.

1. Physician-First. PDI-Med is pro-physician by design: it exists to strengthen physician judgment, reduce burden, and enhance trust between patients and clinicians. Physician-first does not mean physician-only; it means physicians remain the primary guardians of clinical decision-making and clinical ethics.
2. Privacy Absolutism (Architectural, Not Optional). PDI-Med is designed such that PHI is not transmitted to PDI-Med servers. This is not a promise dependent on behavior; it is a design intent enforced through tooling and guardrails. If a proposed feature cannot be implemented without creating PHI exposure risk, PDI-Med defaults to: do not ship.
3. Non-Punitive, Non-Surveillance. PDI-Med will not become a hidden quality ranking system, payor surveillance tool, or physician scoreboard. PDI-Med is a mirror and a sandbox—never a judge.
4. Descriptive, Not Prescriptive. PDI-Med tools may summarize guidelines, show distributions, surface uncertainty, and help structure reasoning. PDI-Med does not output "standard of care" declarations or coercive directives intended to replace physician judgment.
5. Innovation Safeguard (Anti-Consensus Gravity). PDI-Med will not enforce consensus as doctrine. The system must preserve space for legitimate deviations, novel approaches, and clinically grounded experimentation—while still encouraging transparency, follow-up discipline, and patient safety.
6. No Selling Out. PDI-Med will not sell de-identified physician or patient-derived data to third parties in a way that undermines physician trust, patient trust, or creates incentives for coercion. If revenue conflicts with trust, trust wins.

1. Domain Separation. PDI-Med operates under strict separation:
   • Identified Domain: PHI may exist; remains under clinician control; not sent to PDI-Med servers.
   • De-Identified Domain: scrubbed outputs and Synthetic Cases may exist; may be stored and processed by PDI-Med.
2. No PHI on PDI-Med Servers. PDI-Med's intended operating posture is: no PHI ingestion, no PHI storage, no PHI logging, no PHI troubleshooting pipeline, no PHI-based support requirement. If PHI is observed by PDI-Med staff due to user error or misconduct, it is treated as a security incident and triggers containment procedures.
3. Quiet Scrubbing and UX Friction Minimization. PDI-Med is designed so clinicians can paste raw text naturally. The system may run local detection/scrubbing processes and only send De-Identified Output to external or cloud-based inference layers. Clinician workflow is protected by design: no scolding, no blocking, no "PHI detected" popups as the default user experience.
4. De-Identification Is Risk Reduction, Not Magic. PDI-Med recognizes de-identification is not binary. PDI-Med therefore employs redaction of direct identifiers, suppression rules for rare combinations, minimum cohort thresholds for aggregate views, and output constraints to prevent needle-in-haystack re-identification.

1. What "Non-Prescriptive" Means. PDI-Med may provide guideline-aligned summaries, risk/benefit framing, differential diagnoses, common follow-ups and closure loops, distributions and descriptive analytics, and uncertainty ranges with confidence qualifiers. PDI-Med will avoid "you must do X," "failure to do X is below standard," "the only acceptable option is," and outputs that present themselves as legal standards of care.
2. Physician Is the Decision-Maker. PDI-Med is a cognitive tool. The physician remains responsible for clinical decisions, documentation, informed consent, ordering, prescribing, and follow-up.
3. Documentation Support Without Coercion. PDI-Med may support better documentation structure and closure loops without implying that documentation exists primarily for billing or litigation. PDI-Med's purpose is clarity, continuity, and patient safety.

1. Zero-Knowledge Intention. The Vault is designed so that the physician controls access, PDI-Med cannot view PHI, and PDI-Med does not possess decryption capability.
2. Key Responsibility and Philosophy. The physician is the steward of their Key. PDI-Med will provide usability tools to prevent loss, but will not compromise privacy to do so.
3. Recovery Without Custody (Allowed Recovery Model). PDI-Med may support recovery processes that do not grant PDI-Med access to PHI, including multi-factor identity verification, cryptographic vault remapping (new keys, new container), social recovery mechanisms (opt-in), and device-bound secure enclave methods. Recovery does not mean "PDI can retrieve your old key." Recovery means: PDI can help you establish a new access pathway without ever seeing PHI.
4. Vault Remapping. If theft, compromise, or suspicious behavior is suspected, PDI-Med may require vault remapping: old vault sealed (irreversible), new vault created, continuity preserved at the de-identified layer where possible, and PHI remains physician-controlled.

1. Purpose. Federated Intelligence exists to help clinicians learn how medicine is practiced in reality under uncertainty, without forcing conformity.
2. Descriptive Outputs Only. Federated outputs are distributions, trend summaries, common follow-ups, uncertainty ranges, and non-identifying cohort insights. Federated outputs are not rankings, performance grades, punitive audit trails, or physician comparison scoreboards.
3. Anti-Gaming and Anti-Weaponization Safeguards. PDI-Med will implement safeguards such as minimum cohort size thresholds, suppression of rare combinations, limits on drilling down, no single-physician extraction, no leaderboards, and no payor-facing analytics.
4. Innovation Safeguard Clause. PDI-Med explicitly affirms: outlier practice patterns may represent innovation, not error. The platform will present uncertainty honestly and will not herd clinicians toward consensus behavior.

1. Support Hierarchy (Three Modes). PDI-Med support must prioritize safety while remaining genuinely helpful.
   • Mode 1 — Behavioral/Structural Support (Default): support focuses on system behavior, pipeline steps, and de-identified artifacts.
   • Mode 2 — Physician-Side Self-Inspection (Preferred for nuance): PDI provides interpretability tools so physicians can inspect their own flows locally.
   • Mode 3 — Explicit, Local, Ephemeral Assistance (Rare): if necessary, support may occur via physician-controlled screen-share without recordings or data transfer, initiated by the physician, with explicit consent language.
2. Support Never Requires PHI. PDI-Med will not require users to send PHI to receive support. If a user cannot describe an issue without PHI, PDI-Med will provide structured prompts/templates to describe system behavior at an abstract level.

PDI-Med rejects single-axis governance. The tripartite structure exists to prevent drift and capture—including capture by success itself.

1. Executive Authority — Founder Stewardship.
   • Rationale: vision must be coherent; architecture must be internally consistent; early systems cannot be designed by committee; resistance to institutional pressure requires singular conviction.
   • Scope: product architecture, technical design philosophy, hiring and organizational structure, strategic partnerships, and long-term roadmap.
   • Guardrail: authority is stewardship, not moral infallibility or unilateral power to redefine the mission. The Founder serves the physician-first constitutional mandate.
2. Legislative Authority — Independent Overseer Council.
   • Role: represents the clinical conscience of the platform; not management, investor proxy, or ideological committee.
   • Composition: practicing physicians with demonstrated clinical judgment; members able to reason under uncertainty; no majority influence from any single system, payer, EMR vendor, pharma entity, or academic society.
   • Authority: approve/reject/require revision of structural changes; ratify bylaws amendments; initiate integrity reviews; interpret the constitution when conflicts arise.
   • Limits: cannot direct clinical behavior, create performance rankings, mandate conformity to majority practice, or override architectural privacy constraints. Power is deliberative, not operational.
3. Judicial Authority — Integrity & Ethics Review Body.
   • Purpose: adjudicates allegations of mission violation, platform misuse, founder misconduct, governance overreach, and conflicts between branches.
   • Scope: evaluates whether actions violate the bylaws, whether harm arises from negligence/design/intent, and whether remediation, limitation, or removal is warranted.
   • Limits: does not decide product direction, clinical truth, or market strategy; sole mandate is constitutional enforcement.
4. Founder Primacy With Conditional Dethroning.
   • Rationale for Founder Primacy: foundational architecture cannot be crowdsourced; resisting pressure requires a single spine; vision dilutes if dispersed. Founder retains majority executive authority during formative and scaling phases.
   • Conditionality of Authority: authority is not permanent or absolute. Founder may not convert the platform into surveillance, monetize physician behavior, trade privacy for growth, collapse descriptive intelligence into prescriptive mandates, or introduce punitive analytics.
   • Dethronement Clause (Extraordinary Measure):
     • Material violation: sustained breach of physician-first autonomy, privacy absolutism, or non-punitive doctrine.
     • Intent or recklessness: evidence of intentional misuse or reckless disregard of known risks.
     • Due process: independent investigation, formal findings, supermajority legislative concurrence, and judicial confirmation.

1. What PDI-Med Polices. System integrity, not medicine. PDI-Med may act when a user attempts unauthorized vault access, shares or transfers credentials, tries to deanonymize data, manipulates uploads to distort aggregate trends, automates submissions to create false consensus, reverse engineers aggregation outputs, or violates platform boundaries designed to prevent PHI leakage.
2. What PDI-Med Does Not Police. PDI-Med will not discipline clinicians for deviating from guidelines, being an outlier, pursuing innovation, outcomes, clinical judgment decisions, or choosing less common options.
3. Graduated Response. Containment hold (temporary pause on federated contribution); clarification and review (notify and allow explanation); remediation (remap vault, limit contribution, require safety resets); restriction (revoke federated contribution privileges); separation (full platform suspension for rare, severe, repeat misconduct).
4. Due Process. Before severe actions: PDI-Med provides written notice, identifies the mechanical concern, offers a response window, and documents reasons for final action. Emergency suspension may occur if there is an imminent security threat.

1. Sealing Over Deletion (Default). PDI-Med favors irreversibility of access ("sealing") rather than erasing history, because selective deletion corrupts aggregate validity.
2. Account Termination. Users may terminate accounts at any time. Upon termination: the physician's vault may be sealed upon request; access to services may cease; future contributions stop.
3. Aggregate Data Non-Retractability. Once data is de-identified, transformed into Synthetic Cases, and integrated into Federated Intelligence, it becomes part of the collective record and is not selectively removed except where required by law or where technically feasible without corrupting integrity. This is disclosed clearly as a condition of participation.
4. "Right to Be Forgotten" Conflicts. In jurisdictions where deletion rights exist, PDI-Med will comply to the extent legally required and technically feasible while preserving integrity through suppression, sealing, and aggregation-safe mechanisms whenever possible.

1. Security as a Product Feature. PDI-Med commits to strict domain separation, minimized attack surface, encryption at rest for stored de-identified data, secure authentication and session management, penetration testing as resources permit, and incident response procedures.
2. Zero-Trust Mindset. PDI-Med assumes users may make mistakes, malicious actors exist, browser environments can be hostile, and insider threats are real. The system is designed to fail safe; the most sensitive actions require step-up authentication; outputs suppress rare combinations by design.

1. PDI-Med Is Not an Ideological Project. PDI-Med will avoid embedding political, cultural, or ideological doctrine into clinical reasoning tools. Where language must reflect prevailing institutional standards, PDI-Med will prefer neutral, patient-centered phrasing.
2. Respect for Patient Dignity and Clinician Conscience. PDI-Med will support clinicians in practicing medicine ethically and compassionately without forcing ideological compliance through software coercion.

1. Detente Strategy (Phased Institutional Peace). PDI-Med will pursue partnership where possible, but will not compromise physician-first ethics to gain institutional approval. Phased approach:
   • Standalone tools (no PHI ingestion, low friction)
   • Voluntary physician adoption
   • Institution-friendly summaries of privacy architecture
   • Optional institutional integrations only if they do not undermine physician autonomy
2. No Payor Capture. PDI-Med will not provide payors or employers with tools designed to weaponize physician data against physicians.

1. Amendment Threshold. Amendments require a written statement of why, impact analysis on privacy and physician autonomy, and public posting of changes. Any amendment must include: clear description of the change; intended benefit; foreseeable second-order effects; privacy impact analysis; innovation impact analysis; and failure mode assessment. No amendment may proceed without legislative supermajority approval by the Independent Overseer Council, public documentation, and time-delayed ratification (cool-off period).
2. Non-Regression Rule. No amendment may knowingly introduce PHI transmission to PDI-Med servers as a default pathway, convert PDI-Med into a punitive surveillance product, or allow physician ranking or coercive benchmarking.
3. Emergency Amendments. Emergency amendments are time-limited, automatically sunset, and require retroactive ratification by the Overseer Council and confirmation via the Judicial Integrity and Ethics Review Body.

• PHI stays with you.
• PDI stores only de-identified synthetic cases.
• The system helps you think, document, and follow up—without judging you.
• Federated intelligence shows patterns, not prescriptions.
• We police integrity, not medical judgment.
• If keys are lost or compromised, we remap—PDI never needs to see your patients.
• We would rather lose money than lose trust.