PDI Med Bylaws

Physician Driven Innovations, LLC ("PDI Med") exists to restore physician autonomy, reduce administrative burden, and raise the clinical standard of care through privacy-preserving tools that strengthen clinical reasoning, documentation quality, and longitudinal insight—without creating new surveillance, coercion, or punitive governance over clinicians.

PDI Med is designed as a trust-first system. We treat privacy as an architectural constraint, not a policy preference; and we treat physician autonomy as a foundational ethic, not a marketing phrase.

These bylaws define the operating constitution of PDI Med. Where ambiguity could create future drift, these bylaws choose clarity.

1. "PHI" means Protected Health Information as defined under HIPAA and applicable law, including identifiers and any information that could reasonably identify an individual patient.
2. "Identified Domain" refers to any environment where PHI may be present. Under PDI Med architecture, the Identified Domain is controlled by the clinician/user and does not transmit PHI to PDI Med servers.
3. "De-Identified Output" means text or structured data that has been scrubbed of direct identifiers and processed to reduce re-identification risk. De-Identified Output may be stored on PDI Med servers.
4. "committed encounter" is a structured representation derived from clinical text that contains no PHI and is intended for physician learning, recall support, and aggregate insight generation. committed encounter are not patient records and are not designed to enable re-identification.
5. "Vault" is a physician-controlled cryptographic construct used to support continuity of the physician's own dataset across time. PDI Med's intended model is zero-knowledge: PDI Med does not know the Vault's contents and does not possess keys capable of viewing PHI.
6. "Key" refers to physician-controlled cryptographic material enabling Vault access and/or continuity mapping. PDI Med does not store raw keys in a form that allows PDI Med to decrypt PHI.
7. "Federated Intelligence" means aggregate insights computed from committed encounter across many users, designed to be descriptive, non-punitive, and non-identifying.
8. "Platform Integrity" refers to the security, privacy posture, anti-gaming safeguards, and non-corruptibility of PDI Med systems.
9. "Physician Sovereignty" means the physician retains full authority over their clinical reasoning, their vault, and any decisions to contribute to collective intelligence. PDI Med cannot compel, coerce, or surveil physician decision-making. Sovereignty is an architectural constraint, not a policy promise.
10. "Clinical Assertions" are structured, de-identified statements derived from a committed encounter that describe what was observed, what was uncertain, and what was left unresolved. Clinical assertions are the building blocks of collective intelligence — never tied to individual patients or identifiable physicians.
11. "Order-Intent Continuity" refers to the documentation of why a clinical order was placed — what condition it was meant to evaluate, what result would change the plan, and what follow-up threads remain open. Order-intent continuity is a core use-case of PDI Med: making the reasoning behind clinical decisions durable and legible.
12. "Shadow Work" refers to the administrative, documentation, billing, and compliance burden that falls on physicians outside direct patient care — reducing time for clinical reasoning, judgment, and relationship. PDI Med is designed to reduce shadow work, not add to it.
13. "Unresolved Threads" are clinical uncertainties, pending results, follow-up obligations, or diagnostic questions that remain active but are not captured in standard documentation. Surfacing unresolved threads is a core clinical safety function of PDI Med.
14. "Diagnostic Drift" refers to the gradual erosion of diagnostic clarity over time when uncertain findings are not re-evaluated. PDI Med is designed to make diagnostic drift visible — not punish it.
15. "Evidence Snapshot" is a de-identified, physician-generated capture of clinical reasoning at a specific point in an encounter — what was known, what was uncertain, what was ordered, and what remained unresolved. Evidence snapshots are stored in the Vault under physician-controlled keys and are not accessible to PDI Med.
16. "Vulnerability Map" is a structured representation of where a clinical case carries the highest diagnostic uncertainty — tests that could change the plan, threads requiring active follow-up, and conditions not yet confirmed or excluded. Vulnerability maps are physician-facing tools for improving case continuity; they are never visible to employers, payors, or credentialing bodies.
17. "Board Examiner Session Data" refers to de-identified reasoning artifacts generated during board certification preparation activities within PDI Med — including case structures, differential reasoning traces, and unresolved thread documentation. Board examiner session data is used exclusively for physician learning and is never shared with certifying authorities, employers, or payors.

1. Physician-First. PDI Med is pro-physician by design: it exists to strengthen physician judgment, reduce burden, and enhance trust between patients and clinicians. Physician-first does not mean physician-only; it means physicians remain the primary guardians of clinical decision-making and clinical ethics.
2. Privacy Architecture (Multi-Layer, Non-Optional). PDI Med is designed to prevent PHI from reaching PDI Med servers through a multi-layer pipeline: client-side scrubbing, allow-list filtering, and server-side validation — with physician verification before any clinical data is transmitted. No de-identification pipeline is infallible; PDI Med therefore layers technical controls, minimum data collection, and structural incentives so that PHI exposure risk is reduced as close to zero as the architecture permits. Evidence spans — the structured de-identified records of clinical reasoning — serve as retroactive proof that the encounter was processed, not the raw notes that preceded them. If a proposed feature cannot be built without meaningful PHI exposure risk, PDI Med defaults to: do not ship.
3. Non-Punitive, Non-Surveillance. PDI Med will not become a hidden quality ranking system, payor surveillance tool, or physician scoreboard. PDI Med is a mirror and a research substrate — never a judge. Uncertainty is first-class clinical data, not a liability. Diagnostic drift and unresolved threads are made visible so they can be addressed — not surfaced as evidence of wrongdoing.
4. Descriptive, Not Prescriptive. PDI Med tools may summarize guidelines, show distributions, surface uncertainty, and help structure reasoning. PDI Med does not output "standard of care" declarations or coercive directives intended to replace physician judgment.
5. Innovation Safeguard (Anti-Consensus Gravity). PDI Med will not enforce consensus as doctrine. The system must preserve space for legitimate deviations, novel approaches, and clinically grounded experimentation—while still encouraging transparency, follow-up discipline, and patient safety.
6. No Selling Out. PDI Med will not sell de-identified physician or patient-derived data to third parties in a way that undermines physician trust, patient trust, or creates incentives for coercion. If revenue conflicts with trust, trust wins.

1. Domain Separation. PDI Med operates under strict separation:
   • Identified Domain: PHI may exist; remains under clinician control; not sent to PDI Med servers.
   • De-Identified Domain: scrubbed outputs and committed encounter may exist; may be stored and processed by PDI Med.
2. No PHI on PDI Med Servers. PDI Med's intended operating posture is: no PHI ingestion, no PHI storage, no PHI logging, no PHI troubleshooting pipeline, no PHI-based support requirement. If PHI is observed by PDI Med staff due to user error or misconduct, it is treated as a security incident and triggers containment procedures.
3. Quiet Scrubbing and UX Friction Minimization. PDI Med is designed so clinicians can paste raw text naturally. The system may run local detection/scrubbing processes and only send De-Identified Output to external or cloud-based inference layers. Clinician workflow is protected by design: no scolding, no blocking, no "PHI detected" popups as the default user experience.
4. De-Identification Is Risk Reduction, Not Magic. PDI Med recognizes de-identification is not binary. PDI Med therefore employs redaction of direct identifiers, suppression rules for rare combinations, minimum cohort thresholds for aggregate views, and output constraints to prevent needle-in-haystack re-identification.

1. What "Non-Prescriptive" Means. PDI Med may provide guideline-aligned summaries, risk/benefit framing, differential diagnoses, common follow-ups and closure loops, distributions and descriptive analytics, and uncertainty ranges with confidence qualifiers. PDI Med will avoid "you must do X," "failure to do X is below standard," "the only acceptable option is," and outputs that present themselves as legal standards of care.
2. Physician Is the Decision-Maker. PDI Med is a cognitive tool. The physician remains responsible for clinical decisions, documentation, informed consent, ordering, prescribing, and follow-up.
3. Documentation Support Without Coercion. PDI Med may support better documentation structure and closure loops without implying that documentation exists primarily for billing or litigation. PDI Med's purpose is clarity, continuity, and patient safety.

1. Zero-Knowledge Intention. The Vault is designed so that the physician controls access, PDI Med does not possess decryption capability, and PHI is not accessible to PDI Med systems. Zero-knowledge is the design intent and operating posture — not a guarantee that transcends the integrity of the physician's own device and credentials. PDI Med does not retain plaintext keys or patient data.
2. Key Responsibility and Philosophy. The physician is the steward of their Key. PDI Med will provide usability tools to prevent loss, but will not compromise privacy to do so.
3. Recovery Without Custody (Allowed Recovery Model). PDI Med may support recovery processes that do not grant PDI Med access to PHI, including multi-factor identity verification, cryptographic vault remapping (new keys, new container), social recovery mechanisms (opt-in), and device-bound secure enclave methods. Recovery does not mean "PDI can retrieve your old key." Recovery means: PDI can help you establish a new access pathway without ever seeing PHI.
4. Vault Remapping. If theft, compromise, or suspicious behavior is suspected, PDI Med may require vault remapping: old vault sealed (irreversible), new vault created, continuity preserved at the de-identified layer where possible, and PHI remains physician-controlled.

1. Purpose. Collective Intelligence exists to help clinicians learn how medicine is practiced in reality under uncertainty, without forcing conformity. Participation is strictly opt-in: no committed encounter is contributed to the GZIN aggregate without explicit per-encounter physician consent. Physicians may withdraw from collective intelligence contribution at any time without losing access to individual vault and clinical reasoning tools.
2. Descriptive Outputs Only. Collective outputs are distributions, trend summaries, common follow-ups, uncertainty ranges, and non-identifying cohort insights. Collective outputs are not rankings, performance grades, punitive audit trails, or physician comparison scoreboards.
3. Anti-Gaming and Anti-Weaponization Safeguards. PDI Med will implement safeguards such as minimum cohort size thresholds, suppression of rare combinations, limits on drilling down, no single-physician extraction, no leaderboards, and no payor-facing analytics.
4. Innovation Safeguard Clause. PDI Med explicitly affirms: outlier practice patterns may represent innovation, not error. The platform will present uncertainty honestly and will not herd clinicians toward consensus behavior.

1. Support Hierarchy (Three Modes). PDI Med support must prioritize safety while remaining genuinely helpful.
   • Mode 1 — Behavioral/Structural Support (Default): support focuses on system behavior, pipeline steps, and de-identified artifacts.
   • Mode 2 — Physician-Side Self-Inspection (Preferred for nuance): PDI provides interpretability tools so physicians can inspect their own flows locally.
   • Mode 3 — Explicit, Local, Ephemeral Assistance (Rare): if necessary, support may occur via physician-controlled screen-share without recordings or data transfer, initiated by the physician, with explicit consent language.
2. Support Never Requires PHI. PDI Med will not require users to send PHI to receive support. If a user cannot describe an issue without PHI, PDI Med will provide structured prompts/templates to describe system behavior at an abstract level.

PDI Med rejects single-axis governance. The tripartite structure exists to prevent drift and capture—including capture by success itself.

1. Executive Authority — Founder Stewardship.
   • Rationale: vision must be coherent; architecture must be internally consistent; early systems cannot be designed by committee; resistance to institutional pressure requires singular conviction.
   • Scope: product architecture, technical design philosophy, hiring and organizational structure, strategic partnerships, and long-term roadmap.
   • Guardrail: authority is stewardship, not moral infallibility or unilateral power to redefine the mission. The Founder serves the physician-first constitutional mandate.
2. Legislative Authority — Independent Overseer Council.
   • Role: represents the clinical conscience of the platform; not management, investor proxy, or ideological committee.
   • Composition: practicing physicians with demonstrated clinical judgment; members able to reason under uncertainty; no majority influence from any single system, payer, EMR vendor, pharma entity, or academic society.
   • Authority: approve/reject/require revision of structural changes; ratify bylaws amendments; initiate integrity reviews; interpret the constitution when conflicts arise.
   • Limits: cannot direct clinical behavior, create performance rankings, mandate conformity to majority practice, or override architectural privacy constraints. Power is deliberative, not operational.
3. Judicial Authority — Integrity & Ethics Review Body.
   • Purpose: adjudicates allegations of mission violation, platform misuse, founder misconduct, governance overreach, and conflicts between branches.
   • Scope: evaluates whether actions violate the bylaws, whether harm arises from negligence/design/intent, and whether remediation, limitation, or removal is warranted.
   • Limits: does not decide product direction, clinical truth, or market strategy; sole mandate is constitutional enforcement.
4. Founder Primacy With Conditional Dethroning.
   • Rationale for Founder Primacy: foundational architecture cannot be crowdsourced; resisting pressure requires a single spine; vision dilutes if dispersed. Founder retains majority executive authority during formative and scaling phases.
   • Conditionality of Authority: authority is not permanent or absolute. Founder may not convert the platform into surveillance, monetize physician behavior, trade privacy for growth, collapse descriptive intelligence into prescriptive mandates, or introduce punitive analytics.
   • Dethronement Clause (Extraordinary Measure):
     • Material violation: sustained breach of physician-first autonomy, privacy absolutism, or non-punitive doctrine.
     • Intent or recklessness: evidence of intentional misuse or reckless disregard of known risks.
     • Due process: independent investigation, formal findings, supermajority legislative concurrence, and judicial confirmation.

1. What PDI Med Polices. System integrity, not medicine. PDI Med may act when a user attempts unauthorized vault access, shares or transfers credentials, tries to deanonymize data, manipulates uploads to distort aggregate trends, automates submissions to create false consensus, reverse engineers aggregation outputs, or violates platform boundaries designed to prevent PHI leakage.
2. What PDI Med Does Not Police. PDI Med will not discipline clinicians for deviating from guidelines, being an outlier, pursuing innovation, outcomes, clinical judgment decisions, or choosing less common options.
3. Graduated Response. Containment hold (temporary pause on GZIN contribution); clarification and review (notify and allow explanation); remediation (remap vault, limit contribution, require safety resets); restriction (revoke GZIN contribution privileges); separation (full platform suspension for rare, severe, repeat misconduct).
4. Due Process. Before severe actions: PDI Med provides written notice, identifies the mechanical concern, offers a response window, and documents reasons for final action. Emergency suspension may occur if there is an imminent security threat.
5. Board Certification Contexts. Reasoning patterns arising solely from board examination preparation within PDI Med are not subject to integrity review under this Article. Board Examiner Session Data (as defined in Article I) is excluded from aggregate integrity analysis and may not be used as the basis for any platform action, restriction, or referral.

1. Sealing Over Deletion (Default). PDI Med favors irreversibility of access ("sealing") rather than erasing history, because selective deletion corrupts aggregate validity.
2. Account Termination. Users may terminate accounts at any time. Upon termination: the physician's vault may be sealed upon request; access to services may cease; future contributions stop.
3. Aggregate Data Non-Retractability. Once data is de-identified, transformed into committed encounter, and integrated into Collective Intelligence, it becomes part of the collective record and is not selectively removed except where required by law or where technically feasible without corrupting integrity. This is disclosed clearly as a condition of participation.
4. "Right to Be Forgotten" Conflicts. In jurisdictions where deletion rights exist, PDI Med will comply to the extent legally required and technically feasible while preserving integrity through suppression, sealing, and aggregation-safe mechanisms whenever possible.

1. Security as a Product Feature. PDI Med commits to strict domain separation, minimized attack surface, encryption at rest for stored de-identified data, secure authentication and session management, penetration testing as resources permit, and incident response procedures.
2. Zero-Trust Mindset. PDI Med assumes users may make mistakes, malicious actors exist, browser environments can be hostile, and insider threats are real. The system is designed to fail safe; the most sensitive actions require step-up authentication; outputs suppress rare combinations by design.

1. PDI Med Is Not an Ideological Project. PDI Med will avoid embedding political, cultural, or ideological doctrine into clinical reasoning tools. Where language must reflect prevailing institutional standards, PDI Med will prefer neutral, patient-centered phrasing.
2. Respect for Patient Dignity and Clinician Conscience. PDI Med will support clinicians in practicing medicine ethically and compassionately without forcing ideological compliance through software coercion.

1. Detente Strategy (Phased Institutional Peace). PDI Med will pursue partnership where possible, but will not compromise physician-first ethics to gain institutional approval. Phased approach:
   • Standalone tools (no PHI ingestion, low friction)
   • Voluntary physician adoption
   • Institution-friendly summaries of privacy architecture
   • Optional institutional integrations only if they do not undermine physician autonomy
2. No Payor Capture. PDI Med will not provide payors or employers with tools designed to weaponize physician data against physicians.

1. Amendment Threshold. Amendments require a written statement of why, impact analysis on privacy and physician autonomy, and public posting of changes. Any amendment must include: clear description of the change; intended benefit; foreseeable second-order effects; privacy impact analysis; innovation impact analysis; and failure mode assessment. No amendment may proceed without legislative supermajority approval by the Independent Overseer Council, public documentation, and time-delayed ratification (cool-off period).
2. Non-Regression Rule. No amendment may knowingly introduce PHI transmission to PDI Med servers as a default pathway, convert PDI Med into a punitive surveillance product, or allow physician ranking or coercive benchmarking.
3. Emergency Amendments. Emergency amendments are time-limited, automatically sunset, and require retroactive ratification by the Overseer Council and confirmation via the Judicial Integrity and Ethics Review Body.

• PHI stays with you. Physician sovereignty is the architecture, not a policy.
• PDI Med stores only committed encounters — de-identified clinical records you choose to create.
• The platform helps you think, document, and close loops — without judging your clinical judgment.
• Uncertainty is first-class clinical data. We make unresolved threads and diagnostic drift visible, not punishable.
• Collective intelligence shows patterns, not prescriptions. The research substrate belongs to the physicians who built it.
• We police platform integrity, not medical judgment. Outliers are protected — they are often the innovators.
• Shadow work reduction is a design goal. PDI Med adds clarity, not burden.
• If keys are lost or compromised, we remap — PDI Med never needs to see your patients.
• We would rather lose revenue than lose trust.
• If you use PDI Med to prepare for board exams, that session data stays with you — it is never shared with certifying bodies, employers, or anyone outside your Vault.
• De-identification is multi-layer, not magic. PHI stays local by architecture, not just by promise. The evidence spans we store are proof the reasoning happened — not the raw notes that preceded it.