PDI Verified is not a self-assessment. It is the result of an adversarial validation cycle — automated attack simulation across 12 security and clinical preservation domains — with the full outcome record published publicly so anyone can read it.
Each cycle of PDI Verify runs a structured adversarial battery against the live codebase. The battery simulates the attacks that matter most for a platform handling clinical data under physician control — not generic security checklists, but attack classes built around the specific trust model PDI Med claims to implement.
The tests ask: if PDI Med's claims were false, how would that manifest? If the vault were accessible without the physician's key — what would that look like in code? If patient information reached the AI model — where would it cross the boundary? Each attack class answers one of these questions. The full outcome is published below.
Tests whether server-side access or a database dump can produce readable patient data. AES-256-GCM encryption, physician-held keys.
Tests whether patterns in de-identified federated data can re-identify which physician treated which patient types.
Tests prompt injection, SQL injection, and database manipulation via clinical note content. All notes are treated as data, not instructions.
Tests NPI-only bypass, credential stuffing patterns, session token manipulation, and unauthenticated API access to PHI-adjacent routes.
Tests whether admin-level access, support paths, or database inspection can produce individually identifiable physician practice patterns.
Tests what PDI Med actually holds under subpoena. Because vault contents are encrypted under physician-held keys, there is nothing producible. Tests verify this architecture holds.
Tests whether clinical context appears in application logs, error traces, temporary files, or caches after a session ends.
Tests whether help requests, debug routes, or support sessions create paths to de-encrypt vault contents or surface clinical data.
Tests third-party package integrity, dependency pinning, and whether a compromised upstream package could exfiltrate vault data.
Tests all 11 adversarial PHI format variants (PP-01 to PP-11): name abbreviation series, prose emails, nonstandard phone separators, legal name bridges, relative names with clinical facts, BRCA accession splits, and more.
Tests that gestational ages, diagnoses, procedures, measurements, and eponymous clinical terms pass through the de-identification pipeline unchanged. The pipeline removes who — not what.
Tests whether the assurance layer can be gamed, manually authored, or disconnected from actual validation. The certificate hash chain makes post-generation modification detectable.
"Conditional" means some test cases require live system-level access that cannot be fully automated — for example, confirming that a real database dump is unreadable without a physician key requires a controlled live environment, not just a code scan. Those cases are scheduled for the next cycle window. All automatable tests passed.
PDI-CERT-0006-5085D1672026-06-02CONDITIONAL
PDI Verified is not a certification body stamp. There is no third party that issued this badge. The validation is designed and run by PDI Med against its own codebase, with the full methodology and results published publicly so any party can evaluate the claims independently.
The value is in the specificity and the public record — not the badge itself. A physician reading this page can see exactly what was tested, what the result was, and can verify the hash chain of the ledger independently. A badge without that is marketing. A badge with that is evidence.
PDI Verify: An Adversarial Audit Methodology for AI-Assisted Clinical Software — Extended with Dual-Axis Clinical Context Preservation and Physician Assurance Layer
Bristow, D. · Zenodo, June 4, 2026 · v1.0.2
Introduces the dual-axis certification standard (A10 + A11): A10 tests whether PHI is removed from the pipeline; A11 tests whether clinical meaning survived the privacy process. Neither condition alone constitutes adequate certification for clinical AI. Also introduces the A12 Assurance Integrity attack class and the tokenization-rehydration architecture.
↗ DOI: 10.5281/zenodo.20549147