diff --git a/docs/research/DrAgnes/data-sources.md b/docs/research/DrAgnes/data-sources.md new file mode 100644 index 00000000..22fbbe5c --- /dev/null +++ b/docs/research/DrAgnes/data-sources.md @@ -0,0 +1,307 @@ +# DrAgnes Data Sources + +**Status**: Research & Planning +**Date**: 2026-03-21 + +## Overview + +DrAgnes requires diverse, high-quality dermoscopic imaging data for training, validation, and ongoing enrichment. This document catalogs available datasets, medical literature sources, and real-world data streams that will feed the platform. + +## Training Datasets + +### 1. HAM10000 (Human Against Machine with 10,000 training images) + +- **Source**: Medical University of Vienna / ViDIR Group +- **Size**: 10,015 dermoscopic images +- **Classes**: 7 lesion types + - Actinic keratosis / Bowen's disease (akiec): 327 images + - Basal cell carcinoma (bcc): 514 images + - Benign keratosis (bkl): 1,099 images + - Dermatofibroma (df): 115 images + - Melanoma (mel): 1,113 images + - Melanocytic nevus (nv): 6,705 images + - Vascular lesion (vasc): 142 images +- **Resolution**: Variable (typically 600x450) +- **Ground Truth**: Histopathologic confirmation for ~50%, expert consensus for remainder +- **License**: CC BY-NC-SA 4.0 +- **Use Case**: Primary training dataset for initial 7-class model +- **Citation**: Tschandl, P., Rosendahl, C. & Kittler, H. (2018). The HAM10000 dataset. + +**Key Considerations**: +- Heavy class imbalance (67% melanocytic nevi). Requires oversampling (SMOTE or augmentation) for minority classes. +- Limited Fitzpatrick V-VI representation. Must supplement with diverse skin tone datasets. +- Non-standardized imaging conditions. Preprocessing pipeline must handle heterogeneous inputs. + +### 2. ISIC Archive (International Skin Imaging Collaboration) + +- **Source**: ISIC / Memorial Sloan Kettering Cancer Center +- **Size**: 70,000+ images (2024 archive) +- **Classes**: Extended taxonomy (25+ lesion types in later challenges) +- **Challenges**: ISIC 2016, 2017, 2018, 2019, 2020 -- each with labeled competition data +- **Resolution**: Variable (up to 4000x3000) +- **Ground Truth**: Mix of histopathology and expert annotation +- **License**: CC BY-NC 4.0 (varies by year) +- **Use Case**: Extended training, validation, benchmarking against ISIC challenge leaderboards + +**Key Subsets**: +| Year | Images | Task | +|------|--------|------| +| ISIC 2016 | 1,279 | Binary (melanoma vs. benign) | +| ISIC 2017 | 2,750 | 3-class (melanoma, seborrheic keratosis, benign nevus) | +| ISIC 2018 | 10,015 | 7-class (same as HAM10000) | +| ISIC 2019 | 25,331 | 8-class (added squamous cell carcinoma) | +| ISIC 2020 | 33,126 | Binary (melanoma vs. benign) with metadata | + +### 3. BCN20000 (Barcelona Dermoscopy Dataset) + +- **Source**: Hospital Clinic de Barcelona +- **Size**: 19,424 dermoscopic images +- **Classes**: 8 diagnostic categories +- **Resolution**: Standardized at 1024x768 +- **Ground Truth**: Histopathologic confirmation +- **License**: Research use (requires data use agreement) +- **Use Case**: European population diversity, high-quality histopathology labels + +**Distinctive Features**: +- All images from a single institutional dermoscopy unit (consistent quality) +- Higher proportion of actinic keratoses and SCCs than HAM10000 +- Includes patient metadata (age, sex, body site) +- Mediterranean population demographics + +### 4. PH2 Dataset + +- **Source**: University of Porto / ADDI project +- **Size**: 200 dermoscopic images +- **Classes**: 3 types + - Common nevi: 80 images + - Atypical nevi: 80 images + - Melanoma: 40 images +- **Resolution**: 768x560 (8-bit RGB) +- **Ground Truth**: Expert dermatologist annotation + medical consensus +- **Annotations**: Manual segmentation masks, dermoscopic features (colors, structures, symmetry) +- **License**: Academic research use +- **Use Case**: Rich dermoscopic feature annotation for ABCDE/7-point validation + +**Unique Value**: Each image includes expert-annotated dermoscopic structures (globules, streaks, blue-white veil, regression structures, dots). This enables training of the ABCDE and 7-point checklist modules, not just the CNN classifier. + +### 5. Derm7pt Dataset + +- **Source**: Simon Fraser University / University of British Columbia +- **Size**: 1,011 cases +- **Content**: Paired clinical + dermoscopic images for each case +- **Classes**: Melanoma vs. non-melanoma (binary) + 7-point checklist criteria +- **Annotations**: Full 7-point checklist scoring by experts + - Atypical pigment network + - Blue-whitish veil + - Atypical vascular pattern + - Irregular streaks + - Irregular dots/globules + - Irregular blotches + - Regression structures +- **License**: Research use +- **Use Case**: Training the 7-point checklist automation module; validating multi-image (clinical+dermoscopic) analysis + +### 6. DERMNET (Dermoscopy Image Archive) + +- **Source**: DermNet NZ (New Zealand Dermatological Society) +- **Size**: 23,000+ images across 600+ skin conditions +- **Content**: Clinical photographs (not dermoscopic) with expert descriptions +- **License**: Non-commercial educational use +- **Use Case**: Clinical photo training for non-dermoscopic input mode; educational reference + +### 7. Fitzpatrick17k Dataset + +- **Source**: Stanford Medicine / DDI (Diverse Dermatology Images) +- **Size**: 16,577 clinical images +- **Content**: 114 skin conditions with Fitzpatrick skin type labels (I-VI) +- **Key Feature**: Explicit skin tone diversity labeling +- **License**: Research use +- **Use Case**: Bias evaluation and mitigation. Ensuring DrAgnes performs equally across all skin types. + +**Critical for Equity**: Most existing dermatology AI systems show degraded performance on darker skin tones (Fitzpatrick V-VI). The Fitzpatrick17k dataset enables stratified evaluation to ensure DrAgnes does not perpetuate this bias. + +### 8. PAD-UFES-20 + +- **Source**: Federal University of Espirito Santo (Brazil) +- **Size**: 2,298 images across 6 skin lesion types +- **Content**: Smartphone-captured clinical images (not dermoscopic) +- **Key Feature**: Real-world smartphone capture conditions (not clinical photography) +- **License**: CC BY 4.0 +- **Use Case**: Validating performance with non-DermLite smartphone images; accessibility for resource-limited settings + +## Medical Literature Sources + +### 9. PubMed / MEDLINE + +- **Access**: pi.ruv.io brain PubMed integration (`crates/mcp-brain-server/src/pubmed.rs`) +- **Content**: 36 million+ biomedical citations +- **Use Cases**: + - Automated literature review for new lesion findings + - Evidence enrichment for diagnostic suggestions + - Treatment guideline updates + - Epidemiological context for risk assessment +- **Integration**: Brain `brain_page_evidence` API attaches PubMed references to DrAgnes findings + +**Key Search Strategies**: +``` +"dermoscopy" AND "melanoma" AND "deep learning" +"skin lesion classification" AND "convolutional neural network" +"dermoscopic features" AND "machine learning" +"skin cancer" AND "mobile health" AND "telemedicine" +"dermatology" AND "artificial intelligence" AND "clinical validation" +"Fitzpatrick skin type" AND "algorithmic bias" +``` + +### 10. AAD Clinical Guidelines + +- **Source**: American Academy of Dermatology +- **Content**: Evidence-based guidelines for skin cancer screening, diagnosis, and management +- **Key Guidelines**: + - Melanoma: Clinical practice guidelines for diagnosis and management + - Nonmelanoma skin cancer: Basal cell and squamous cell carcinoma + - Skin cancer prevention and early detection + - Dermoscopy standards and training +- **Use Case**: Codifying clinical decision rules into DrAgnes recommendation engine + +### 11. British Association of Dermatologists (BAD) Guidelines + +- **Source**: BAD +- **Content**: UK-based clinical guidelines complementing AAD +- **Key Difference**: Greater emphasis on teledermatology pathways +- **Use Case**: International clinical standard reference; teledermatology workflow design + +## Regulatory & Safety Data Sources + +### 12. FDA MAUDE Database + +- **Source**: FDA Manufacturer and User Facility Device Experience Database +- **Content**: Adverse event reports for medical devices +- **Search Terms**: Dermatoscope, dermoscopy, DermLite, skin imaging, AI dermatology +- **Use Case**: Post-market surveillance for DermLite devices; safety signal detection for AI dermatology tools +- **Integration**: Periodic automated queries via FDA openFDA API + +### 13. ClinicalTrials.gov + +- **Source**: US National Library of Medicine +- **Content**: Registry of clinical studies +- **Active Dermatology AI Trials** (as of 2026): + - AI-assisted melanoma screening in primary care + - Deep learning for dermoscopic pattern analysis + - Smartphone-based skin cancer detection validation + - Teledermatology with AI triage +- **Use Case**: Monitoring competitive landscape; identifying validation study opportunities + +### 14. SEER (Surveillance, Epidemiology, and End Results) + +- **Source**: National Cancer Institute +- **Content**: Cancer incidence and survival data from US population registries +- **Key Data**: + - Melanoma incidence by age, sex, race, anatomic site + - Stage at diagnosis distribution + - Survival rates by stage and treatment + - Temporal trends (1975-present) +- **Use Case**: Population-level risk calibration; prevalence priors for Bayesian classification; outcome validation + +### 15. GBD (Global Burden of Disease) + +- **Source**: Institute for Health Metrics and Evaluation (IHME) +- **Content**: Global epidemiological data for 369 diseases across 204 countries +- **Use Case**: International deployment planning; understanding regional lesion distribution differences + +## Real-World Data Streams (Post-Deployment) + +### 16. Practice Contributions (via Brain) + +- **Source**: DrAgnes-participating practices +- **Content**: De-identified embeddings, classification results, clinician feedback +- **Volume Projection**: 100-1,000 contributions/day at scale +- **Privacy**: All contributions go through the PII stripping and DP pipeline +- **Use Case**: Continuous model improvement; population-level insights + +### 17. DermLite Device Telemetry + +- **Source**: DermLite devices (with user consent) +- **Content**: Device model, capture settings, image quality metrics (no images) +- **Use Case**: Optimizing preprocessing for specific device models; quality assurance + +### 18. EHR Integration Data (Future) + +- **Source**: Epic FHIR, Cerner, athenahealth APIs +- **Content**: De-identified diagnosis codes (ICD-10), procedure codes, pathology reports +- **Privacy**: FHIR Bulk Data with patient consent; de-identified before analytics +- **Use Case**: Ground truth validation via histopathology; outcome tracking + +## Dataset Preparation Pipeline + +``` +Raw Dataset + │ + ▼ +Quality Filtering + ├── Remove duplicates (perceptual hashing) + ├── Remove low-quality images (blur detection, exposure check) + ├── Verify label consistency (multi-expert consensus) + └── Flag ambiguous cases for expert review + │ + ▼ +Standardization + ├── Resize to 224x224 (bilinear, maintaining aspect ratio with padding) + ├── Color normalization (Shades of Gray algorithm) + ├── Hair removal (DullRazor) + ├── Lesion segmentation (for feature extraction) + └── ImageNet normalization (mean/std) + │ + ▼ +Augmentation (for minority classes) + ├── Random rotation (0-360 degrees) + ├── Random horizontal/vertical flip + ├── Random brightness/contrast adjustment (+/- 20%) + ├── Random elastic deformation + ├── Cutout / random erasing + └── Mixup (alpha=0.2) between same-class samples + │ + ▼ +Split Strategy + ├── Train: 70% (stratified by class and Fitzpatrick type) + ├── Validation: 15% (stratified) + ├── Test: 15% (stratified, held out completely) + └── Note: Patient-level splitting (no image from same lesion in multiple sets) + │ + ▼ +Embedding Generation + ├── ruvector-cnn MobileNetV3 Small → 576-dim embeddings + ├── RlmEmbedder projection → 128-dim for HNSW + ├── PiQ3 quantization for compressed search + └── Store in brain as reference vectors +``` + +## Data Governance + +### Data Use Agreements + +| Dataset | Agreement Type | Restrictions | +|---------|---------------|-------------| +| HAM10000 | CC BY-NC-SA 4.0 | Non-commercial, share-alike, attribution | +| ISIC Archive | CC BY-NC 4.0 | Non-commercial, attribution | +| BCN20000 | Institutional DUA | Research use only; requires ethics approval | +| PH2 | Academic DUA | Academic research only | +| Derm7pt | Academic DUA | Research use only | +| Fitzpatrick17k | Research DUA | Research use; fairness evaluation | +| PAD-UFES-20 | CC BY 4.0 | Attribution only (most permissive) | + +### Commercial Licensing Considerations + +For commercial deployment of DrAgnes, only CC BY 4.0 and public domain datasets can be used without licensing negotiation. Commercial licensing or data use agreements must be obtained for: +- HAM10000 (CC BY-NC-SA -- non-commercial restriction) +- ISIC Archive (CC BY-NC -- non-commercial restriction) +- BCN20000 (institutional agreement required) + +**Alternative**: Train on CC BY 4.0 datasets and practice-contributed data only. The brain's collective learning mechanism means the model improves from real-world use regardless of initial training data license. + +### Ethical Considerations + +1. **Representation**: Actively seek datasets with Fitzpatrick V-VI representation to prevent bias +2. **Consent**: All practice-contributed data requires patient consent (opt-in, not opt-out) +3. **Transparency**: Publish model cards documenting training data composition, known limitations, and performance by subgroup +4. **Feedback loops**: Monitor for disparate impact in production; retrain if bias detected +5. **Data sovereignty**: Respect regional data handling requirements (GDPR data residency, etc.) diff --git a/docs/research/DrAgnes/hipaa-compliance.md b/docs/research/DrAgnes/hipaa-compliance.md new file mode 100644 index 00000000..a8d61ff1 --- /dev/null +++ b/docs/research/DrAgnes/hipaa-compliance.md @@ -0,0 +1,361 @@ +# DrAgnes HIPAA Compliance Strategy + +**Status**: Research & Planning +**Date**: 2026-03-21 + +## Overview + +DrAgnes operates at the intersection of medical imaging, AI classification, and collective intelligence. This document defines the comprehensive strategy for HIPAA compliance, FDA considerations, and privacy engineering that ensures patient data is protected at every layer while still enabling practice-adaptive and collective learning. + +## Regulatory Framework + +### HIPAA (Health Insurance Portability and Accountability Act) + +DrAgnes must comply with: +- **Privacy Rule** (45 CFR 164.500-534): Governs use and disclosure of PHI +- **Security Rule** (45 CFR 164.302-318): Technical, administrative, and physical safeguards +- **Breach Notification Rule** (45 CFR 164.400-414): Notification within 60 days +- **HITECH Act**: Enhanced penalties, breach notification to HHS for 500+ records + +### FDA Considerations + +DrAgnes functions as a Clinical Decision Support (CDS) tool. Under FDA guidance on Clinical Decision Support Software (2022 final guidance): + +**Criteria for Non-Device CDS (all four must be met)**: +1. Not intended to acquire, process, or analyze a medical image -- **DrAgnes processes dermoscopic images, so this criterion is NOT met** +2. Displays/analyzes but does not replace clinician judgment +3. Intended for healthcare professionals +4. Provides basis for understanding the recommendation + +**Conclusion**: DrAgnes likely falls under FDA regulation as a Software as a Medical Device (SaMD). The classification depends on the intended use: +- **Class II (510(k))**: If positioned as an aid to dermatologists (not standalone diagnosis) +- **Class III (PMA)**: If positioned as a screening/diagnostic tool for non-specialists + +**Recommended Regulatory Path**: Class II 510(k) with predicate device comparison to 3Derm (DEN200069, FDA-cleared AI for skin cancer detection). Position DrAgnes as a clinical decision support tool that assists qualified dermatologists. + +### FDA 21 CFR 820 (Quality System Regulation) + +If pursuing FDA clearance: +- **Design Controls** (820.30): Design input, output, review, verification, validation +- **Software Validation** (820.70(i)): Per FDA guidance on General Principles of Software Validation +- **SOUP Documentation**: Software of Unknown Provenance (MobileNetV3 architecture, pre-trained weights) +- **Risk Management**: ISO 14971 risk analysis for AI/ML components +- **Post-Market Surveillance**: Monitoring model performance drift in production + +## PHI Handling Architecture + +### What Constitutes PHI in DrAgnes + +| Data Element | PHI? | Handling | +|-------------|------|----------| +| Dermoscopic image (raw) | Yes (biometric) | Never leaves device. Stored in IndexedDB, encrypted | +| Patient name | Yes | Never stored in DrAgnes. Linked via EHR only | +| Date of birth | Yes | Converted to age decade (30s, 40s, ...) before any processing | +| MRN / Chart number | Yes | Never stored. External reference only via EHR integration | +| Classification result | Potentially | De-identified before brain submission | +| CNN embedding (576-dim) | No* | Non-invertible. Cannot reconstruct image from embedding | +| ABCDE scores | No* | Aggregated metrics, not identifiable | +| Body location | Potentially | Generalized to category (trunk, extremity, head) | +| Fitzpatrick skin type | No | Population-level demographic, not individually identifying | +| GPS coordinates | Yes | Stripped from EXIF before any processing | +| Device serial number | Yes (indirect) | Stripped from EXIF metadata | +| Clinician notes (free text) | Yes | NLP-based PII detection before any storage/sharing | + +*When combined, these elements could potentially be re-identifying. k-anonymity (k>=5) is enforced on all combinations. + +### The "No Raw Image" Principle + +The foundational privacy guarantee of DrAgnes: + +``` +RAW IMAGE ──▶ CNN ──▶ EMBEDDING ──▶ BRAIN + │ │ + │ └── Non-invertible: cannot reconstruct image + │ from 576-dim float vector + │ + └── NEVER LEAVES DEVICE + - Stored in IndexedDB (encrypted) + - Processed locally (WASM CNN) + - Displayed locally only + - Deleted per retention policy +``` + +**Mathematical basis for non-invertibility**: MobileNetV3 Small maps a 224x224x3 = 150,528-dimensional input to a 576-dimensional embedding. This is a 261:1 dimensionality reduction. The mapping is many-to-one (infinite input images map to the same embedding). No computational technique can invert this mapping to recover the original image. + +### PII Stripping Pipeline + +Leverages the existing brain server's redaction infrastructure: + +``` +Input Record + │ + ▼ +Stage 1: EXIF Sanitization + ├── Remove GPS coordinates + ├── Remove device serial number + ├── Remove camera make/model (keep DermLite type only) + ├── Remove software version strings + └── Remove timestamp (replace with date-only, bucketed to week) + │ + ▼ +Stage 2: Demographic Generalization + ├── Age → decade bucket (20, 30, 40, ...) + ├── Body location → category (head, trunk, upper_extremity, lower_extremity) + ├── Gender → removed (not clinically necessary for classification) + └── Ethnicity → Fitzpatrick scale only (I-VI) + │ + ▼ +Stage 3: Free Text Scrubbing + ├── Named entity recognition (NER) for person names + ├── Pattern matching for MRN, SSN, phone, email, address + ├── Date normalization (remove exact dates, keep relative) + └── Organization name redaction + │ + ▼ +Stage 4: k-Anonymity Enforcement + ├── Group by (Fitzpatrick, age_decade, body_location_category) + ├── Suppress groups with fewer than k=5 members + └── Generalize further if needed to achieve k-anonymity + │ + ▼ +Stage 5: Differential Privacy + ├── Laplace noise to continuous values (epsilon=1.0) + ├── Randomized response for binary features + └── Privacy budget tracking (per practice, per epoch) + │ + ▼ +Clean Record (ready for brain submission) +``` + +### Differential Privacy Implementation + +**Mechanism**: Laplace mechanism with epsilon=1.0 (matching brain server's current configuration). + +``` +For each continuous value v with sensitivity Δ: + v_noisy = v + Laplace(0, Δ/epsilon) + +For embeddings (576-dim vector): + Each dimension independently noised + Sensitivity calibrated per-dimension from training data + epsilon budget split across dimensions: epsilon_per_dim = epsilon / sqrt(576) ≈ 0.042 +``` + +**Privacy Budget Tracking**: +- Each practice has an annual privacy budget (epsilon_total = 10.0) +- Each brain contribution costs epsilon=1.0 +- Budget resets annually +- When budget exhausted, contributions are aggregated locally until reset +- Brain server tracks global dp_budget_used (currently 1.0) + +### Witness Chain Audit Trail + +Every DrAgnes classification carries a cryptographic provenance chain: + +``` +Witness Chain Structure: + [0..31] = Previous witness hash (or zeros for genesis) + [32..63] = SHAKE-256( + model_version || + brain_epoch || + input_embedding_hash || + classification_output || + clinician_id_hash || + timestamp + ) + [64..N] = Chain continuation +``` + +**Audit capabilities**: +- Verify which model version produced a classification +- Verify the brain state at classification time +- Detect if a classification has been tampered with +- Reconstruct the full decision chain for regulatory review +- Prove temporal ordering of classifications + +## Technical Safeguards (Security Rule) + +### Access Controls (164.312(a)) + +| Control | Implementation | +|---------|---------------| +| Unique user identification | OAuth 2.0 with Google Identity Platform | +| Emergency access | Break-glass procedure with audit logging | +| Automatic logoff | 15-minute session timeout, token refresh required | +| Encryption | AES-256-GCM at rest, TLS 1.3 in transit | +| Role-based access | Admin, Clinician, Technician, Viewer roles | +| Multi-factor authentication | Required for all clinician accounts | + +### Audit Controls (164.312(b)) + +| Audit Event | Data Captured | +|-------------|--------------| +| Image capture | Timestamp, device, user, body location | +| Classification run | Timestamp, model version, brain epoch, user | +| Brain contribution | Timestamp, de-identification confirmation, witness hash | +| Brain search | Timestamp, query type, result count | +| Record access | Timestamp, user, record ID, access type | +| Export | Timestamp, user, data scope, format | +| Failed login | Timestamp, user identifier, IP, reason | + +**Retention**: Audit logs retained for 6 years (HIPAA minimum) in append-only Cloud Logging with CMEK encryption. + +### Integrity Controls (164.312(c)) + +- All data at rest uses AES-256-GCM with Google Cloud CMEK +- All witness chains are append-only (SHAKE-256, tamper-evident) +- Database writes use Firestore transactions (ACID) +- Model weight integrity verified via SHA-256 checksums before inference +- WASM module integrity verified via Subresource Integrity (SRI) hashes + +### Transmission Security (164.312(e)) + +- TLS 1.3 required for all connections (no fallback) +- Certificate pinning for mobile PWA +- HSTS with 1-year max-age and preloading +- Perfect forward secrecy (ECDHE) +- Brain sync uses authenticated encryption (witness chain verification) + +## Administrative Safeguards + +### Business Associate Agreement (BAA) + +**Required BAAs**: +| Entity | Role | BAA Status | +|--------|------|-----------| +| Google Cloud Platform | Infrastructure provider | Google Cloud BAA available (standard) | +| DermLite / 3Gen Inc. | Hardware manufacturer | Not required (no PHI exchange) | +| Practice using DrAgnes | Covered entity | BAA with DrAgnes operator required | +| PubMed / NCBI | Literature source | Not required (public data) | + +**Google Cloud BAA Coverage**: +Google Cloud's BAA covers Cloud Run, Firestore, GCS, Pub/Sub, Cloud Logging, Secret Manager, and Cloud KMS -- all services used by DrAgnes. + +### Workforce Training + +- All personnel with access to DrAgnes infrastructure must complete HIPAA training annually +- Security awareness training quarterly +- Incident response drills semi-annually +- Role-specific training for developers handling PHI-adjacent code + +### Incident Response Plan + +``` +Incident Detection + │ + ├── Automated: Cloud Monitoring alerts, anomaly detection + ├── Manual: User reports, security team discovery + │ + ▼ +Assessment (within 1 hour) + ├── Determine if PHI was involved + ├── Classify severity (1-4) + ├── Identify affected individuals + │ + ▼ +Containment (within 4 hours) + ├── Isolate affected systems + ├── Revoke compromised credentials + ├── Preserve forensic evidence + │ + ▼ +Notification (within 60 days per HIPAA) + ├── Individual notification if PHI compromised + ├── HHS notification if 500+ individuals affected (within 60 days) + ├── Media notification if 500+ in single state + ├── State attorney general notification (varies by state) + │ + ▼ +Remediation + ├── Root cause analysis + ├── System hardening + ├── Policy updates + └── Post-incident review +``` + +### Data Retention Policy + +| Data Type | Retention | Location | Justification | +|-----------|----------|----------|---------------| +| Raw dermoscopic images | Per practice policy (default 7 years) | Device only (IndexedDB) | Clinical record retention | +| CNN embeddings (local) | Same as images | Device only | Tied to image lifecycle | +| Brain contributions | Indefinite (de-identified) | GCS / Firestore | Research value, non-PHI | +| Audit logs | 6 years | Cloud Logging | HIPAA minimum | +| Model weights | Indefinite | GCS | Reproducibility | +| Classification results | Per practice policy | Device + Firestore | Clinical record | +| Clinician feedback | Indefinite (de-identified) | Firestore | Model improvement | + +## Risk Assessment + +### HIPAA Risk Analysis (164.308(a)(1)) + +| Risk | Likelihood | Impact | Mitigation | +|------|-----------|--------|------------| +| Raw image exfiltration | Low | Critical | Images never leave device; no upload API exists | +| Re-identification from embeddings | Very Low | High | 261:1 dimensionality reduction; k-anonymity; DP noise | +| Model inversion attack | Very Low | High | MobileNetV3 is many-to-one; DP noise prevents gradient-based inversion | +| Insider threat (developer) | Low | High | No production access to PHI; all PHI stays on device | +| Cloud infrastructure breach | Low | Medium | Only de-identified data in cloud; CMEK encryption | +| Man-in-the-middle | Very Low | High | TLS 1.3 + certificate pinning | +| Malicious model update | Low | High | Model checksums + witness chain verification | +| Session hijacking | Low | Medium | Short session timeout; MFA; secure cookies | + +### FDA Risk Analysis (ISO 14971) + +| Hazard | Severity | Probability | Risk Level | Mitigation | +|--------|----------|------------|------------|------------| +| False negative (missed melanoma) | Critical | Medium | High | >95% sensitivity target; always recommend dermatologist review | +| False positive (unnecessary biopsy) | Moderate | Medium | Medium | >85% specificity; clinical decision support, not standalone | +| Model drift (accuracy degradation) | Serious | Low | Medium | Brain drift monitoring; automated retraining triggers | +| Bias against skin types | Serious | Medium | High | Fitzpatrick-stratified evaluation; diverse training data | +| System unavailability | Minor | Low | Low | Offline-first architecture; no dependency on connectivity | + +## International Considerations + +While DrAgnes targets US deployment first, the architecture supports international compliance: + +| Regulation | Region | Key Requirement | DrAgnes Approach | +|-----------|--------|-----------------|-----------------| +| GDPR | EU | Data minimization, right to erasure | Embeddings are non-invertible; erasure of device data trivial | +| PIPEDA | Canada | Consent, purpose limitation | Explicit consent workflow; purpose-bound data processing | +| LGPD | Brazil | Data protection officer, consent | DPO appointment; consent management | +| POPIA | South Africa | Processing limitation | Minimal data collection; de-identification | +| MDR 2017/745 | EU | Medical device regulation | CE marking pathway if EU deployment | +| PMDA | Japan | Pharmaceutical and medical device regulation | J-PMDA approval pathway | + +## Compliance Monitoring + +### Continuous Compliance Dashboard + +``` +DrAgnes Compliance Dashboard + │ + ├── Privacy Budget Status + │ ├── Per-practice epsilon consumption + │ ├── Global DP budget (currently 1.0 used) + │ └── Budget exhaustion forecast + │ + ├── Access Audit + │ ├── Login frequency by role + │ ├── Failed login attempts + │ ├── Anomalous access patterns + │ └── Break-glass usage + │ + ├── Data Flow Verification + │ ├── Confirmation: zero raw images in cloud + │ ├── PII stripping success rate (target: 100%) + │ ├── k-anonymity compliance rate + │ └── Witness chain integrity checks + │ + ├── Model Governance + │ ├── Current model version across practices + │ ├── Drift detection alerts + │ ├── Fairness metrics by Fitzpatrick type + │ └── Sensitivity/specificity by subgroup + │ + └── Incident Tracker + ├── Open incidents + ├── Time to resolution + ├── Breach notification status + └── Corrective action tracking +```