Conformance Evidence

This table gives reviewers a concise control map. It identifies the claim, the evidence to request, and the regression check that should remain green in CI.

Control

Evidence

Automated check

Authority alignment

Raw files are not assistant-readable.

Agent path validator rejects raw, staging, audit, and snapshot locations.

tests/test_file_access.py

ICMR confidentiality; HIPAA minimum necessary posture.

Staging is temporary and restricted.

tmp/{STUDY}/ mode, cleanup report, and secure staging tests.

tests/test_secure_staging.py

ICMR confidentiality; NIST de-identification operations.

Direct identifiers are removed or pseudonymized before publish.

PHI scrub catalog and per-run PHI scrub report.

tests/test_phi_scrub.py

HIPAA 45 CFR 164.514; DPDPA/SPDI; Aadhaar/ABDM.

Dates are protected.

Default date drop/shift behavior; Limited Dataset attestation when precise-date utility is approved.

tests/test_phi_scrub.py

HIPAA Safe Harbor/Limited Dataset; ICMR privacy.

Government IDs are blocked.

Scrub catalog, PHI gate catalog, and PHI gate test results.

tests/test_phi_gate.py

Aadhaar Act; ABDM; DPDPA/SPDI.

Row-level assistant answers are privacy-gated.

k-anonymity and l-diversity gate behavior.

tests/test_phi_gate.py

ICMR confidentiality; re-identification risk reduction.

PDF content is PHI-safe before LLM use.

Redact-then-call orchestrator, PHI-free PDF attestation gate for legacy raw-PDF path, and PDF redaction tests.

tests/security/test_pdf_redaction_pipeline.py

HIPAA disclosure controls; ICMR confidentiality.

Audit artifacts do not expose row data.

Counts-only audit reports and lineage manifest.

tests/test_lineage_manifest.py

IRB/IEC auditability without raw-PHI disclosure.

Logs and persisted assistant text are redacted.

Log hygiene filter and at-rest redaction helpers.

tests/test_log_hygiene.py and tests/test_phi_safe_input_gates.py

HIPAA audit/security safeguards; ICMR confidentiality.

Reviewed snapshots cannot be served directly.

Snapshot baseline restores over trio_bundle/ but remains outside the assistant read surface.

tests/test_file_access.py and pipeline snapshot tests.

Data minimization; stale-baseline disclosure prevention.

Reviewer Evidence Package

For a submission or audit, attach:

  • the commit SHA under review,

  • CI results for tests, lint, typecheck, dependency audit, and docs,

  • a representative output/{STUDY}/audit/ package with raw PHI withheld,

  • the PHI scrub configuration used for the run,

  • the PHI-key custody statement without the key value,

  • any Limited Dataset or PHI-free PDF attestation that enabled a higher-risk mode.

Open Operator Items

These items are study-team responsibilities before production research use:

  • breach-response runbook,

  • retention and destruction runbook,

  • consent-scope or approved-field allowlist when required by the IEC/IRB,

  • district population-threshold mapping if geography is retained,

  • narrative/free-text retention approval if narrative fields are ever needed.