IRB/Auditor Profile

This profile is only for IRB, IEC, privacy, and audit review. It states what PHI is handled, where it can exist, how it is protected, and why those controls align with India and USA research privacy expectations.

Use this profile to review the privacy posture without reading developer implementation notes or general user setup instructions.

Review Path

1. Read PHI Handling for the PHI flow and jurisdiction alignment.

2. Read Conformance Evidence for the claim-to-evidence control table.

3. Read Attestations for the two approvals that operators must file before higher-risk modes are used.

What This System Does

RePORT AI Portal is a local-first assistant for one clinical research study. It converts local study inputs into a PHI-scrubbed trio bundle and lets approved researchers ask questions from that scrubbed bundle.

What This Profile Covers

• India and USA research privacy alignment for Indo-VAP-style clinical research use.

• PHI and personal-data handling from source files to assistant answer.

• De-identification, pseudonymization, date shifting, small-cell suppression, and LLM boundary controls.

• Evidence an IRB, IEC, privacy reviewer, or auditor can request.

What This Profile Does Not Cover

• Code architecture, contributor workflow, or build history.

• Model-provider setup beyond PHI handling implications.

• General user instructions for running the portal.

For those audiences, use User Guide or Developer Guide.

Contents

• PHI Handling
  • Purpose
  • What Is Handled
  • Where PHI Can Exist
  • How PHI Is Protected
  • Why These Controls Exist
  • Jurisdiction Alignment
  • Primary Authority Links
• Conformance Evidence
  • Reviewer Evidence Package
  • Open Operator Items
• Attestations
  • PHI-Free PDF Attestation
  • Limited Dataset Attestation