Proof for every
clinical-AI decision.
It attests the decision. It never makes it. That's what keeps it non-device — and what makes it the receipt every AI decision in medicine needs.
Clinical-AI decision provenance is cryptographic evidence that a specific clinical-AI decision came from an approved, un-tampered model running on clean, unaltered data. RankShieldMD seals a digest of the model, the inputs, and the output to an externally-anchored, post-quantum-signed transparency log at the moment of the decision — verifiable later, without trusting us, and without exposing any patient data.
The unprovable
AI decision.
Clinical AI now triages, flags, drafts orders, and — in early pilots — renews prescriptions autonomously. When one is later questioned, no one can prove what happened: was it the model you validated, or a drifted, swapped, fine-tuned, or data-poisoned version? Logs can be edited. Dashboards ask for trust. Provenance closes the gap: a verifiable receipt for each decision, generated the moment it happens.
Four steps.
No patient data.
First, register a cryptographic baseline of the approved model. Second, at decision time, capture digests of the inputs and output — never the PHI, which is rejected at the guard. Third, seal those digests to an append-only transparency log, sign with post-quantum cryptography, and anchor externally. Fourth, emit an evidence package with a verify recipe anyone can run.
It attests.
It never renders.
Under the FDA's clinical-decision-support criteria, software becomes a regulated device when it produces or drives the clinical decision — the fourth criterion. By staying strictly on the attestation side of that line — proving that a decision was genuine, never making it — RankShieldMD stays non-device: an independent trust signal without inheriting our regulatory burden.
Check it
yourself.
Every proof ships with a verify recipe. Your auditors, an FDA reviewer, or opposing counsel can recompute the hash chain and confirm the post-quantum-signed root using standard tools — without access to your systems and without trusting RankShieldMD. Tamper with the model, the data, or the record, and verification returns false.
Give every decision
a receipt.
Register a model baseline, run a decision through the same path, and verify the evidence with your own tools. Per decision, verifiable, PHI-free, non-device.
What is clinical-AI decision provenance?
Clinical-AI decision provenance is cryptographic, independently-verifiable evidence that a specific clinical-AI decision came from an approved, un-tampered model running on clean data — captured at the moment the decision is made, and provable later without exposing patient information. As AI moves from the research bench into triage, imaging, documentation, and, in early pilots, autonomous prescribing, a new class of risk appears that traditional security never addressed: not the theft of data, but the unprovable decision. A recommendation reaches a patient, and weeks later no one can confirm which model produced it, on which version, or whether the inputs were intact. Conventional audit logs cannot answer that — they can be edited, and they usually sit alongside the very data they are meant to protect. RankShieldMD closes the gap by sealing a digest of the model, the inputs, and the output to an externally-anchored, post-quantum-signed transparency log the instant the decision happens. Two principles govern the design, and we hold to both honestly: attest, don't decide — RankShieldMD proves provenance, it never makes clinical judgments — and prove without exposing, so verification never requires revealing protected health information.
How do you prove a clinical-AI decision is genuine?
By separating the proof from the data — recording verifiable statements about a decision rather than its clinical contents. RankShieldMD attests each decision in four steps, and none of them touch patient data. First, it registers a cryptographic baseline of the approved model: a hash of the model and its container, so there is a fixed reference for what "the validated model" means. Second, at decision time, it captures digests of the inputs and the output — never the underlying PHI, which is rejected at the guard before anything is sealed. Third, it seals those digests, together with the model fingerprint and a per-decision credential, to an append-only transparency log built on the same principle as certificate transparency, signs them with composite post-quantum cryptography, and anchors the log root to an external record so the whole structure is pinned in time. Fourth, it emits an evidence package with a verify recipe: an auditor, an FDA reviewer, or opposing counsel can recompute the hash chain and confirm the signed root using standard tools, without access to your systems and without trusting RankShieldMD. Tamper with the model, the data, or the record after the fact, and verification returns false. The medical data stays where it belongs, governed by the clinical systems built for it; RankShieldMD holds only the cryptographic proof about the decision.
Why "attest, not decide" keeps it non-device
Because the fastest way to cause harm with medical AI is to blur who is responsible for the decision — and the FDA's rules draw that line precisely. Under the clinical-decision-support criteria, software crosses into being a regulated device when it produces or drives the clinical decision itself; that is the fourth criterion. RankShieldMD is engineered to stay on the other side of it. Its clinical-AI capability attests that a decision was genuine — that a given output truly came from a given model, on a given version, with intact inputs, at a given time — and it never renders, scores, or recommends the decision. That boundary is not modesty; it is a safety and honesty requirement. A provenance layer that quietly positioned itself as a decision-maker would invite exactly the over-reliance that makes clinical AI dangerous, and it would misrepresent what the technology does. Keeping RankShieldMD's role bounded to verifiable attestation has a second benefit that clinical-AI and SaMD vendors care about directly: you gain an independent integrity signal for your model without inheriting RankShieldMD's regulatory burden, and RankShieldMD never enters your device's clinical pathway. The same discipline runs through everything we build — claim only what you can prove — applied where the cost of overclaiming is highest.
How is provenance different from an AIBOM or model monitoring?
They operate at different layers, and the difference is the whole point. An AI bill of materials (AIBOM) and a model card describe a model at the supply-chain level — its components, datasets, and lineage — a static inventory of what went into the system. Model monitoring watches aggregate behavior over time, flagging drift or anomalies across many predictions. Both are useful, and RankShieldMD can emit AIBOM artifacts itself. But neither proves anything about an individual runtime decision. When a specific result is questioned after the fact, an inventory of the model's ingredients and a dashboard of last month's drift cannot tell you whether this decision came from the approved model on intact data. Per-decision provenance is the finer, missing layer: a cryptographic receipt for each decision, sealed at the moment it happens, that can be verified in isolation. It is the difference between knowing what is generally in the kitchen and having a signed, tamper-evident receipt for the specific meal that was served. Governance platforms document risk and policy; monitoring tools observe behavior; RankShieldMD proves the decision. The three are complementary — provenance is simply the one that survives the question "prove this one."
Why does clinical-AI provenance need to be quantum-safe?
Because the evidence behind a clinical decision must stay unforgeable for as long as the decision matters — and that is measured in decades, well within the window where quantum computers could threaten today's cryptography. A proof that is unforgeable now but becomes forgeable in fifteen years is not good enough for a record that documents a person's care. There is also a specific, documented threat pattern: "harvest now, forge later," where an adversary copies today's classically-signed evidence and waits for a capable quantum computer to forge or repudiate it retroactively. Long-retention healthcare records are an attractive target precisely because they are kept for so long. That is why RankShieldMD signs every attestation with composite post-quantum signatures — ML-DSA-65 paired with Ed25519 — so the evidence stays verifiable and unforgeable as cryptography evolves to resist quantum attack. We state the posture honestly: it is quantum-safe, not quantum-proof. No quantum computer capable of breaking current cryptography exists yet, and no one can guarantee any system is unbreakable; what we can do is build to the NIST post-quantum standards so a decade of decisions stays defensible. Verifiable and durable together are what a clinical record deserves when the stakes are a person's health and the timeline is the rest of their life.
What we are careful never to claim.
We didn't invent the concept
Verifiable clinical-AI audit is a published academic idea. RankShieldMD ships the commercial, externally-anchored, post-quantum, per-decision implementation — not the invention of the concept.
It is not a clearance
It produces evidence that supports FDA submissions and EU documentation. It is not itself an FDA clearance, and it never makes a medical claim.
It never sees PHI
Model, input, and output are reduced to digests. Raw identifiers are rejected at the guard. The ledger is useless to anyone who steals it — there's no protected data inside.
Ask RankShieldMD about clinical-AI provenance.
What is clinical-AI decision provenance?
Cryptographic evidence that a specific clinical-AI decision came from an approved, un-tampered model running on clean data. RankShieldMD seals a digest of the model, inputs, and output to an externally-anchored, post-quantum-signed transparency log at the moment of the decision, so it can be verified later without trusting the vendor and without exposing patient data.
Why does every AI decision in medicine need a receipt?
Because when a clinical-AI decision is later questioned, someone has to prove what actually happened — which model ran, on what data. Logs can be edited and dashboards ask for trust. A cryptographic receipt, generated at decision time, makes the answer checkable instead of assertable.
Does RankShieldMD make or influence the clinical decision?
No. It attests decisions made by other systems and never renders, scores, or recommends one. That boundary is deliberate: it keeps RankShieldMD non-device under the FDA clinical-decision-support criteria, and it keeps clinical judgment with clinicians.
Is RankShieldMD a medical device?
No. It is security and quality tooling that helps clinical-AI vendors and hospitals meet their obligations. FDA classification turns on intended use — RankShieldMD’s use is to attest that a decision was genuine, not to make or drive one.
Does it see protected health information?
No. It is PHI-free by construction. It seals digests of the model, inputs, and output; raw patient identifiers are rejected at the guard and never enter the ledger. Adopting it shrinks your PHI footprint rather than growing it.
How can the proof be trusted without trusting RankShieldMD?
Every proof ships with a verify recipe. Anyone holding the evidence package can recompute the hash chain and confirm the post-quantum-signed root independently, using standard tools — without access to your systems and without trusting RankShieldMD. Trust is removed from the equation.
What happens if a model is swapped, drifts, or data is poisoned?
The sealed digests will not match the approved baseline, and verification returns false — surfacing the discrepancy. Tampering with the model, the data, or the record after the fact is detectable.
Is this the same as an AIBOM or model card?
No. Those describe a model at the supply-chain level. Provenance attests an individual runtime decision — a distinct, finer layer. RankShieldMD can emit AIBOM artifacts too, but per-decision proof is a separate capability.
Did RankShieldMD invent verifiable clinical-AI audit?
No — the concept exists in published research. RankShieldMD ships the commercial, externally-anchored, post-quantum, per-decision implementation. We are careful never to claim we invented the idea.
How does this support FDA or EU AI Act obligations?
It produces the integrity evidence a predetermined change-control plan, postmarket monitoring, and EU AI Act technical documentation rely on. It supports compliance; it is not itself a clearance and makes no medical claim.
Will this make us HIPAA or FDA compliant?
No software does. It produces verifiable evidence that supports specific requirements; compliance is your organization’s overall posture. We never claim otherwise.
What does it take to integrate?
Register a baseline of your approved model, then attest decisions through RankShieldMD at runtime — digests only, no PHI. You get evidence packages with a verify recipe you or your buyer can run. It sits alongside your model, not inside its clinical pathway.
Is it quantum-safe?
Yes — proofs are signed with composite ML-DSA-65 and Ed25519 so evidence stays defensible as cryptography evolves. It is quantum-safe, not quantum-proof: no quantum computer capable of breaking today’s cryptography exists yet, and we never claim otherwise.
Turn "trust our model" into "verify our model."
Register a baseline, attest a decision, and hand your buyer proof they can check.