MAP

AI image diagnostics can now detect lesions with accuracy equal to or greater than radiologists. However, the rationale behind an AI's "positive" determination often remains a black box.

When a patient files a lawsuit, "because the AI said so" won't hold up. When regulators request an audit, "we have no logs" is unacceptable.

MAP cryptographically records every AI decision, proving "when, what data was reviewed, which model, and why that diagnosis was reached" in a tamper-proof format.

Why MAP is Needed

Current state and challenges of healthcare AI

Lack of Accountability

"The AI decided" is not a defense in medical malpractice lawsuits. Recording the decision rationale is essential.

Model Drift

Performance changes with retraining. Unable to track which model version made the diagnosis.

Complex Regulatory Compliance

FDA PCCP, EU AI Act, MDR require continuous performance monitoring. No technical standard exists.

Real-World Challenge Examples (Anonymized)

1 AI Diagnostic Oversight Lawsuit

Patient AI diagnosis: "No abnormality" Cancer discovered 6 months later Lawsuit

Questions Raised:

• "Did the AI actually review the image?"
• "What was the model version?"
• "What was the confidence score at decision time?"

Result: Insufficient evidence, settled out of court

2 Clinical Trial Data Fraud

Third-party testing agency Data falsification FDA Warning Letter Approval revoked

Issues Identified:

• "Unable to prove when data was modified"
• "Audit trail manipulable by administrator"

MAP Scope

Target systems and recording events

Target Systems

🩺

AI Diagnostic Support

Image diagnostic AI, ECG analysis AI

Required

🔬

Pathology AI

Digital pathology, cytology AI

Required

💊

Medication Recommendation AI

Drug interaction check, dosage optimization

Required

🏥

Triage AI

Emergency priority determination, ICU alerts

Required

🤖

Surgical Support Robots

Decision support components

Recommended

📊

Clinical Trial AI

Patient screening, endpoint evaluation

Recommended

Recording Events (Causal Chain)

Patient Data Input

Image/Test values

Patient history

Consent info

AI Analysis

Feature extraction

Model inference

Explainability factors

Diagnosis Generated

Classification result

Confidence score

Differential diagnosis

Treatment Plan

Recommended treatment

Risk assessment

Alternative options

Patient Outcome

Actual result

Follow-up

Prognosis data

MAP Architecture

Data flow and event structure

Data Flow

Clinical System

Patient Data

AI Model (SaMD)

Clinical Decision

MAP Logger (Sidecar)

← Records all decision events

Hash Chain

Cryptographically linked

Digital Signature

Ed25519 signed

Model Hash

Version identification

Audit Storage

HIPAA/GDPR compliant, encrypted storage

MAP Event Structure (Conceptual)

{
  "event_id": "019234ab-7c8d-7def-8123-456789abcdef",
  "timestamp_ns": 1734567890123456789,
  "event_type": "DIAGNOSIS_GENERATED",
  "facility_id": "HOSPITAL_XXXXX",
  "provenance": {
    "actor": {
      "type": "AI_MODEL",
      "identifier": "chest_xray_classifier_v2.1.3",
      "model_hash": "sha256:abc123...",
      "training_date": "2024-06-15",
      "fda_clearance": "K123456"
    },
    "input": {
      "patient_id_hash": "sha256:patient_anonymized...",
      "image_study_uid": "1.2.840.113619.2.55...",
      "input_hash": "sha256:def456...",
      "acquisition_timestamp": 1734567800000000000
    },
    "context": {
      "clinical_indication": "CHEST_PAIN_EVALUATION",
      "referring_physician_id": "NPI_XXXXXXXXXX",
      "prior_studies_reviewed": 3,
      "patient_age_range": "60-69",
      "active_protocol": "EMERGENCY_TRIAGE"
    },
    "action": {
      "diagnosis": "PNEUMONIA_SUSPECTED",
      "confidence": 0.87,
      "explainability": {
        "method": "GRADCAM",
        "attention_regions": ["RIGHT_LOWER_LOBE"],
        "contributing_factors": [
          {"factor": "consolidation_pattern", "weight": 0.45},
          {"factor": "air_bronchograms", "weight": 0.32}
        ]
      },
      "differential_diagnoses": [
        {"diagnosis": "ATELECTASIS", "confidence": 0.08},
        {"diagnosis": "LUNG_CANCER", "confidence": 0.03}
      ],
      "recommended_action": "CONFIRM_WITH_CT"
    }
  },
  "prev_hash": "sha256:789xyz...",
  "signature": "ed25519:..."
}

Regulatory Compliance Mapping

Correspondence with international regulations

International Regulatory Correspondence

Regulation	Jurisdiction	Requirements	MAP Support
EU AI Act Annex III	EU	Medical device AI classified as high-risk, logging mandatory	✅ Full
FDA AI/ML SaMD Guidance	USA	Continuous learning AI performance monitoring	✅ Full
FDA PCCP	USA	Predetermined Change Control Plan, model change tracking	✅ Full
MDR 2017/745	EU	Medical device traceability	✅ Complementary
21 CFR Part 11	USA	Electronic records/signatures, audit trail	✅ Full
HIPAA	USA	PHI protection, access logs	✅ Crypto-Shredding
GDPR	EU	Right to be forgotten, data minimization	✅ Crypto-Shredding
PMDA SaMD Guidance	Japan	Continuous monitoring of AI medical devices	✅ Planned

FDA 21 CFR Part 11 Detailed Mapping

Audit Trail

✅ All events recorded in hash chain

Electronic Signature Linkage

✅ Operator identified with Ed25519 signature

Record Integrity Assurance

✅ Tamper detection via cryptographic hash

Timestamp Accuracy

✅ UUID v7 + NTP/PTP synchronization

System Admin Operation Restrictions

✅ External anchoring prevents deletion even by administrators

ALCOA+ Principles Correspondence

ALCOA+ Principle	Description	MAP Implementation
Attributable	Who recorded it	✅ actor.identifier + signature
Legible	Readable	✅ Standard JSON format
Concurrent	Recorded at time of action	✅ Real-time log generation
Original	Originality	✅ Proven via hash chain
Accurate	Accuracy	✅ Verified with input data hash
Complete	Completeness	✅ Event gaps detected via chain breakage
Consistent	Consistency	✅ Linked via trace_id
Enduring	Durability	✅ Cryptographically guaranteed
Available	Availability	✅ Accessible via standard API

Privacy Protection: Crypto-Shredding

Balancing immutable audit trails with the right to be forgotten

Traditional Dilemma

"Immutable Audit Trail"

Cannot delete

"GDPR Right to Erasure"

Must delete

Appears irreconcilable

MAP Solution: Crypto-Shredding

Patient Data

Encryption

Encrypted Data

Record

MAP

Encryption Key → Securely stored in Key Management System

On Deletion Request:

Destroy encryption key → Data becomes unreadable → Effectively deleted
Hash chain maintained → Audit trail integrity preserved

Use Cases

Specific application scenarios

1 Medical Malpractice Lawsuit Scenario

Phase	Without MAP	With MAP
At Diagnosis	AI determines "No abnormality"	Same + Decision rationale recorded
Lawsuit Filed	"AI missed it" claim	Same
Discovery	Logs potentially tampered	Cryptographically verifiable evidence
Root Cause	"Model problem or data problem unknown"	"Accuracy issue under specific conditions in model v2.1.3" identified
Liability	Settlement with ambiguous liability	Clear causation-based judgment

2 FDA PCCP Audit Scenario

FDA Auditor

PCCP Compliance Verification Request

Instant Response via MAP Evidence

Model version history ✓
Training data hash for each version ✓
Immutable performance verification records ✓
Signed change approval records ✓

Audit Complete - Compliance Confirmed

3 Clinical Trial Data Integrity

CRO (Contract Research Organization)

EDC System

MAP Anchoring

Hash recorded to external blockchain

Prove "Even system admin cannot tamper"

Significantly reduced FDA Warning Letter risk

MLOps Integration

Recording the entire model lifecycle

Model Lifecycle Recording

Development

MAP Record

Validation

MAP Record

Approval

MAP Record

Deploy

MAP Record

Operation

MAP Record

Retrain

MAP Record

Recording Details:

Training dataset hash

Hyperparameters

Validation results (sensitivity/specificity)

Approver's electronic signature

Deployment environment info

Inference logs

Retraining trigger and differential information

GMLP (Good Machine Learning Practice) Correspondence

GMLP Principle	MAP Implementation
Training/Test data independence	Dataset hash enables post-verification
Dataset representativeness	Demographic metadata recorded
Model transparency	Explainability factors (SHAP/LIME/GradCAM) recorded
Continuous performance monitoring	Operational inference results continuously recorded

Technical Specifications Summary

MAP technical requirements

Timestamp Precision

Millisecond (NTP synchronized)

Event Recording Frequency

Per diagnostic event

Hash Algorithm

SHA-256

Signature Algorithm

Ed25519 (Future: Dilithium)

PHI Protection

AES-256-GCM encryption + Crypto-Shredding

Storage Format

FHIR R4 compatible JSON

Retention Period

Configurable per regulatory requirements (typically 10-30 years)

Roadmap

MAP development schedule

2026 Q1

MAP Draft Specification v0.1 Release

2026 Q2

Technical Validation with Medical Device Manufacturers & Hospitals

2026 Q3

Information Provision to FDA/PMDA/EMA

2026 Q4

MAP v1.0 Official Release

2027

IHE (Integrating the Healthcare Enterprise) Collaboration

2027+

Standardization as HL7 FHIR Extension

Relationship with VAP/VSO

Framework hierarchy

VAP (Verifiable AI Provenance)

Cross-domain parent framework for all domains

defines & maintains

VSO (VeritasChain Standards Organization)

Standards body that develops and maintains VAP

publishes profiles

VCP

Finance

v1.0 Released

DVP

Automotive

Planned

Medical

Planned

EIP

Energy

Planned

PAP

Public

Planned

Get Involved in MAP Development

We welcome participation from medical device manufacturers, hospitals, and regulatory authorities.

View VAP Framework Review Spec on GitHub Join MAP Development

"When AI says 'cancer,' what patients want to know isn't the probability. It's the rationale."

— VeritasChain Standards Organization

"In medicine, trust is not given. It is proven."

MAP Medical AI Protocol

Why MAP is Needed

Lack of Accountability

Model Drift

Complex Regulatory Compliance

Real-World Challenge Examples (Anonymized)

1 AI Diagnostic Oversight Lawsuit

2 Clinical Trial Data Fraud

MAP Scope

Target Systems

AI Diagnostic Support

Pathology AI

Medication Recommendation AI

Triage AI

Surgical Support Robots

Clinical Trial AI

Recording Events (Causal Chain)

MAP Architecture

Data Flow

Clinical System

MAP Event Structure (Conceptual)

Regulatory Compliance Mapping

International Regulatory Correspondence

FDA 21 CFR Part 11 Detailed Mapping

Audit Trail

Electronic Signature Linkage

Record Integrity Assurance

Timestamp Accuracy

System Admin Operation Restrictions

ALCOA+ Principles Correspondence

Privacy Protection: Crypto-Shredding

Traditional Dilemma

MAP Solution: Crypto-Shredding

Use Cases

1 Medical Malpractice Lawsuit Scenario

2 FDA PCCP Audit Scenario

Instant Response via MAP Evidence

3 Clinical Trial Data Integrity

MLOps Integration

Model Lifecycle Recording

Recording Details:

GMLP (Good Machine Learning Practice) Correspondence

Technical Specifications Summary

Timestamp Precision

Event Recording Frequency

Hash Algorithm

Signature Algorithm

PHI Protection

Storage Format

Retention Period

Roadmap

MAP Draft Specification v0.1 Release

Technical Validation with Medical Device Manufacturers & Hospitals

Information Provision to FDA/PMDA/EMA

MAP v1.0 Official Release

IHE (Integrating the Healthcare Enterprise) Collaboration

Standardization as HL7 FHIR Extension

Relationship with VAP/VSO

VAP (Verifiable AI Provenance)

VSO (VeritasChain Standards Organization)

VCP

DVP

MAP

EIP

PAP

Get Involved in MAP Development