| # Security Policy | |
| ## Important Disclaimer | |
| **This is a research / demonstration system. It is NOT approved for clinical use and must NOT be used to make real medical decisions.** All clinical decisions must be made by qualified healthcare professionals. | |
| ## Reporting a Vulnerability | |
| If you discover a security vulnerability in this project, please report it responsibly: | |
| 1. **Do NOT open a public GitHub issue** for security vulnerabilities | |
| 2. Email the maintainer directly (see GitHub profile for contact info) | |
| 3. Include a description of the vulnerability, steps to reproduce, and potential impact | |
| We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues. | |
| ## Scope | |
| ### In scope | |
| - Authentication/authorization bypasses (if auth is added in the future) | |
| - Injection vulnerabilities (prompt injection, SQL injection, command injection) | |
| - Sensitive data exposure (API keys, patient data leakage) | |
| - Dependency vulnerabilities in `requirements.txt` or `package.json` | |
| - CORS misconfigurations that could enable data exfiltration | |
| ### Out of scope | |
| - Clinical accuracy of AI-generated recommendations (this is a known limitation, not a vulnerability) | |
| - Denial of service via expensive LLM calls (known limitation of the architecture) | |
| - Issues in third-party services (Google AI Studio, OpenFDA, RxNorm) | |
| ## Security Considerations for This Project | |
| ### Patient Data | |
| - This system processes clinical text that could contain protected health information (PHI) | |
| - **No real patient data should ever be used** with this demonstration system | |
| - In a production deployment, HIPAA compliance would require: encrypted storage, audit logging, access controls, and BAAs with all third-party services | |
| - The MedGemma model can be self-hosted on-premises to avoid sending data to external APIs | |
| ### API Keys | |
| - API keys/tokens (HuggingFace token, Google AI Studio key) are stored in `.env` (gitignored) | |
| - Never commit `.env` or any file containing API keys or tokens | |
| - The `.env.template` file shows required variables without actual values | |
| ### LLM-Specific Risks | |
| - **Prompt injection:** The system processes untrusted user input (patient text) that is sent to the LLM. Adversarial inputs could potentially manipulate LLM behavior. | |
| - **Hallucination:** The LLM may generate plausible but incorrect medical information. The conflict detection step and RAG grounding mitigate but do not eliminate this risk. | |
| - **Over-reliance:** The system is designed as decision *support*, not decision *making*. UI disclaimers and caveats are included to reinforce this. | |
| ## Supported Versions | |
| | Version | Supported | | |
| |---------|-----------| | |
| | Current `master` branch | Yes | | |
| | Older commits | No | | |