Cryptographic Audit Layer

When an AI model makes a clinical recommendation,
who is accountable?

HashCare is the audit trail that answers that question. Every AI-assisted clinical decision in the SolvingHealth network produces a hash — a 64-character cryptographic fingerprint that proves what was said, by which model, under which physician's oversight, at what time. Tamper-evident. Permanent. OIG audit-ready from transaction one.

See a live hash For Developers Anchor a Document — Free The registry's root is countersigned into Bitcoin daily via OpenTimestamps — proofs outlive the operator.
The moment this matters — July 2026 Three things are now true at once. TEFCA crossed one billion health records exchanged, with information-blocking referred to the DOJ — the pipes are built and enforced. CMS's WISeR model made licensed-clinician review of AI decisions a payment requirement. And ChatGPT for Clinicians made AI drafting free for every licensed clinician in America. Free drafting, mandated review, enforced pipes — and still no proof of what was said, by whom, under whose license. The AI drafts it. Who signs it? That question is the entire product. Try breaking a record below and watch the fingerprint catch it.
Step 1
AI generates →
LMN, prior auth, clinical note, care plan
Step 2
Physician reviews →
Hard Intercept enforces minimum review time
Step 3
Hash created →
SHA-256, timestamp-anchored, tamper-evident
Step 4
Stored immutably →
Cloudflare R2, 7-year WORM lock

a3f1c8e9b27d4f5a8e6c1b9d2f4a7c5e8b1d3f6a9c2e5b8d1f4a7c0e3b6d9f2a4c7e0b3d6f9a2

A 64-character fingerprint. Changes if a single character in the record changes. Proves the document existed, unmodified, at that exact timestamp.

What "tamper-evident" actually feels like.

Here is a single care event — a caregiver's visit note, sealed with a real SHA-256 hash the moment it was signed. Change one character and watch the fingerprint break. A family or a payer can run this same check and know, instantly, whether a record is the one the caregiver actually signed.

Care Event — Verification Demo Verified

Sealed by the caregiver at sign-off. Edit any field below to simulate an after-the-fact change to the record.

Hash at sign-off computing…
Hash of record now computing…
The record matches its sign-off hash, character for character. This is the note the caregiver signed.

This runs entirely in your browser using the Web Crypto API (SHA-256) — nothing is uploaded. In production, the sign-off hash is anchored to immutable storage with a 7-year object lock, so the comparison can be made by anyone, years later, against a record no one can quietly rewrite.

Generate a Health Identity Hash

Select the data sources to include in your identity snapshot. Your hash changes only when your underlying data changes — making it tamper-evident by design.

Configure your identity snapshot

Medical records
Fitness and wearables
Medications
SHA-256 Health Hash — anchored just now —
a3f1c8e9b27d4f5a8e6c1b9d2f4a7c5e8b1d3f6a9c2e5b8d1f4a7c0e3b6d9f2a4

This hash represents your identity snapshot at this moment. Toggle a data source above and click Generate Hash to see it change. Anchored to Cloudflare R2 with 7-year retention.

Did either record change after it was signed?

Edit either record below. Watch the fingerprint break in real time. This is exactly how a family, a payer, or an OIG auditor would verify a disputed care note.

Original record (signed)
Hash at signing
Record under review (edit to test)
Hash now

In production, the signed hash is written to Cloudflare R2 with a 7-year object lock. Any party — family, MCO, OIG — can run this comparison against the anchored fingerprint without asking anyone for permission.

The same anchoring protocol. Every clinical event.

From a physician attestation to a caregiver shift note — every event gets the same four-step chain. There are no exceptions and no manual overrides.

Every critical event. Verified at the source.

HashCare anchors the clinical events that matter most — the ones where provenance, timing, and integrity are not optional.

Physician Attestations

When a physician reviews and attests to an AI-generated note, LMN, or prior auth, the attestation event is hashed at the moment of signing. Immutable audit trail. No retroactive edits.

ClinicalSwipe →
Care Records

Every caregiver shift note, care goal update, and clinical observation in co-op.care is anchored. Family-owned, hash-verified, and auditable by any authorized party.

co-op.care →
Health Identity

ComfortCard emergency profiles are backed by a HashCare identity. Any care provider scanning the QR can verify the record is unmodified — and when it was last attested.

ComfortCard →
LMN Issuance

Letters of Medical Necessity are hashed at issuance and again at physician sign-off. The two-hash chain proves the document was not altered between generation and attestation.

altru.care →
Decision Scores

When a physician attests to a DecisionIndex score, that attestation is hashed and linked to the underlying evidence record. Attestation corpus is tamper-evident and cumulative.

DecisionIndex →
Surgical Encounter Logs

SurgeonValue encounter records are anchored at ingestion. Billing codes, procedural notes, and outcome data are verifiable against the original hash — no retroactive modifications.

SurgeonValue →

The health identity layer your app needs.

HashCare SDK handles cryptographic key management, FHIR R4 data ingestion, consent token lifecycle, and audit log maintenance — so your team can focus on clinical features, not compliance infrastructure.

Three lines to generate a health identity. One call to create a time-limited consent token. A standard webhook when a token is accessed or revoked.

Full SDK documentation
hashcare-sdk.js
// Initialize HashCare SDK
const hashcare = new HashCare({
  apiKey: 'hc_...'
});

// Generate health identity hash
const identity = await hashcare
  .generateHash({
    sources: ['apple_health', 'epic_fhir'],
    includeModules: [
      'vitals',
      'diagnoses',
      'medications'
    ]
  });

// Create scoped consent token
// (24hr, read-only, ortho data only)
const token = await hashcare
  .createConsentToken({
    purpose: 'pre-surgical-review',
    expires: '24h',
    scope: [
      'diagnoses.musculoskeletal',
      'vitals.weight_height'
    ]
  });

HashCare is the trust layer.

Every attestation, care record, and identity claim in the SolvingHealth ecosystem is anchored to a HashCare hash. Cryptographic provenance from the first data point to the last.

ClinicalSwipe

Physician attestations are hash-anchored at the moment of signing. Immutable audit trail for every clinical review.

clinicalswipe.com
ComfortCard

Digital health identity wallet powered by HashCare. QR-accessible emergency profile. Cryptographically verified at every care touchpoint.

comfortcard.org
co-op.care

Care records are hash-anchored. Every caregiver shift, clinical note, and care goal — immutable and family-owned.

co-op.care
SurgeonValue

Encounter logs and billing outcomes are anchored at ingestion. Verifiable, auditable, and timestamped — before they enter any downstream system.

surgeonvalue.com
The Physician Network

The licensed reviewers whose signatures anchor here. NPI-verified, specialty-matched, paid per review — join the network that signs what AI drafts.

altru.care/physicians
HarnessHealth

Wire receipts into your own loop: the physician-governed harness for engineering teams. MCP connector, BAA available, attestation from transaction one.

harnesshealth.ai/developers

“Verified by HashCare” — a badge any site can carry.

If your product anchors its records to HashCare, say so. Paste the snippet below anywhere HTML renders — no JavaScript, no dependencies, one link back to the audit layer.

verified-by-hashcare.html
<a href="https://hashcare.com" target="_blank" rel="noopener"
   style="display:inline-flex;align-items:center;gap:7px;padding:7px 13px;
          background:#131f38;border:1px solid rgba(13,115,119,0.5);
          border-radius:8px;font-family:Arial,Helvetica,sans-serif;
          font-size:12px;font-weight:700;color:#14a4a9;text-decoration:none;">
  <svg width="13" height="13" viewBox="0 0 22 22" fill="none" aria-hidden="true">
    <path d="M11 2L3 6v6c0 4.8 3.2 9.3 8 10.4C16.8 21.3 19 16.8 19 12V6l-8-4z"
          stroke="currentColor" stroke-width="1.75" stroke-linejoin="round"/>
    <path d="M7.5 11.3l2.4 2.4 4.6-4.8" stroke="currentColor" stroke-width="1.75"
          stroke-linecap="round" stroke-linejoin="round"/>
  </svg>
  Verified by HashCare
</a>
Developer Early Access

Audit-ready from the first record.

HashCare is opening the SDK to a select cohort of health systems and AI developers. Every attestation, LMN, and clinical note you generate through the SolvingHealth harness is anchored automatically. Join the waitlist for early access.

No spam. Early cohort is limited to 50 developers.

Sage — HashCare
Sage