Cryptographic Audit Layer

When an AI model makes a clinical recommendation,
who is accountable?

HashCare is the audit trail that answers that question. Every AI-assisted clinical decision in the SolvingHealth network produces a hash — a 64-character cryptographic fingerprint that proves what was said, by which model, under which physician's oversight, at what time. Tamper-evident. Permanent. OIG audit-ready from transaction one.

See a live hash For Developers

The accountability chain

Step 1
AI generates
LMN, prior auth, clinical note, care plan
Step 2
Physician reviews
Hard Intercept enforces minimum review time
Step 3
Hash created
SHA-256, timestamp-anchored, tamper-evident
Step 4
Stored immutably
Cloudflare R2, 7-year WORM lock

a3f1c8e9b27d4f5a8e6c1b9d2f4a7c5e8b1d3f6a9c2e5b8d1f4a7c0e3b6d9f2a4c7e0b3d6f9a2

A 64-character fingerprint. Changes if a single character in the record changes. Proves the document existed, unmodified, at that exact timestamp.

Try to break it

What "tamper-evident" actually feels like.

Here is a single care event — a caregiver's visit note, sealed with a real SHA-256 hash the moment it was signed. Change one character and watch the fingerprint break. A family or a payer can run this same check and know, instantly, whether a record is the one the caregiver actually signed.

Care Event — Verification Demo Verified

Sealed by the caregiver at sign-off. Edit any field below to simulate an after-the-fact change to the record.

Hash at sign-off computing…
Hash of record now computing…
The record matches its sign-off hash, character for character. This is the note the caregiver signed.

This runs entirely in your browser using the Web Crypto API (SHA-256) — nothing is uploaded. In production, the sign-off hash is anchored to immutable storage with a 7-year object lock, so the comparison can be made by anyone, years later, against a record no one can quietly rewrite.

Interactive Demo

Generate a Health Identity Hash

Select the data sources to include in your identity snapshot. Your hash changes only when your underlying data changes — making it tamper-evident by design.

Configure your identity snapshot

Medical records
Fitness and wearables
Medications
SHA-256 Health Hash — anchored just now —
a3f1c8e9b27d4f5a8e6c1b9d2f4a7c5e8b1d3f6a9c2e5b8d1f4a7c0e3b6d9f2a4

This hash represents your identity snapshot at this moment. Toggle a data source above and click Generate Hash to see it change. Anchored to Cloudflare R2 with 7-year retention.

How It Works

The same anchoring protocol. Every clinical event.

From a physician attestation to a caregiver shift note — every event gets the same four-step chain. There are no exceptions and no manual overrides.

01
Connect data sources
Link EHR (Epic, Cerner, athenahealth), Apple Health, or wearables via FHIR R4. Or enter manually. Any structured health data works.
02
Generate an immutable identity
HashCare produces a SHA-256 digest of the record snapshot. Timestamp-anchored. Tamper-evident. Unique to that record at that moment in time.
03
Create selective disclosure tokens
Your surgeon sees orthopedic data. Your trainer sees fitness data. Your insurer sees nothing unless you consent. Time-limited, purpose-specific, and revocable instantly.
04
Audit trail is permanent
Every access, revocation, and attestation is logged. The hash proves the record existed and was unmodified at that timestamp. Disputes resolved without litigation.

What Gets Anchored

Every critical event. Verified at the source.

HashCare anchors the clinical events that matter most — the ones where provenance, timing, and integrity are not optional.

Physician Attestations

When a physician reviews and attests to an AI-generated note, LMN, or prior auth, the attestation event is hashed at the moment of signing. Immutable audit trail. No retroactive edits.

ClinicalSwipe
Care Records

Every caregiver shift note, care goal update, and clinical observation in co-op.care is anchored. Family-owned, hash-verified, and auditable by any authorized party.

co-op.care
Health Identity

ComfortCard emergency profiles are backed by a HashCare identity. Any care provider scanning the QR can verify the record is unmodified — and when it was last attested.

ComfortCard
LMN Issuance

Letters of Medical Necessity are hashed at issuance and again at physician sign-off. The two-hash chain proves the document was not altered between generation and attestation.

altru.care
Decision Scores

When a physician attests to a DecisionIndex score, that attestation is hashed and linked to the underlying evidence record. Attestation corpus is tamper-evident and cumulative.

DecisionIndex
Surgical Encounter Logs

SurgeonValue encounter records are anchored at ingestion. Billing codes, procedural notes, and outcome data are verifiable against the original hash — no retroactive modifications.

SurgeonValue

For Developers

The health identity layer your app needs.

HashCare SDK handles cryptographic key management, FHIR R4 data ingestion, consent token lifecycle, and audit log maintenance — so your team can focus on clinical features, not compliance infrastructure.

Three lines to generate a health identity. One call to create a time-limited consent token. A standard webhook when a token is accessed or revoked.

Full SDK documentation
hashcare-sdk.js 
// Initialize HashCare SDK
const hashcare = new HashCare({
  apiKey: 'hc_...'
});

// Generate health identity hash
const identity = await hashcare
  .generateHash({
    sources: ['apple_health', 'epic_fhir'],
    includeModules: [
      'vitals',
      'diagnoses',
      'medications'
    ]
  });

// Create scoped consent token
// (24hr, read-only, ortho data only)
const token = await hashcare
  .createConsentToken({
    purpose: 'pre-surgical-review',
    expires: '24h',
    scope: [
      'diagnoses.musculoskeletal',
      'vitals.weight_height'
    ]
  });

SolvingHealth Ecosystem

HashCare is the trust layer.

Every attestation, care record, and identity claim in the SolvingHealth ecosystem is anchored to a HashCare hash. Cryptographic provenance from the first data point to the last.

ClinicalSwipe

Physician attestations are hash-anchored at the moment of signing. Immutable audit trail for every clinical review.

clinicalswipe.com
ComfortCard

Digital health identity wallet powered by HashCare. QR-accessible emergency profile. Cryptographically verified at every care touchpoint.

comfortcard.org
co-op.care

Care records are hash-anchored. Every caregiver shift, clinical note, and care goal — immutable and family-owned.

co-op.care
SurgeonValue

Encounter logs and billing outcomes are anchored at ingestion. Verifiable, auditable, and timestamped — before they enter any downstream system.

surgeonvalue.com
Developer Early Access

Audit-ready from the first record.

HashCare is opening the SDK to a select cohort of health systems and AI developers. Every attestation, LMN, and clinical note you generate through the SolvingHealth harness is anchored automatically. Join the waitlist for early access.

No spam. Early cohort is limited to 50 developers.

Sage — HashCare
Sage