Skip to content

Medicine · the live, shipped anchor of the standard

The accountability standard, read in medicine.

Your records — and access to them — are recorded to a tamper-evident chain, so the integrity of the record can be demonstrated, not just asserted. The same eight axes, the same append-only chain, and the same live verifier you can run yourself, instantiated for clinical care and engineered for the HIPAA Security Rule. This is not a slide about medicine; medicine is the running, shipped product the rest of the standard is extended from.

● Live in production Founders: Maria Lahti MD · Ray Lahti

Don't trust us — the integrity of this page is recomputable in your own browser

Patent-pending — U.S. Provisional 63/921,717

For clinical care

Who it's for, what it promises, how it's proven.

The buyer

Compliance & clinical leadership

Health-system compliance lead, CMO / CMIO, clinic owner, and privacy officer — the people accountable for PHI and for the integrity of the record.

The one promise

Integrity you can demonstrate

Records and their access history are tamper-evident — engineered for HIPAA — and anyone can verify that integrity without trusting us.

The proof

A running product + a live verifier

The shipped health product, plus the in-browser verifier that recomputes the record's hash in front of you. The proof is something you run, not a badge we show.

How it works

From a record to a proof, in four moves.

The mechanism is the same for every record and every access. Nothing here asks you to trust a vendor's word — the last step is something you do yourself.

STEP 01

The record is written

A clinical record (or an edit to one) is committed and bound into an append-only chain — sensitive fields encrypted at the record.

STEP 02

Every access is stamped

Each read or change becomes a WORM event — who, what, when — that nobody can quietly remove or rewrite after the fact.

STEP 03

Access is gated

A person authenticates with a phishing-resistant passkey; access is least-privilege and the access itself is recorded.

STEP 04

You recompute the proof

Open the verifier and recompute the hash yourself. If the record changed, the hash changes — integrity resolves to math, in your browser.

One framework · eight axes

The eight axes — read in medicine.

The canonical axis codes, names, and roles are frozen by the engine and shown unchanged. Only the gloss — what the axis means in clinical care — is specific to this domain. No axis is relabeled; no named entity is measured.

PO · Physical & Outdoor

Somatic foundation

Clinical & operational foundation — care delivery, facilities, and the physical basis of safe operations.

NM · Nutritional & Metabolic

Somatic foundation

Resource & supply integrity — supply chain, formulary, and the inputs that sustain care.

ER · Emotional & Relational

Resilience wing

Patient & care-team relationships — the relational trust at the center of clinical work.

SC · Social & Communal

Spirit term

Community & care-network coherence — referrals, public-health ties, and standing in the care community.

RS · Religious & Spiritual

Resilience wing

Ethics & duty of care — fidelity to the oath, consent, and the duty owed to the patient.

ES · Environmental Stewardship

Environment term

Records & resource stewardship — custody of PHI and stewardship of finite clinical resources.

TA · Technological & Adaptive

Technology term

Health-IT modernization — interoperability, security tooling, and adaptive clinical systems.

PV · Purposeful & Vocational

Purpose exponent

Licensure & vocational fitness — credentialing, scope, and fitness to practice.

The composite is multiplicative — a clinic can't paper over a missing pillar to lift its score — and the consistency exponent rewards steadiness across all eight. See the canonical eight axes →

Engineered for the rule, not badged against it

How the standard maps to the HIPAA Security Rule.

We don't ask you to take a certificate on faith — and there is no such thing as a HIPAA certification. Each safeguard maps to a mechanism you can inspect or recompute. The record sits on an append-only chain, every access is a stamped event, and the integrity is something you verify — the difference between asserting compliance and demonstrating it.

SafeguardHow the standard satisfies itStatus
§164.312(b)Audit controls Every record access is an append-only, chain-stamped WORM event — who, what, when — that no one can quietly remove. "Who accessed this chart?" is always answerable. Live
§164.312(c)(1)Integrity Records are bound into a SHA3 hash-chain; any alteration changes the leaf and is detectable. You recompute the hash yourself in the verifier. Live
§164.312(d)Person or entity authentication WebAuthn passkey sign-in — phishing-resistant, with no shared secret to steal or replay. The person is the key. Live
§164.312(a)(1)Access control Least-privilege access, and every access recorded to the audit chain — so access control is enforced and observable, not just configured. Live
§164.312(a)(2)(iv)Encryption & decryption (addressable) Field-level AES-256-GCM on stored PHI — sensitive fields encrypted at the record, not just the disk. Key custody and rotation are part of the rollout. Built
§164.312(e)(1)Transmission security Records move only inside an authenticated, encrypted transport — TLS at the edge today, with sealed-header frames between our internal nodes. Live
§164.308(a)(1)Security management process A self-verifiable audit you run on demand — integrity is continuously provable, not a once-a-year attestation taken on faith. Live
HITECH §13402Breach notification accountability Because the access log is tamper-evident, the scope of any access is reconstructable and provable — the record of who-saw-what cannot be quietly rewritten after the fact. Live

Status is honest. "Live" = running in the shipped product today; "Built" = implemented in the gold stack and being rolled in. This maps mechanism to safeguard — it is not a claim of third-party certification, because the standard is to prove integrity, not badge it.

Same engine · illustrative archetype

A clinical archetype, scored by the same engine.

POPhysical & Outdoor76
NMNutritional & Metabolic74
EREmotional & Relational86
SCSocial & Communal78
RSReligious & Spiritual84
ESEnvironmental Stewardship80
TATechnological & Adaptive62
PVPurposeful & Vocational88

A clinically strong practice — excellent care relationships (ER 86), strong duty of care (RS 84) and licensure fitness (PV 88) — modernizing a thinner technology posture (TA 62). The multiplicative formula is exactly why that one soft axis pulls the composite down: you cannot average your way past a weak pillar.

These are illustrative inputs — not a measurement of any named clinic. Feed them through the same public compute() on The Standard page, change any slider, and recompute it yourself.

What you get

The standard, in your hands.

  • The accountability score — your eight axes scored by the public engine, recomputable by anyone.
  • The tamper-evident record — records and access history on an append-only chain.
  • The in-browser verifier — recompute any record's integrity yourself, no trust required.
  • An audit export — a portable, verifiable account of who-saw-what, when.
  • Encrypted PHI at rest — field-level AES-256-GCM on sensitive data (rolling in).
  • A standard, not a lock-in — the proof is open math you can run even if you leave.

Questions a privacy officer asks first.

Will you sign a BAA?

Yes — where we handle PHI, a Business Associate Agreement is part of onboarding, and it's among the first documents we put in front of you. Talk to us to start one.

How does this fit with my existing EHR?

The standard is designed to sit alongside the systems of record you already run, not replace your certified EHR. Integration depends on your environment — tell us your stack and we'll scope it honestly.

If you go away, can I still verify my own records?

Yes — that's the point of the design. The verifier is open math over an append-only chain; the integrity proof does not depend on us being online. You can recompute a record's hash independently.

Is the encryption FIPS-validated?

The at-rest encryption uses AES-256-GCM. FIPS 140 validation status and key-custody specifics are part of the security conversation — ask us directly rather than taking a logo's word for it; we'll show you what's validated and what's on the roadmap.

What's actually live today versus on the roadmap?

Medicine is the live, shipped anchor. The HIPAA mapping above marks each mechanism Live (running in the shipped product) or Built (implemented and rolling in). We'd rather tell you the line than blur it.

Why one framework covers it

The same formula, the same chain, the same verifier.

Accountability has the same shape in a clinic as anywhere else: a foundation, the relationships built on it, the capability to adapt, and the consistency to sustain it. The proof is identical — and it resolves to math, not to our word.

01 · THE MEASURE

One formula over eight axes

The composite is multiplicative and the consistency exponent rewards steadiness — so a clinic can't fake a missing pillar to lift its standing. The same engine that scores every domain.

02 · THE INTEGRITY

One append-only chain

The record — and every access to it — sits on a chain where nobody can quietly rewrite the past. Tamper-evident by construction, not by promise.

03 · THE PROOF

One verifier anyone can run

Don't trust us — recompute the chain in your own browser. A privacy officer and a federal auditor run the exact same proof. Open the verifier →

Looking for another regulated world? The same standard reads in all ten domains — finance, government, corporate, law, insurance, education, pharma, energy, and aerospace. Medicine is the one that is live and shipped today.