Security · Privacy · Custody
The most-audited record in healthcare is yours.
Three independent audits run continuously: financial, security, and on-chain. Patient records live in a sovereign vault under a key only the patient holds. Conceptual Health® can't read what you don't grant — by design, not by policy.
Compliance posture
Audited. Attested. Republished every quarter.
Sovereign stack
Built by us. Owned by us. Coded by us.
The single biggest source of healthcare data breaches is the third-party vendor stack. We removed it. Our build standard is to write our own — every layer. That's why we can sign HIPAA, SOC 2, and ISO 27001 obligations without pointing at a subcontractor when something goes wrong.
Founder-funded
Conceptual Healthcare Corporation is privately held by Raymond M. Lahti and Maria R. Lahti, MD, capitalized entirely from personal funds. No outside investors. No data-broker financing. No incentives that conflict with patient sovereignty.
100% founder-owned
The Master Equation patent, the Conceptual Health® mark, the HEALTHCOIN™ mark, the eight-axis schema, the Datavault custody design — all held personally by the founders and licensed perpetually, royalty-free, to the corporation.
Zero third-party software
EHR, AI scribe, chain client, wallet, exchange, pharmacy, Datavault — all written in-house. No SaaS layer holding PHI. No shared-tenant database. No vendor SDK in the data path. Every line of code is ours, reviewable by audit on request.
Held to every standard
HIPAA, HITECH, 21 CFR Part 11, GDPR, state medical board, DEA, FinCEN. We meet them because we control the whole stack — every record, every access, every key. There is no subcontractor whose breach is also our breach.
The marks belong to the family
Conceptual Health®, Conceptual Healthcare Corporation, HEALTHCOIN™, the Master Equation™, Guardian Orb™. Held by the founders personally; the corporation operates them under license.
The best, by every measure
The goal is to be the best medical corporation in the world — measured by patient outcomes, security posture, regulatory compliance, and operational integrity. Built to last, not to flip.
Custody model
Sovereign records. Patient-held keys.
Records sit in Datavault. They're encrypted at rest under a key derived from the patient's passkey or recovery phrase — material the corporation never sees. Every access is logged on the CH Chain.
Providers don't query a master database. They request a grant. Patients tap to approve, set a scope (one encounter, one specialty, one timeframe), and revoke any time. The grant is the record. The record is the receipt.
- Encryption
- AES-256-GCM at rest · TLS 1.3 in transit · ECDH-derived per-record keys
- Key custody
- Patient-held · passkey-backed · optional 24-word recovery phrase · zero-knowledge for server
- Access
- Grant-based, scope-limited, time-limited, on-chain · revocable in one tap
- Logging
- Every read, every grant, every revocation written to public chain · queryable by patient
Continuous audit
Three audits. Always running.
Big Four annual
Standard corporate audit covering treasury, HCR/HCC reserve attestations, and the segregation of issuer wallets from corporate operating accounts.
SOC 2 + ISO 27001 continuous
Drata-backed continuous monitoring. Quarterly penetration tests, annual external attestation. The full report is available under NDA.
Public ledger, public verifier
The CH Chain explorer is open at chain.conceptualhealth.com. Every block, every transaction, every grant is independently verifiable in real time.
Our promises, in plain English
Things we will not do.
We do not sell patient data.
Period. Not de-identified, not aggregated, not under a different brand. HCC mints when an opt-in patient sells their own records to a researcher; the corporation is not a counterparty to that sale.
We do not unilaterally read records.
We can't. The encryption is patient-keyed. Even under subpoena, we can only deliver the ciphertext we hold — the key is yours. We document this in our law-enforcement response policy.
We do not adjust the cap.
21B HCR. 21B HCC. Codified in the genesis contract. There is no admin function to mint above cap — the chain itself rejects it.
We do not allocate to founders.
Both coins ship with zero founder allocation. The team owns no insider tranche, no vesting schedule, no "team and advisors" wallet. Receipts are on chain.
Reporting
Found something? Tell us first.
We run a coordinated disclosure program. Eligible vulnerabilities are paid out in HCR or USD at the reporter's choice. Scope, severity tiers, and the safe-harbor policy are published in full.
If we say it, we publish it.
The trust center is a public document, not a brochure. Read the receipts.