For Health Systems
Physician-governed AI
for health systems.
HIPAA-compliant. BAA available.
HarnessHealth provides the governance infrastructure — physician attestation, NPI identity layer, HIPAA transport, FHIR connectors — that your AI deployment needs to satisfy legal, compliance, and clinical leadership.
Request a BAA and evaluation packageHow physician governance works at scale.
Three steps. Every clinical AI output in the network follows the same chain.
AI generates
The clinical AI produces a draft output — prior authorization letter, LMN, care plan, SOAP note. The output is tagged as unattested. It cannot leave the system without a physician signature.
Physician reviews
A licensed physician with an active, clean NPI receives the document in the ClinicalSwipe review queue. Review time: 3-5 minutes. The physician approves, rejects, or modifies. Each action is NPI-bound and timestamped.
Attestation is cryptographic
The signed document carries: the reviewing physician's NPI, timestamp, authority consumption token, and document hash. The record is immutable. If challenged, the full attestation chain is auditable.
Authority consumption tracking
Each physician has a daily review ceiling enforced by the system. A physician cannot rubber-stamp 500 documents in a day. The system flags and blocks over-attestation. This is the mechanism that prevents credential laundering at scale.
HIPAA compliance by design, not by policy.
Factual status of each HIPAA compliance element. No marketing language.
| Requirement | How HarnessHealth addresses it | Status |
|---|---|---|
| BAA with covered entities | Available on request | Available |
| PHI encryption at rest | Supabase AES-256 encryption | Live |
| PHI encryption in transit | TLS 1.3 via Railway | Live |
| Access controls | Row-level security in Supabase | Live |
| Audit logging | Every attestation event logged with NPI and timestamp | Live |
| No PHI in AI training | Confirmed — AI API calls include no persistent PHI retention by model provider | Live |
| OIG AO 25-03 alignment | Flat per-encounter fee structure, not percentage-based | Live |
| FHIR R4 compliant output | Open source connectors, MIT licensed | Live |
| Formal Security Risk Assessment | In process | Q2 2026 |
| Penetration test report | In schedule | Q2 2026 |
| FDA device registration | Required for RTM billing via CPT 98975-98981 | In process |
Integration path.
EHR integrations
Designed. Build timeline available on request.
- Epic (SMART on FHIR)
- Cerner / Oracle Health
- athenahealth
- eClinicalWorks
- ModMed
Live integrations
Running in production today.
- CMS NPPES NPI registry (2.4M profiles, real-time lookup)
- Twilio SMS (PROM collection)
- Stripe (physician compensation)
- Supabase Auth (SSO)
- Railway (production API hosting)
The harness.js embed
Health systems deploying HarnessHealth for affiliated practices add one line to each practice website. IT overhead: one line of JavaScript per site. No backend integration required for initial deployment.
<script
src="https://harnesshealth.ai/harness.js"
data-npi="[NPI]"
data-health-system="[YOUR_SYSTEM_ID]"
></script>Built for the reimbursement environment
you are operating in.
HarnessHealth's governance infrastructure is designed to satisfy the physician oversight requirements that unlock these billing codes.
| Program | Relevance | Status |
|---|---|---|
| CMS ACCESS Model | MSK care coordination, $522/patient/year | Application submitted (ACCESS00590), Cohort 1 July 2026 |
| Remote Therapeutic Monitoring (RTM) | $51/patient/month, auto-triggered from PROM data | CPT 98975-98981, FDA device registration in process |
| Chronic Care Management (CCM) | $42-58/patient/month, requires physician oversight | Live via Josh Emdur DO, altru.care |
| CJR-X (proposed) | Nationwide mandatory joint bundled payments, 2,500 hospitals | Proposed rule published 2026; SurgeonValue built for this |
| Advance Care Planning (ACP) | G0023/G0019, reimbursed under Medicare | CareGoals module live |
Start with a BAA request.
The evaluation process begins with a signed BAA and a 30-minute technical review with the clinical architect. No commitment required. You receive the BAA within 2 business days.