A tamper-evident, auditor-verifiable record of every action your clinical AI takes — with policy enforced before it acts. Drop-in. No raw PHI stored.
ALLOW read_meds 12 recs policy: ok ALLOW submit_prior_auth 3 recs policy: ok DENY read substance-use → 42 CFR Part 2 blocked DENY bulk-pull 5,000 records → minimum-necessary breach verify chain ……………………………… ✓ intact tamper test (edit record #1) ✗ detected at #1
Three things, one drop-in SDK — no blockchain, no new infrastructure to run.
Every agent action is checked first — blocked if it touches out-of-scope data or breaks minimum-necessary.
Each action is sealed into an append-only chain. Any edit, deletion, or reorder is detectable — even by you.
Produce the evidence procurement and OCR want — and let an auditor verify it without trusting us.
Because in compliance, who attests matters. An auditor trusts an independent, verifiable record over a vendor's own internal logs — and you can't self-build independence.
We store data-class labels, hashes, and opaque patient refs — never your raw PHI — so your patient data never leaves your system, and your BAA surface stays small.
If your agents touch PHI and you need to prove what they did, we'd like to hear how you handle it today. Working with a small number of design partners now.
deepak@clinproof.aiEarly access — building with design partners.