Back to demo

Trust and evidence

Clear boundaries before clinical workflow.

OpenRx is building an evidence-linked workflow layer for clinical questions and prior authorization preparation. The public experience is a sandbox, not clinical care or a payer portal.

Current posture
The public demo uses synthetic data and does not make a live payer submission.
Clinical answers and appeal drafts require clinician review before external action.
Wallet identity is optional. Patient health information is not written on-chain.
OpenRx does not claim HIPAA compliance or SOC 2 certification today.
Before any PHI pilot

Complete a documented HIPAA applicability and data-flow review with counsel.

Execute BAAs with vendors that create, receive, maintain, or transmit ePHI where required.

Validate least privilege access, audit logging, encryption, incident response, retention, and deletion.

Define who clinically reviews output and who is authorized to submit prior authorization work.

Citation provenance policy

Public sources

FDA, CMS, USPSTF, CDC, and other public sources may be linked with publication or access dates.

Licensed guidelines

NCCN material is shown only as guideline metadata in the public demo unless current licensed retrieval is implemented and verified.

Version pinning

Submission-ready work must identify the source organization and version or retrieval date before clinician review.

Patient-navigation safety controls

The screening and referral surface is built around an explicit operating contract: deterministic clinical rules, PHI-minimized logs, consented handoffs, and clinician review when the engine is uncertain.

Model boundary

Models parse and explain. Screening recommendations come from deterministic, version-stamped rules with source, grade, link, and rule id.

PHI-minimized logs

Operational logs keep request ids, error codes, versions, hashes, and state transitions. Raw patient text is scrubbed or excluded.

Referral disclosure

Provider handoffs use deterministic scope templates, patient consent snapshots, BAA gates, and audit rows tied to the recommendation.

Interop path

OpenRx is designed as a navigation layer over FHIR, SMART launch, provider directories, pharmacies, labs, imaging, and prior-auth workflows.

Regulatory timing

CMS-0057-F generally requires impacted payers to implement prior authorization APIs beginning January 1, 2027 for applicable covered items and services. Its final-rule API scope excludes drugs. CMS proposed separate drug requirements in April 2026.

Product boundary

OpenRx may prepare workflow drafts and show sandbox traces. It does not diagnose, order treatment, guarantee coverage, or represent a live authorization submission in the public demo.