Industries · Healthcare

Prove every AI decision was compliant — before an auditor asks.

Q: Can an OCR or CMS auditor verify the evidence independently?

Yes. Each decision record carries a content hash and a cryptographic signature (Ed25519 in production). An auditor can re-hash the record and re-verify the signature offline, with no access to EVE's service, using the public key. Verification proves the record was not altered after the decision was made.

EVE CoreGuard enforces your healthcare AI policy — HIPAA, ONC HTI-1, §1557 nondiscrimination — on each AI-assisted decision before the model’s output is used, and signs a replayable evidence record that an OCR or CMS auditor can verify offline. Block the use you can’t defend.

Governs & documents AI — not a medical device, not a substitute for clinical judgment · Signed, hash-chained record · Offline-replayable for auditors

Book a 30-Minute Review See it block a violation

Enforces against HIPAA ONC HTI-1 §1557 ACA FDA CDS / SaMD CMS program integrity

The audit question

A model card won’t answer “prove this AI decision was compliant.”

AI is moving into clinical decision support, prior authorization, medical coding, patient communications, and utilization management. The problem isn’t whether the model is accurate — it’s whether you can prove, decision by decision, that it stayed inside the law. A probabilistic model plus application logs cannot show an auditor why a specific coverage or care-support action was taken, that PHI was safeguarded, that a nondiscrimination check was applied, or which policy version governed a predictive DSI.

HIPAA

PHI safeguard & audit-control exposure

Routing protected health information into an ungoverned model — or failing to record who decided what and why — runs against the HIPAA Security Rule’s safeguard and audit-control expectations.

ONC HTI-1

Non-transparent predictive DSI

The HTI-1 final rule sets transparency and risk-management expectations for Predictive Decision Support Interventions. Outputs that shift with model version, undocumented, are hard to govern or explain.

§1557 ACA

Nondiscrimination in AI decision support

Section 1557 reaches patient-care decision support tools that use AI. Without a decision-level nondiscrimination control and record, the first time you learn of an issue may be during an investigation.

FDA CDS / SaMD · CMS

Inconsistent, undocumented use

Where AI assists clinical or coverage workflows, FDA oversight of Clinical Decision Support / Software as a Medical Device and CMS program-integrity expectations demand consistent, documented, defensible use.

What EVE CoreGuard does

Deterministic enforcement, then signed evidence — on every decision.

CoreGuard sits in front of the AI your organization runs as a governance layer. It evaluates each proposed action against your healthcare_v1 policy pack and returns ALLOW, BLOCK, or MODIFY before the model’s output is used — then writes a cryptographically signed record of exactly which rule fired and why. It governs and documents the AI; it is not a medical device and not a substitute for clinical judgment.

Enforce policy before the model’s output is used

The healthcare_v1 pack encodes HIPAA / ONC HTI-1 / §1557 rules. The same input always produces the same governance decision — deterministic, not probabilistic.

Block uses that put PHI or nondiscrimination at risk

If an action would expose PHI to an ungoverned destination, or fails a §1557 nondiscrimination check, CoreGuard blocks it and records the gap — so the record you keep matches the control you claim.

Gate every model update through the Model Update Firewall

Each model change is simulated against your nondiscrimination and policy rules and blocked before promotion if it shifts outcomes for a protected class. See the EVE Model Update Firewall →

Hand the auditor a record they can verify themselves

Every decision becomes a signed, hash-chained evidence record (Ed25519 in production). Re-hash and re-verify it offline with the public key — no EVE service required. Verify a record →

governed decision · signed evidence record ✓ VERIFIED

decision_idDEC-00042

policyhealthcare_v1 · HIPAA / §1557 nondiscrimination

verdictBLOCK — PHI in prompt / nondiscrimination check

content_hashsha256:3204f3d6…1ef0f3130

signatureed25519:4e542efc…a10250b02

Sample record · re-hash + Ed25519 re-verify, no EVE service required Verify a record offline →

The economics

One prevented compliance event pays for years of governance.

The price tag on a single healthcare-AI governance failure dwarfs the cost of the control that prevents it.

Governance failureIllustrative costWhat drives the number

HIPAA enforcement action or settlementOCR · PHI safeguard or audit-control failure

$100K–$2M+

HIPAA civil penalty tiers run from ~$141 to ~$2.1M per violation category per year (inflation-adjusted), and published OCR settlements pair a payment with a corrective-action plan.

§1557 nondiscrimination investigationOCR / DOJ · AI decision-support tool

$1M–$10M+

Civil-rights investigations into discriminatory decision support add remediation, monitoring, and program-change costs on top of any settlement.

CMS program-integrity finding → remediationCoverage / utilization-management compliance

$500K–$5M+

Lookback review, outside consultants, repayment exposure, and added control staffing to clear a program-integrity finding.

Illustrative ranges drawn from public HIPAA civil-penalty tiers, published OCR settlements, and civil-rights enforcement actions — not EVE customer results. Model your own exposure with the ROI calculator. EVE CoreGuard’s Enforcement license is $150,000/year.

Deployment

PHI never leaves your tenant.

CoreGuard runs as SaaS, in your VPC, or fully on-prem. The governance decision and the signed record are produced inside your boundary — nothing about a patient is sent to EVE to make a decision. See deployment models →

SaaS

Fastest start. Decisions and signed records produced in an isolated tenant.

VPC / Private

Runs inside your cloud account, under your network and key controls — PHI stays in your boundary.

On-prem

Air-gap-friendly for organizations that keep model decisioning fully in-house.

Auditor access

Issue scoped, time-boxed evidence links so an OCR or CMS auditor can verify records directly.

Questions buyers ask

Healthcare AI governance, answered plainly.

Is EVE CoreGuard a medical device or does it make clinical decisions? +

No. EVE CoreGuard is not an FDA-cleared device, is not a medical device, and does not make clinical decisions or substitute for clinical judgment. Your clinicians, your model, and your operations make the decision. CoreGuard governs and documents how the AI is used: it evaluates the proposed action against your healthcare policy pack before the output is used, returns ALLOW / BLOCK / MODIFY, and produces a signed evidence record. It is a governance and evidence layer over the AI your organization runs.

How does it help with HIPAA and PHI safeguards? +

The HIPAA Security Rule requires safeguards and audit controls over protected health information (PHI). CoreGuard can block an action that would route PHI somewhere it shouldn’t go — for example PHI in a prompt to an ungoverned model — and records the rule that fired in a signed, hash-chained evidence trail, supporting the audit-control expectations of HIPAA.

How does it support ONC HTI-1 algorithm transparency for Predictive DSI? +

The ONC HTI-1 final rule sets transparency and risk-management expectations for Predictive Decision Support Interventions (DSI). CoreGuard applies deterministic, versioned policy — the same input always produces the same governance decision — and writes a signed audit trail recording which policy version governed each use of a predictive DSI, so you can show consistent, documented decision-level oversight.

How does it address Section 1557 nondiscrimination? +

Section 1557 of the ACA prohibits discrimination, including through patient-care decision support tools that use AI. CoreGuard can enforce a nondiscrimination check on each governed decision and block an action that fails it, recording the result in the signed evidence — so you have decision-level documentation that a §1557 nondiscrimination control was applied.

Can an OCR or CMS auditor verify the evidence independently? +

Yes. Each record carries a content hash and a cryptographic signature (Ed25519 in production). An auditor can re-hash the record and re-verify the signature offline with the public key, no access to EVE’s service required. Verification proves the record was not altered after the decision was made.

What does it cost to start? +

Engagements start with a $37,500 design-partner pilot, scoped to a single healthcare AI workflow, with the pilot fee credited toward an annual license. The Enforcement license is $150,000/year. See the pricing page for current tiers.

Bring one healthcare AI workflow under deterministic governance.

A 60-day design-partner pilot puts CoreGuard in front of a single decision flow, produces signed evidence on real decisions, and credits the pilot fee toward your license.

Start a design-partner pilot See pricing

EVE CoreGuard governs and documents AI decisions. It is not a medical device and not a substitute for clinical judgment. 90 U.S. patent applications filed.