Why HealthNext

When an AI touches a coverage decision, the only question that matters is who holds the call.

The first generation of healthcare AI answered that question by letting a model deny care at scale — and is now in court for it. HealthNext is built the opposite way, on purpose: a licensed clinician decides, the model only assembles the evidence, and every determination is signed to an append-only record you can re-verify offline.

The incumbent pattern

A model denies. A patient appeals. The model is mostly wrong.

UnitedHealth's nH-Predict was used to project when to cut post-acute care; a 2023 federal class action alleges roughly 90% of its denials were overturned on appeal. Cigna's PXDX system was reported to let physicians batch-reject claims without opening the file. The shape is the same: automate the “no,” and let the trail go dark.

The HealthNext answer

The model assembles. A licensed human decides. The record is signed.

HealthNext agents read the chart, run retrieval over policy and clinical evidence, and draft a recommendation. They never issue an adverse determination. That call routes to a licensed reviewer — a human gate that is structural, not a setting — and the whole motion is written to a hash-chained, append-only evidence record. The audit is a byproduct of running, not a report assembled later.

The comparison

Same six questions. Two opposite answers.

Read it as a buyer's security and compliance team would: what changes when the AI is wrong. The incumbent column cites the public record; the HealthNext column states architecture we can back, not a benchmark we are claiming.

Dimension	HealthNext	The algorithmic-denial incumbents
Who issues an adverse decision	A licensed clinician decides every adverse medical-necessity determination. The model assembles and recommends — it cannot deny. The gate is structural, not a configurable setting. nH-Predict class action (2023); Cigna PXDX reporting (ProPublica, 2023). California SB 1120 (in effect Jan 1, 2025) requires a licensed human to make medical-necessity decisions.	A model projected the cutoff and the denial issued at scale; reviewers were reported to sign batches without reading the file.
What happens to the record of the decision	Every read, recommendation, and human sign-off is written to a hash-chained, write-once (WORM) evidence record. Tampering breaks the chain; the decision can be reconstructed and re-verified offline against a public key. Public-record litigation centers on the difficulty of contesting an automated denial. Our signed append-only chain is a HealthNext design property.	The reasoning behind an automated denial is typically opaque to the member and surfaces only through the appeals process.
Where the PHI and the model live	The model runs inside your boundary; PHI is held out of training by a fail-closed gate and never leaves your account. There is no external token meter on a member conversation. Architecture of metered cloud AI tools is public. In-boundary serving with a fail-closed PHI gate is a HealthNext design property.	Generic UM / RCM and foundation-model tools send protected data to a vendor cloud and meter usage per call or per token.
The regulatory clock	A prior-auth request starts the CMS-0057-F SLA clock natively — 72 hours expedited, 7 days standard — and the adverse path routes to a licensed reviewer in-window, with the deadline tracked on the record. CMS-0057-F (Interoperability & Prior Authorization Final Rule) sets the decision timelines. Native SLA-clock enforcement is a HealthNext design property.	Legacy UM tooling treats the SLA deadline as a reporting metric bolted on after the fact, not a property of the workflow.
Surprise-bill and billing exposure	The same governed graph that resolves a prior auth resolves a member's billing question — eligibility, claim status, and balance — so the answer is consistent and No Surprises Act protections are applied in one motion. The No Surprises Act (effective 2022) governs balance-billing protections. Single-graph resolution across claims, enrollment, and billing is a HealthNext design property.	Prior-auth, claims, and member billing are separate point tools that re-key context and disagree with each other.
What you are actually buying	An operations OS that overlays the systems you already run (X12 / FHIR / Da Vinci / CMS-0057-F) and reimagines a workflow as governed agents — no rip-and-replace. Standards (X12, FHIR, Da Vinci) are public. Overlay-first, no-rip-and-replace orchestration is a HealthNext design property.	A point product that automates one decision, or a re-platforming project that asks you to replace your core admin system to get the AI.

Who issues an adverse decision

HealthNext

A licensed clinician decides every adverse medical-necessity determination. The model assembles and recommends — it cannot deny. The gate is structural, not a configurable setting.

The incumbents

A model projected the cutoff and the denial issued at scale; reviewers were reported to sign batches without reading the file.

nH-Predict class action (2023); Cigna PXDX reporting (ProPublica, 2023). California SB 1120 (in effect Jan 1, 2025) requires a licensed human to make medical-necessity decisions.

What happens to the record of the decision

HealthNext

Every read, recommendation, and human sign-off is written to a hash-chained, write-once (WORM) evidence record. Tampering breaks the chain; the decision can be reconstructed and re-verified offline against a public key.

The incumbents

The reasoning behind an automated denial is typically opaque to the member and surfaces only through the appeals process.

Public-record litigation centers on the difficulty of contesting an automated denial. Our signed append-only chain is a HealthNext design property.

Where the PHI and the model live

HealthNext

The model runs inside your boundary; PHI is held out of training by a fail-closed gate and never leaves your account. There is no external token meter on a member conversation.

The incumbents

Generic UM / RCM and foundation-model tools send protected data to a vendor cloud and meter usage per call or per token.

Architecture of metered cloud AI tools is public. In-boundary serving with a fail-closed PHI gate is a HealthNext design property.

The regulatory clock

HealthNext

A prior-auth request starts the CMS-0057-F SLA clock natively — 72 hours expedited, 7 days standard — and the adverse path routes to a licensed reviewer in-window, with the deadline tracked on the record.

The incumbents

Legacy UM tooling treats the SLA deadline as a reporting metric bolted on after the fact, not a property of the workflow.

CMS-0057-F (Interoperability & Prior Authorization Final Rule) sets the decision timelines. Native SLA-clock enforcement is a HealthNext design property.

Surprise-bill and billing exposure

HealthNext

The same governed graph that resolves a prior auth resolves a member's billing question — eligibility, claim status, and balance — so the answer is consistent and No Surprises Act protections are applied in one motion.

The incumbents

Prior-auth, claims, and member billing are separate point tools that re-key context and disagree with each other.

The No Surprises Act (effective 2022) governs balance-billing protections. Single-graph resolution across claims, enrollment, and billing is a HealthNext design property.

What you are actually buying

HealthNext

An operations OS that overlays the systems you already run (X12 / FHIR / Da Vinci / CMS-0057-F) and reimagines a workflow as governed agents — no rip-and-replace.

The incumbents

A point product that automates one decision, or a re-platforming project that asks you to replace your core admin system to get the AI.

Standards (X12, FHIR, Da Vinci) are public. Overlay-first, no-rip-and-replace orchestration is a HealthNext design property.

Competitor claims reflect the public record: the nH-Predict / UnitedHealth class-action litigation, the Cigna PXDX reporting, and the published architecture of metered cloud AI tools. Statements about HealthNext describe how the system is built — “by construction,” “by design,” “fail-closed” — not measured benchmarks or head-to-head numbers.

What is actually live today

Not a thesis on a slide. Operations you can open right now.

These run on an in-boundary model with the human gate and signed evidence chain in the live path. Open them in the sandbox.

Prior authorization

A 278 request starts the CMS-0057-F SLA clock; the agent assembles clinical evidence by retrieval, and the adverse path routes to a licensed reviewer before anything takes effect.

See the clinical surface

Revenue & reconciliation

Denials triaged, evidence assembled, and appeals drafted and routed for sign-off — the recovery workflow run as governed agents instead of by hand.

See the revenue surface

Provider lifecycle

Provider onboarding, credentialing, and network operations reverse-engineered and re-expressed as governed agents, each step written to the evidence chain.

See the network surface

Sandbox surfaces use synthetic data only and are CMS-EDE-architected / readiness-mapped. EDE, carrier, and marketplace integrations are simulated in the demo environment, not live production submissions.

The answer to algorithmic denial is not a better algorithm.

It is a human who holds the call and a record that can be re-verified. Bring one prior-auth or claims workflow — we will show you the governed-agent version, in your boundary, audit-ready from the first run.

Book a demo Read the security model