Skip to content

Governed AI for regulated healthcare

Patient access & reimbursement

Your agent steered a patient to your copay fund. The investigator wants names.

Your own logs can't clear you, because you are the suspected party. So a named access specialist signs every call that points a patient toward funding, and you hand the investigator a record they can check on their own.

Start a paid casework pilotSee it verified

Pay per case cleared, not per seat·Evidence your auditor checks without trusting us·Self-hosted, open source

Gate

patient access · prior auth / appeal

awaiting sign-off

  • Verified benefits · denial reason found · medical-necessity appeal draftedsafe direction · agent acted alone

  • Proposed a copay-plus-foundation funding stack · held for access specialist

One-way door

Attest medical necessitySubmit the appeal / enroll

The agent cannot attest or submit this. A named access specialist signs, and the identity that ran the investigation is barred from attesting it.

“Medical necessity met; Medicare patient routed away from manufacturer copay support. Attesting eligibility and authorizing submission.”

Signed by a named access specialist (human)
Decision sealed in chainrequester ≠ approver

One wrong call

A bad enrollment ends the program

Steer a Medicare patient into your own copay support and that is not a typo. That is a federal case. The danger lives in the gap between checking benefits and saying yes.

$180k a year

The patient cannot wait

A denial on a therapy this expensive is days a sick patient does not have. The pressure to clear the queue is exactly where an unsigned approval slips through. The agent moves fast on the safe steps and stops at the door it cannot open.

A named person

Someone real signs the call

When an audit asks who said this patient qualified, the answer is a person, by name, on the record. The agent that ran the check is blocked, in code, from signing it.

Two cases come in. One closes itself. One waits for a name.

A clean case closes on its own. The agent checks coverage, finds the denial reason, drafts the appeal, and lines up funding across copay programs and foundations like PAN, HealthWell, and LLS. Nothing in its way.

Then a $180k-a-year therapy gets denied for a Medicare patient. Saying that patient qualifies and enrolling them is a one-way door. So the run stops. The agent that did the work cannot sign this one. A named access specialist does, in their own words, and the whole decision is sealed in a record an OIG examiner or a payer can open and check for themselves.

See the full Patient accesspage →

The proof you can run yourself

Anyone can keep a log. The hard part is a record your auditor can check without trusting you.

An FDA or OIG examiner drops the file into their own browser. It re-checks itself and tells them, in plain English, who signed, that the agent did not act alone, and that nothing was changed. They don't have to trust the vendor, the agent, or us. It is the same idea your browser uses to trust a website, applied to the work an agent did.

Verify the run yourselfTamper with one row and watch it break

Offline verification

Press Verify. The record re-checks itself in your browser, with no code of ours and no access to our systems, the same check an auditor runs.

Change one line. It breaks, and points at the line you changed. The action and the log are written together, so “acted but didn't log” can't happen.

Read it in plain English. Not a green checkmark for engineers. It names the person, the decision, the time, and the proof the agent didn't act alone.

How it works

The agent clears the routine work. It can't approve the one call that matters.

Before the agent acts, the engine decides what it can do on its own and what a named person must sign. Routine cases close now. The call that matters waits for a human, every time. Then anyone can check the record for themselves.

AI agent

Proposes a consequential action

Take a consequential actionSubmit a filingAttest eligibilityClose a case

MakerChecker gate

  • Granted skill

    Deny by default. Only the skills you grant, at your tier.

  • Independent sign-off

    The proposer cannot approve. A second human signs off.

  • Signed audit

    Proof

    Every step written to a tamper-evident, signed record.

Refused

Ungranted skill or self-approval is blocked

Refused before it runs. Not flagged after.

Only then

The action runs

always written

Audit pack

Hash-chained, Ed25519-signed evidence

Regulator

Verifies it offline, without trusting us

Chain verified

Ed25519 · verified offline

Try the live demo

Watch an agent get blocked from approving its own work, then sign off as the officer. In your browser, no signup.

Don't take our word for it

Press Verify. The record re-checks itself in your browser, with no code of ours and no access to our systems. It is the same check an auditor runs. Change one line and it breaks, and points at the line you changed. The action and the log are written together, so “acted but didn't log” can't happen.

Verify the runTamper with one row

How it proves it

The agent that worked a case can't sign it off. That block lives in the code, not in a policy doc. It closes the routine work on its own, and is held back, every time, from the one decision a named person has to own. Your auditor checks all of it without trusting us.

Why it's independent, and why that matters

You can't grade your own homework. Neither can the agent, the vendor, or us.

A company can't audit itself and expect anyone to believe it. The same is true here. The agent that did the work, the people who built it, and us who run it are all the wrong party to vouch for the record. So we don't. The proof stands on its own, and your auditor checks it without taking anyone's word.

This is how the web already works. Your browser doesn't trust a website because someone says to. It checks the math itself. We use the same idea: a record anyone can re-check, where a problem gets caught by checking, not by trust. It is also how banking runs under New York's anti-money-laundering rules. A named senior officer signs personally, on a record that doesn't rest on their own say-so.

The proof is a byproduct of the work. The action and the log are written in the same step, so the agent can't act without leaving a record. We don't take the human out of the loop. We make it provable that the human was in it, against the rules your auditors already enforce.

The record proves a named human owned the call and that nothing was changed. That is the evidence an investigator opens first, and it stands on its own.

Read the full why-now thesis →

Anti-Kickback Statute

Steering a federal-healthcare patient into manufacturer copay support is the textbook AKS exposure. The same identity that ran the benefits investigation provably cannot enroll the patient; the gate routes the decision to a named human who attests eligibility on the record.

False Claims Act

A mis-attested medical necessity becomes a false claim downstream. The signed export carries the attester, date and time, signature meaning, and the verbatim reason, so the eligibility attestation is attributable, not assumed.

ICH-GCP (E6)

On the trial side, inclusion and exclusion eligibility is an investigator determination. The agent proposes candidates with cited evidence; a named human signs before a patient advances, the segregation good clinical practice expects.

Data integrity / ALCOA+

Attributable, legible, contemporaneous, original, accurate. Every attestation is bound to a named identity and a timestamp in an append-only record, so the audit trail an auditor reads is contemporaneous by construction.

21 CFR Part 11

11.10(e) audit trails and 11.50 signature meaning. The signed evidence pack carries the approver, date and time, signature meaning, and verbatim reason. The hash chain goes beyond what Part 11 requires; we never claim it demands one.

The proof layer, on your framework, in your environment

The proof layer wraps the tools your agent already calls. Same names, same setup, nothing to rebuild.

MakerChecker is the proof layer for AI agents in regulated healthcare. Our SDK wraps the tools your agent already calls, on whatever framework it runs. The agent does the routine work. The one call that matters waits for a named person, and every action lands in the record. To land the first program we build that first agent with you, inside your own walls, offline if you need it, and we never see your data.

import { createClient } from "@makerchecker/sdk";
import { governLangChainTool } from "@makerchecker/connector-langchain";


// Point at your own self-hosted MakerChecker. We never see your data.
const mc = createClient({ baseUrl: process.env.MAKERCHECKER_URL });
const { session } = await mc.proxy.openSession({ label: "hub-access-run" });


// Govern a tool your hub-access already calls. Its name and schema do not change.
const governedTool = governLangChainTool(
  mc,
  { sessionId: session.id, agentName: "hub-access", skillRef: "appeal-submit@1" },
  rawTool,
);


// The agent calls it normally. A denied action throws before the tool
// runs, and every call is signed into the audit trail.
await governedTool.invoke(input);

A denied action throws before the tool runs

Every call is signed into the audit. The agent calls its tools normally; the gate decides, fail-closed, before anything consequential runs.

Any framework, no migration

Typed connectors ship for LangChain and the Claude Agent SDK; CrewAI, LlamaIndex, and AutoGen connect through the generic SDK adapter. We meet your agent where it runs.

Open and self-hosted

Open source and self-hosted, so your security team can read every line.

See how the connectors work →

Complementary, not a competitor

Your control plane runs the agents. We're the proof an outsider can check.

An agent control plane gives your team identity and monitoring inside your own walls. That's where you run the fleet. We sit on top: the record someone outside your walls can check for themselves, without trusting the vendor, the agent, or us. They tell you the fleet is governed. We let you prove it to someone who won't take your word.

See where MakerChecker fits →

For the manufacturer compliance & legal function

Clear the access queue, and hand an investigator a record they can check themselves.

We build and run the access agent inside your hub, self-hosted, so we never see your data. The agent checks benefits and drafts the appeal. Saying a patient qualifies and enrolling them stays a named person's call. The record they leave is one an OIG examiner can open and check without trusting the company under suspicion. You pay per case cleared, not per seat.

Start a paid casework pilotSee it verified

Built against the rules your auditors already enforce: Anti-Kickback Statute, False Claims Act, ALCOA+, 21 CFR Part 11. The record proves the rules held and that nothing was changed.

Read deeper

MakerChecker is built on a general governance engine for governed autonomous action in healthcare and life sciences. See the engine →