Straight answers, kept consistent with the honest register elsewhere on this site. When something is verified in code we say so; when it is gated on a named human, legal, or certification step, we say that too — and we never blur the two. No real dollar has moved and no real PHI has flowed, and these answers say so plainly.
Each answer stays consistent with the rest of the site: capability is registered as capability, never as traction.
The exam produces codes, the codes a claim, the claim a payout — today that path crosses five intermediaries (EMR vendor, clearinghouse, payer, RCM service, processor) and takes around 90 days. shteg.ai makes it one ledger, one gate, one rail: a single system where the clinical encounter, the claim, the remittance, and the payout live on one hash-chained ledger, authorized by one deterministic settlement gate, operated by a registered HIPAA clearinghouse. The rail is verified in tested code at HEAD; moving a real dollar and real PHI across it is gated on named legal and banking steps — see /status for exactly which.
shteg.ai is the company and a registered HIPAA clearinghouse — a covered entity with a real Type-2 organizational NPI. ShtegMed is the product: an ophthalmology-first EMR with clinical, revenue-cycle, and settlement layers under one roof. The sovereign rails — the settlement gate, the hash-chained WORM ledger, and the swappable bank executors — are infrastructure beneath ShtegMed, not a separate brand. Short version: shteg.ai is the company and the network, ShtegMed is the software a practice uses, and the rails are the plumbing that carries money from a clinical encounter to a settled payout.
We keep an honest status register on every claim. The core system is verified-green — the WORM ledger, the six-condition settlement gate, edge authentication, tenant isolation, and the reconciliation waterfall are all real, tested code at the current commit. But there are no live customers yet. We are looking for a first ophthalmology practice — client zero — to run the real loop. When something is verified in code we say so; when it is gated on a named human, legal, or certification step, we say that too, and we never blur the two.
No. No real dollar has ever moved. Every rail ships flag-off and fail-closed — the advance pool is capped at zero, and an unconfigured integration returns a typed refusal and makes zero network calls rather than simulating a success. Moving the first real dollar is gated on named steps: bank KYB, a sponsor-bank relationship, a penny test, and a money-transmission legal opinion. Production never pretends to settle money it cannot actually settle.
No real PHI has flowed yet. The rehearsals that exist ran on the real gate and reconciliation cores at zero advance — the right rehearsal, not yet the real performance. Client zero has not migrated a single record or run parallel on real volume. When live operation begins it will be under Business Associate Agreements, with PHI processed only to perform clearinghouse and settlement functions, held in the hash-chained audit ledger, and isolated per tenant.
Yes — because shteg.ai is a registered HIPAA clearinghouse, it is a covered entity, and BAAs are a design constraint rather than a footnote. Integrations that would touch PHI without a BAA in place fail closed. The platform is GCP-native and uses Google Cloud's healthcare-grade services (including the Cloud Healthcare API for FHIR and DICOM). Access is authenticated at the edge as a baseline with step-up for sensitive actions, tenant data is kept structurally apart, and every financial posting lands in an append-only, hash-chained ledger you cannot quietly edit.
A healthcare clearinghouse is an entity that routes and translates claims and remittances between providers and payers — and under HIPAA it is a covered entity in its own right. shteg.ai holds a real Type-2 organizational NPI and is a registered clearinghouse, which is why our privacy and PHI handling are framed to HIPAA obligations rather than to a general SaaS posture. Practically, it means ShtegMed can route claims through shteg.ai as clearinghouse of record, and it makes shteg.ai's compliance obligations part of the architecture, not an add-on.
We list only real vendors, each with its role and honest status. Google Cloud (GCP) is the active platform and healthcare-data host. For the bank rails, the design targets Column (direct) and M&T Bank (batch wire) with FedNow message support built certification-ready; Modern Treasury is present only as a removable adapter being phased out, and Plaid is used for counterparty verification. Card and patient payments target Authorize.net. Clinical and interop integrations include Nextech and IntelleChart (EMR partners) and standard interop rails. Several of these are in sandbox or gated on credentials and BAAs — we do not present a sandbox connection as a production one.
Start at the developer docs. We publish full documentation, an OpenAPI specification, and an interactive API reference at /developers. The docs describe the endpoints, the fail-closed behavior you should expect from unconfigured integrations, and the settlement and clearinghouse concepts. Because production connectivity is gated on BAAs and credentials, some capabilities are sandbox-only today — the docs mark which is which.
The settlement gate is a deterministic, six-condition check that is the sole authorizer of any money instruction — including live provider-legitimacy screening (OIG-LEIE and NPPES) as one of its conditions. If a single condition fails, the instruction halts. Above the gate sit two blunt instruments: a kill-switch and a database-level halt that can stop money movement outright. The gate and the WORM ledger are the parts we consider non-swappable — banks, executors, and clearinghouses are replaceable behind interfaces, but the gate is the constitution.
We treat certifications as gated until achieved, and we do not claim them otherwise. SOC 2 is awaiting audit. A formal BSA/AML program and a money-transmission legal opinion are pending named steps. FedNow message support is built certification-ready but is not certified. Clinical-software governance documents (such as IEC 62304 conformance) are clearly-labeled drafts and self-assessments, not certifications. What is real today is the covered-entity clearinghouse identity and the verified-green architecture; everything beyond that carries its honest register.
There are no published tiers, because there are no live customers to price against — inventing a rate card no one has paid would be dishonest. The current offer is a client-zero partnership: run the whole loop with us, under BAAs and live payer connectivity, and help shape the terms collaboratively. We share a conceptual packaging outline (a clinical tier, a network tier, and a rails tier) as direction only, never as quoted prices. When there is real adoption to price against, the pricing page will earn its tiers.
By a small operator team working with a fleet of AI agents, under a strict doctrine: fail closed everywhere, propose-never-dispose (automation suggests, a human disposes on every clinical and money path), and honest status registers on every claim. That doctrine is the reason a very small team could build an institutionally-architected system without the output collapsing into fiction — every port is screened for fabricated data, fake providers, and invented dollars before it ships.
Email a human directly — send security-relevant reports to hello@shteg.ai and a person will respond. We would rather receive a real note than route you into a form that posts into a void. Our security posture is described in full on the /security page, including the four load-bearing controls that are verified in code and the items that are still gated.
No — every legal page is a clearly-marked draft, published for transparency as scaffolding rather than as binding terms. They are pending legal-counsel review. When a policy is finalized, the draft banner comes down and an effective date appears. Until then, the most reliable answer to any privacy, PHI, or BAA question is a direct one from a person: email hello@shteg.ai.
Because this is pre-production and the legal pages are drafts, the most reliable answer to any privacy, PHI, BAA, security, or where-does-this-stand question is a direct one from a human.
Send a note — about client-zero partnership, the clearinghouse posture, a Business Associate Agreement, a security report, or anything the register above did not settle — and a person will respond. No form that posts into a void.
No real dollar has moved. No real PHI has flowed.
What is real: the architecture — hash-chained ledger, settlement gate, and reconciliation waterfall, tested in code at HEAD — the Type-2 organizational NPI and registered HIPAA clearinghouse identity, and the doctrine. We register capability as capability, never as traction.