Skip to content

Patient access AI agents

An agent steered a federal patient toward your copay card. Now an investigator wants the name of who decided it.

You run the hub, so the record is yours to defend, and Anti-Kickback is criminal. Your own log is just you vouching for yourself, and they have no reason to take it at face value. Our agent works the benefits investigation and drafts the appeal in minutes, then stops: a named access specialist owns the eligibility and the funding routing. An OIG examiner recomputes the file offline, with none of your systems and none of our code, and reads who owned the call and that nothing was changed.

What keeps you up at night

The agent did the work. When it goes wrong, the case lands on you.

You are the principal who carries the kickback exposure for the hub, not the access specialist clearing a queue. Speed was never the worry. The funding call an agent made on its own, and the fact that you have to defend it, is.

When it goes wrong, the investigator looks at you

You run the hub program, so its record is yours to defend. Anti-Kickback is criminal, and an AKS violation becomes a false claim automatically. The investigator is looking at the manufacturer, not the AI. And your own hub log is just you vouching for yourself. They have no reason to take it at face value.

One bad routing call writes the evidence against you

The moment a workflow steers a Medicare or Medicaid patient toward your copay card or an "independent" foundation, the exposure is real. An agent doing that on its own can hand the DOJ the exact pattern they used in the copay-foundation cases. That is a record you cannot explain away later, and it was written without a single human owning the call.

A whistleblower is already inside, and the clock is running

False Claims Act recoveries hit a record $6.8B in FY2025, over 80% of it healthcare, across 1,297 whistleblower suits. The trigger is often someone on the inside, or your own thin records. Meanwhile a cancer patient is waiting on a $180k therapy, and the pressure to clear the queue fast is exactly where an unsigned approval slips through.

The volume put agents on the queue whether you planned it or not

Benefits investigation, denial reasons, medical-necessity appeals, funding stacks: this is the work AI is already doing in the access queue. Speed was never the worry. The worry is that the big moves are happening with no named human who owned them and nothing an outsider can check. That is the gap that ends the program.

Why this beats an in-house guardrail

Your own log is just you vouching for yourself. Ours, the examiner recomputes alone.

When something goes wrong, you are the party under examination. So a record you control proves nothing on its own. We make a record an outside examiner recomputes for themselves, without trusting you, the agent, or us.

You cannot grade your own paper

A SOC 2 report only carries weight because the auditor has no stake in the result. The same logic applies here. You are the party under examination, so your own log is just you describing your own conduct. You can add a tamper-proof seal to it, but you cannot make your own record independent of you. That independence is the one thing an in-house guardrail can never give you.

Your auditor checks it without trusting anyone

Anyone can verify the record, in any language, with none of our code. It works like the system browsers use to catch fake security certificates: do not trust the log, re-check it yourself. Your auditor drops the file into a browser and confirms the chain is intact, the named human signed, and nothing was added, removed, or reordered. They do not have to take anyone's word for it, including ours.

Open source, so you can read every line

The core is AGPL-3.0, the SDK is Apache-2.0, and it self-hosts and runs air-gapped. You can read every line, run it inside your own walls, and hand a regulator software they can inspect instead of a black box. No regulator trusts a black box. We ship the opposite.

How it works

The agent does the work. A named human signs the call. Your auditor checks the proof.

Every access flow shares one shape. The agent runs free on the investigation and the drafting. It stops, in code, at the sensitive call that belongs to a named human. And every step seals into a file anyone can check.

  1. The agent does the work, fast

    We build and run the benefits-investigation and appeals agent, and we run it on whatever framework you already use, inside your environment. It investigates benefits, pinpoints the denial reason, drafts the medical-necessity appeal, and assembles a proposed funding stack across copay programs and charitable foundations. It can only do what its role allows, so it moves fast on the safe work with nothing in its way.

  2. A named human signs the call that matters

    The run stops at the decisions that carry the risk: confirming funding eligibility, steering a federal-healthcare patient toward copay or a foundation, and authorizing the submission. The agent that ran the investigation is blocked in code from approving its own work, so the same identity cannot both propose and approve. A named access specialist or pharmacist signs, and the meaning of that signature is recorded word for word. We add this human sign-off as our own discipline. We never claim a regulation requires it.

  3. Your auditor checks the proof on their own

    Every prompt, response, permission, and signed decision lands in a tamper-evident log, and the record is written in the same step as the action, so "did it but never logged it" cannot happen. Each case exports as a file your auditor opens in their own browser and verifies against a published spec, with no access to your systems and no code from us. They confirm the chain is intact and the named human signed, without taking your word for any of it.

Gate

patient access · prior auth / appeal

awaiting sign-off

  • Verified benefits · denial reason found · medical-necessity appeal draftedsafe direction · agent acted alone

  • Proposed a copay-plus-foundation funding stack · held for access specialist

One-way door

Attest medical necessitySubmit the appeal / enroll

The agent cannot attest or submit this. A named access specialist signs, and the identity that ran the investigation is barred from attesting it.

“Medical necessity met; Medicare patient routed away from manufacturer copay support. Attesting eligibility and authorizing submission.”

Signed by a named access specialist (human)
Decision sealed in chainrequester ≠ approver

See it work

Two real access scenarios. One command runs them.

Working software your compliance and access teams can read and run. Each demo sets up the exact case that forces a named human to sign the sensitive call.

Demo · oncology access & appeals

Patient denied a $180k therapy. The agent works the appeal. A named specialist signs the eligibility and submits.

The agent verifies benefits, finds the denial reason, drafts the medical-necessity appeal, and proposes a funding stack of copay card plus foundation (PAN, HealthWell, LLS). It never confirms necessity and never submits. A named access specialist signs the eligibility and authorizes the submission, and a Medicare patient is steered away from manufacturer copay support before any enrollment. The whole decision seals into a file your auditor checks without your help.

Read the docs →

Demo · copay vs foundation routing

A federal-healthcare patient is steered away from copay support. The record proves the agent did not decide it.

Funding routing is marked high-risk, so it stops for a sign-off by design. The agent assembles the candidate funding stack, surfaces the sensitive option, then halts. A named access specialist signs the routing call and its reason, word for word. The agent that ran the investigation is blocked from approving its own work, so the record shows a human owned the decision.

See it block an agent, live →

Evidence for

Built against the rules your auditors already enforce.

We make no claim about the standing of your system. We say this: MakerChecker is built against the rules your auditors already enforce, and it produces the kind of proof this lane needs, because here you are the party under examination.

Blocked by design, proven independently. The same identity cannot both propose and approve, and the record proves a named human owned the sensitive call, all without anyone having to trust your log.

  • Anti-Kickback StatuteSteering a federal-healthcare patient into manufacturer copay support is the classic AKS exposure, and you are the principal. The agent that ran the investigation cannot enroll the patient; the sensitive call routes to a named human who signs it on the record. The file proves a named person owned the decision and nothing was altered, on a record an investigator can open and check for themselves.
  • False Claims ActA wrongly confirmed medical necessity or a steered enrollment turns into a false claim, with triple damages and whistleblowers. The signed file carries the signer, the date and time, what the signature meant, and the reason, word for word. The eligibility call is tied to a name, not assumed, and it is a record you did not write up after the fact.
  • The independence requirement (post-Teva)A foundation's independence and a hub data-firewall have to be shown, not just claimed. Because your auditor checks the record themselves, they can confirm a named human owned the sensitive call without ever taking your word for it.
  • Data integrity / ALCOA+Attributable, legible, contemporaneous, original, accurate. Every sign-off is tied to a named person and a timestamp in a record that can only be added to, never edited, so the trail your auditor reads was written as it happened, not reconstructed after a subpoena.
  • 21 CFR Part 1111.10(e) audit trails and 11.50 signature meaning. The signed file carries the approver, the date and time, what the signature meant, and the reason in full. The tamper-evident chain and the check-it-yourself export go further than Part 11 asks. We never claim it requires them.

How the primitives map to Part 11 →

Where we sit

Control-planes watch your fleet. We are the proof your auditor checks.

Agent control-planes watch your agents inside your own walls, which is exactly the boundary an investigator will not take on faith when you are the one under examination. We work alongside them. We are the per-decision file you hand a regulator and they check on their own. We sit on top of whatever you run, not in place of it.

We build and run the access agent on whatever framework you use, and the proof is written as the rule is enforced. The evidence exists because the control held, not because someone remembered to write it down.

Go deeper

The patient-access playbook, in depth.

Oncology patient access with AI agentsRead →Pharmacovigilance and AI agentsRead →Clinical trial data with AI agentsRead →Clinical-trial cohort identification with AI agentsRead →

Keep reading

For life sciences

Complaint and adverse-event triage, batch release, the reportability call stays a named officer’s.

Read →

The six primitives

Agents as employees, versioned grants, structural segregation of duties, gates, limits, signed audit.

Read →

Use cases

Where a governed agent must not act alone, every workflow has a one-way door.

Read →

Why now

No rules means no safe harbor. The predicate rules underneath are date-proof.

Read →

How it compares

Guardrails, gateways, observability, and the authorization layer only MakerChecker provides.

Read →

See it for yourself

Start a paid pilot. We build and run the access agent in your hub, and hand the investigator a file they recompute themselves.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Book a demoRead the docs

Designed against the rules your auditors already enforce.