Privacy-preserving patient matching for CMS Aligned Networks.
Patient identity resolution shouldn’t require sharing demographics with every intermediary in the chain. OPM is the open protocol that eliminates that trade-off. Protagonist ID makes it production-ready.
Apply for PilotPatient matching today requires a privacy trade-off.
In TEFCA, every QHIN intermediary in the chain decrypts and processes full patient demographics to do matching: name, DOB, address, sometimes SSN. It’s encrypted in transit, but the architecture requires intermediaries to see everything.
And those demographics end up in audit logs at every QHIN, stored for 6+ years per HIPAA. That’s not a breach. That’s the architecture working as designed.
Meanwhile, 21 networks have pledged to become CMS Aligned Networks and the ecosystem is moving fast. The organizations that solve patient identity matching correctly now, not just quickly, will have the advantage as requirements tighten.
What if the intermediary never needed to see PII?
Hash Locally
Patient demographics are normalized and hashed on your infrastructure. A SHA-256 routing key is all that leaves your system.
Route Opaquely
The OPM facilitator routes the hashed query across the network. It never sees, parses, or logs any patient demographics.
Match Without Exposure
Responders confirm matches cryptographically. The result is a verified identity with zero PII in transit, at rest, or in any intermediary’s logs.
Demographics visible to intermediaries. Retained in audit logs per HIPAA.
Hashes only. No PII. Nothing to redact.
Production-ready infrastructure.
Tenant Lifecycle
Sandbox to certified in four stages. Multi-tenant isolation with environment-scoped API keys and BA tracking.
Audit Trail
Every query logged with who, when, and declared purpose of use. Immutable. Exportable. CMS-review ready.
Purpose-of-Use Enforcement
Every API call requires a declared purpose (treatment, payment, operations, or patient access). No declaration, no query.
CMS HTE Mapping
Built for the Health Tech Ecosystem from day one. Requirements mapped to features, not retrofitted compliance.
LOI to production in weeks, not quarters.
Sign LOI
Letter of Intent, not a procurement. Lightweight agreement to pilot together.
Sandbox
API access, test data, run queries. Three curl commands to your first match.
Validate
Review audit logs, CMS compliance mapping, confirm it meets your requirements.
Go Live
Move to startup tier. Production API keys, real matching, real audit trail. You're on the network.
5 pilot partners.
LOI, not a contract.
We’re partnering with a small cohort of regional payers and health IT companies who want to get ahead of where patient identity is going, not just where it’s required today. Design partners get full platform access, direct input on the product roadmap, and a founder-level relationship with the team building this.
We’re looking for organizations that are serious about CMS Aligned Networks participation, have existing FHIR infrastructure or are building it, and are thinking about patient identity beyond the current requirements.
- Full platform access — sandbox through production
- Direct roadmap input — your use case shapes what we build next
- Open protocol, no lock-in — OPM is open source and standards-based
- Founder-level support — direct access to the team, not a ticketing queue
Apply for Pilot
Application Received
Thank you for your interest in the Pilot Partner Program. We’ve received your application and will reach out to the email provided within one business day to schedule a brief introductory call.