Architecture · production · 2026

One data backbone.
Five modules that compound it.

Practice OS is built on the same continuous TiC + HPT ingestion pipeline that powers ReimburseOS. ReimburseOS predicts. Sentry OS prevents. Denial OS fights. Reclaim OS recovers. Leverage OS renegotiates. One backbone. Five modules. Milliseconds per claim.

The stack

Six layers, top to bottom.

L6 UI · Practice OS dashboard

Single dashboard surface for the practice. Five module pages. Native cross-module deep links — Reclaim OS's flagged claim opens directly in Denial OS; Leverage OS pulls Reclaim OS's pattern data into the leverage memo. Built with Next.js App Router, server components, Tailwind, shadcn/ui, deployed on Netlify.

Next.js 16 · React 19 · TypeScript · Tailwind · Netlify Edge
L5 Modules · the five engines
01 ReimburseOS
Predicts before submit
02 Sentry OS
Prevents denials
03 Denial OS
Fights denials
04 Reclaim OS
Recovers underpayments
05 Leverage OS
Renegotiates contracts

Each module is a service-layer worker writing to and reading from a shared Postgres event log. Idempotent, horizontally scalable, replayable. Modules subscribe to upstream events — when Reclaim OS flags a CO-97, Denial OS automatically receives a "needs-letter" event.

Node.js workers · Postgres event log · Redis pub/sub
L4 Reasoning · Claude appeals + memo engine

Anthropic Claude Opus / Sonnet behind every long-form generation: Denial OS appeal letters, Leverage OS renegotiation memos, denial-pattern explainers. Prompt-cached payer playbooks (CARC code → policy citation → boilerplate language) drop per-letter inference cost to ~$0.20 with 90%+ cache hit rate.

Anthropic SDK · prompt caching · structured output · tool-use for citation lookup
L3 ReimburseOS · realized vs contracted

ReimburseOS joins TiC MRF (contracted in-network rates) with HPT MRF (estimated_allowed_amount, live since 1/1/25) to produce realized-rate validation. The only known production system cross-checking the two CMS data sources — the differentiator, now baked into Practice OS.

PostgreSQL · partitioned by payer × state · materialized views per CPT × NPI
L2 Ingestion · streaming TiC + HPT pipeline

Custom Schema-2.0-native parser, streaming Node workers, gzip-on-the-fly, gracefully handles Anthem's 10.4GB single-line index, Aetna DRG-collapse, UHC PPO/behavioral overlaps. 100K+ rows/hr throughput per worker. Continuous monthly refresh (TiC) + daily (HPT). 26,497 NPIs × 67 CPTs × 30+ payers × 50 states.

Node.js streams · Supabase Postgres · S3 archival · cron scheduled
L1 Sources · public regulated data

CMS Transparency-in-Coverage MRFs (every commercial payer, federally mandated since Jul 2022). CMS Hospital Price Transparency MRFs (every hospital, mandated since Jan 2021, with realized-rate fields since Jan 2025). NPI Registry. NCCI edits. LCD/NCD policies. CARC/RARC code dictionaries.

100% public · 0% scraped · no data licensing fees · regulatory tailwind
Data flow

A single claim, traced end-to-end.

  [1] Claim drafted in EHR (eClinicalWorks)
        ↓ webhook fires on save
  [2] Sentry OS reads draft
        ↓ joins NCCI edits + LCD policies + payer history
        ↓ predicts denial probability per CPT
  [3] ReimburseOS joins TiC + HPT
        ↓ contracted rate $94.20 · realized p50 $89.40 · expected revenue line
  [4] If denied (CO-97 returned via 835)
        ↓ Denial OS event fires
        ↓ Claude generates letter (5m, $0.20)
        ↓ letter packet routed to faxer / portal / mail per payer playbook
  [5] On payment posting (835 EOB)
        ↓ Reclaim OS joins paid amount vs contracted rate
        ↓ if delta > $5 → flag for sweep
        ↓ batched recovery filing per payer cadence
  [6] Leverage OS aggregates over rolling 12mo
        ↓ underpayment patterns by payer × CPT × geography
        ↓ generates leverage memo for next contract renewal
        ↓ peer-rate benchmarks pulled from full TiC backbone

  Total round-trip on a single claim: instrumented in 5 places. Auditable. Replayable.
Reliability + security

Built for HIPAA from line one.

Encryption
AES-256 at rest, TLS 1.3 in transit. Per-tenant encryption keys via AWS KMS. PHI fields column-level encrypted in Postgres.
Compliance
HIPAA-aligned controls from day one. SOC 2 Type II in progress (Q3 2026 target). BAAs available on Practice + Network tiers.
Observability
Every event logged. Every LLM call traced. Replayable claim-level audit trail. 99.9% uptime SLA on Practice tier.
Tenancy
Postgres Row-Level Security. Per-practice data isolation. Network-tier deployments support VPC-isolated dedicated infra.
Backup + DR
PITR Postgres backups, 30-day window. Cross-region replicas (us-west, us-east). RTO 4h, RPO 15min.
Access control
SSO via Supabase Auth (Google, Okta, Azure AD). Per-role permissions: provider, biller, admin, owner. Audit log of every PHI view.

Walk the architecture, in the demo.

Every layer instrumented. Every event traceable. Every dollar accounted for.

Open the demo platform →