Skip to content
FonteumThe Graph
DataResearchCare CompareThe DifferAttestAPI
See the proof
  • Data
  • Research
  • Care Compare
  • The Differ
  • Attest
  • API
See the proof

DILIGENCE KIT

Diligence bundle. One PDF.

SOC 2 Type 1 in progress, BAA template, data provenance map, license grants, freshness SLA, and incident policy in one downloadable PDF.

Download the pack →View methodology →

v2026.05 · 44 federal source families · Delaware LLC

Included · Not yet included

SOC 2 in progress beats SOC 2 implied. This table is honest. Procurement teams respect transparency.

StatusItemNote
✅Delaware LLC registrationFonteum LLC — formed December 2024.
✅44 federal source families ingested44 federal source families (CMS, HHS-OIG, HRSA, BLS, BEA, Census). 11.9M historical records. Row-level provenance on every field.
✅Daily refresh + published SLAPer-dataset SLA at /freshness. Methodology version on every record.
✅Row-level provenance on every recordSource, snapshot date, methodology version, confidence tier — survives export.
✅BAA template availableTemplate in this pack. Fonteum processes no PHI; BAA is a procurement formality.
✅FHIR R4 API (Practitioner, Organization, Location, Coverage, HealthcareService)US Core 6.1.0. SMART on FHIR auth. p99 under 300ms on single-record lookups.
🟡SOC 2 Type 1 — in progressSOC 2 Type 1 in progress. Expected completion Q3 2026. No badge displayed until attested.
🟡SOC 2 Type 2 — observation periodPlanned Q1 2027 after Type 1 observation period.
❌HITRUST certificationNot pursued. SOC 2 Type 1 in progress with federal-data-only scope covers procurement requirements.
❌FedRAMP authorizationOut of scope for current procurement tier.

Inside the pack

01

Corporate

  • —Delaware limited liability company — formed December 2024.
  • —Legal name: Fonteum LLC
  • —Registered agent: on file with Delaware Division of Corporations.
  • —EIN: available to contracted customers under NDA.
02

Security

  • —SOC 2 Type 1 — engagement underway, expected Q3 2026.
  • —Infrastructure: Vercel (US-East) + Supabase managed Postgres.
  • —Encryption in transit: TLS 1.2+. At rest: AES-256.
  • —Access controls: row-level security on all public tables. Service-role keys never exposed to browser.
  • —Vulnerability disclosure: security@fonteum.com · /.well-known/security.txt (RFC 9116).
03

Data

  • —13 ingested datasets. 44 federal source families. 11.9M historical records.
  • —License grant: CMS data is U.S. Government Works (public domain). HHS-OIG LEIE is publicly distributed federal data.
  • —No claims data, no EHR data, no commercial data, no consumer PII.
  • —Per-field provenance: source, snapshot date, methodology version, confidence tier.
  • —Provenance schema documented at /methodology.
04

Operations

  • —Freshness SLA: within 24h (daily datasets), 48h (quarterly/annual).
  • —Incident notification: 72h from confirmed breach, plus public corrections-log entry.
  • —Corrections log: /corrections-log — public record of every data correction.
  • —Response-time commitment: P0 (service-down) within 2h. P1 (data-quality) within 24h.
05

Legal

  • —BAA template: included in this pack. Fonteum processes no PHI.
  • —AI training license: federal public-record data is public domain. No restriction on downstream model training.
  • —Terms of use: /terms. Data use for research, analytics, and commercial applications is permitted with attribution.
  • —GDPR position: DSAR requests honored within 30 days. We do not sell personal data.
NPPESPECOSOIG LEIEOPEN PAYMENTS
Fonteum Audit Pack
v2026.05 · 2026-05-25
44 federal source families
11.9M historical records with provenance
SOC 2: in progress (Q3 2026 target)
BAA template: included
License: US Government Works
Download PDF →Read methodology →Email security team →

Pilot and contracted customers

Customer-scoped packs on request.

Pilot, standard, and enterprise customers receive audit packs scoped to their contracted dataset list and delivery cadence. Methodology version is pinned to the snapshot they received. Rollback to a prior version is documented in the change history.

Request access →Email us →Identity graph docs →

API export endpoint

Bulk export for contracted customers.

Contracted pilots get programmatic access via /api/v1/audit-pack/export. The endpoint returns NDJSON, JSON, or CSV. Source inventory is drawn from the SPRINT1_EXPORT_SOURCES registry (44 federal source families, row-level provenance on every field).

# Sample request

curl -H "Authorization: Bearer fnt_<your_key>" \

"https://fonteum.com/api/v1/audit-pack/export?format=ndjson"

Row-level provenance fields travel with every exported record: source, snapshot date, methodology version, confidence tier. Export keys are issued at pilot onboarding. Contact pilot@fonteum.com to request a key.

Request access →or browse the audit pack →

Built on the authoritative federal record

The primary sources, named on every page.

These are the federal agencies whose public datasets Fonteum ingests and attributes — the issuing authorities, not customers or partners. Every figure on the site links back to one of them.

  • CMS
  • HHS-OIG
  • HRSA
  • FDA
  • NLM
  • NUCC
  • Census
  • BLS
  • BEA

See the full source registry, with license and refresh cadence for each →

Reproducible by design

Every figure traces to its federal source.

14-tuple provenance

Every rendered fact ties to a source URL, dataset ID, snapshot date, row key, and SHA-256 — the full chain-of-custody record.

Reproducible SQL

Each study ships the exact query behind its figures, run against the cited federal snapshot. Re-run it yourself.

Daily reconciliation

Published counts are reconciled against the upstream federal datasets on a daily cadence, with drift logged.

Named medical review

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

Read the full provenance and attestation methodology →

Two doors

Use the free API and open data

Query providers, facilities, sanctions, and quality scores — each field carrying its federal source. Self-serve, no call to start.

Explore the API →Browse the data catalog →

Talk to us

Managed pilots, enterprise terms, and audit-ready, signed attestation packages for compliance, risk, and research teams.

Talk to us →
Fonteum
Products
The DifferAttestAPIFHIR API
Data
Care CompareResearchData catalogSources
Company
Why FonteumAboutPressEditorial policyCorrections
Legal
Privacy policyTerms of serviceMedical disclaimer

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

© 2026 Fonteum LLC. All rights reserved.

The U.S. healthcare graph AI can cite — every fact carries its source.

Request access→

The substrate, by the numbers

44federal source familiesDistinct CMS, OIG, HRSA, FDA and peer datasets
35dataset pagesCitable, downloadable /data catalog pages
13reproducible studiesEach shipping the SQL behind its figures