Skip to content
FonteumThe Graph
DataResearchCare CompareThe DifferAttestAPI
See the proof
  • Data
  • Research
  • Care Compare
  • The Differ
  • Attest
  • API
See the proof
Fonteum
Products
The DifferAttestAPIFHIR API
Data
Care CompareResearchData catalogSources
Company
AboutPressEditorial policyCorrections
Legal
Privacy policyTerms of serviceMedical disclaimer

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

© 2026 Fonteum, Inc. All rights reserved.

The U.S. healthcare graph AI can cite — every fact carries its source.

Request access→
Attest · Signed chain

Every claim carries a chain you can check.

Paste any claim ID and trace the full chain — from the federal source file to the Ed25519 signature. Re-derive the hash yourself; nothing changed.

Verify a claim →Read the spec
Attestation chainclaim nppes-10…
Check →
1
Federal source file
npidata.csv · data.cms.gov
2
SHA-256 content hash
a3f1c9…7e6b · computed 2026-05-24
3
Ed25519 signature
key fonteum-2026 · verifiable
✓ Chain signed · re-derivable
Every claim links back to its government source file — verify the SHA-256 hash yourself

Bitemporal history & attestation chain

Every fact Fonteum publishes traces to a specific government file with a known SHA-256. The chain below shows how: a claim records when the source asserted it (valid-time) and when we recorded it (system-time). Anyone can re-download the source file and confirm the hash — no login required.

How the chain works

  1. 1
    Claim — A fact about a facility or provider (e.g. star rating at CCN 460057). Has valid_from, valid_to, and recorded_at columns (bitemporal).
  2. 2
    Source — The exact government CSV fetched at a specific date. Fonteum stores the SHA-256 of the raw file so you can re-download and confirm it.
  3. 3
    Snapshot + witness — An aggregate snapshot of the ingest is signed with an Ed25519 key (methodology: in-toto-witness/v1). The signed payload contains the SHA-256 of the snapshot contents.

Bitemporal columns

ColumnAxisMeaning
valid_fromValid-time startWhen the source asserted this fact became true
valid_toValid-time endWhen the fact stopped being true; null = still current
recorded_atSystem-timeWhen Fonteum first wrote this row to the database

Backfill note: valid_from ← asserted_at; recorded_at ← created_at. No valid-time was fabricated.

Worked example — real claim

Claim
id:e717a8b9-8bd9-4a5e-b30f-475f6c690a62
claim_key:provider.1518918770.years_active.202602
metric:years_active
value:19 years
valid_from:2026-06-10T08:06:24.368249+00:00
valid_to:— (current)
recorded_at:2026-06-10T08:06:24.368249+00:00
Source
name:NPPES NPI Registry (individuals) 202602
publisher:Centers for Medicare & Medicaid Services
retrieved:

Check any claim

Paste a provenance_claims UUID to see its attestation chain.

Methodology

Witness signature algorithm
Ed25519 (Node.js crypto module)
Canonical payload format
{"methodology_version":"...","sha256":"...","signed_at":"...","snapshot_id":...} — Keys always sorted alphabetically for determinism.
Methodology version pinned
in-toto-witness/v1
Source hash
SHA-256 of the raw downloaded file, stored in provenance_sources.content_sha256
See also: /chain — snapshot attestation chain head · /trust — integrity overview
2026-06-10T05:32:03.912+00:00
sha256:8b5267e250fd4df6ee94cae30c637a7ffa20c6d2ee130f36a025538403d1ef44
Point-in-time diff

The claim above has valid_from = 2026-06-10 and valid_to = null (current). When CMS releases updated data and a new claim supersedes this one, valid_to will be set and the diff will show the change.

# Point-in-time query
GET /api/attest/pit?claim_key=provider.1518918770.years_active.202602&as_of=2026-06-10
Audit command
# Confirm the source file hash (no login needed)
curl -s 'https://download.cms.gov/nppes/NPPES_Data_Dissemination_February_2026.zip' | sha256sum
# Expected: 8b5267e250fd4df6ee94cae30c637a7ffa20c6d2ee130f36a025538403d1ef44
Full chain
# Full attestation chain for this claim
curl https://fonteum.com/api/attest/claim/e717a8b9-8bd9-4a5e-b30f-475f6c690a62