For visitors who'd rather read than walk.
# Crisis path — what defending against a bad-faith audit looks like
A demand letter arrives — 47 chart IDs, a vague allegation, a 30-day
clock. A year ago, that letter would have set up a three-month arc
ending in either a clawback or a settlement. Today the letter is a
one-afternoon problem.
You open Merkle Trust and enter the 47 chart IDs into the
batch-record graph.
You walked the install decision twelve months ago. The four-paths
overview lives at the close of every card; the short version for a
clinic owner is the regional HIPAA-compliant operator path, and that
is the one you took. Your records have been getting daily proof for
the year between then and now.
The other three paths remain available — paste-the-markdown-into-an-LLM,
GitHub self-install, mesh-anchored — and the close of this card lists
all four for any practice walking the test drive for the first time.
The system highlights every document attached to every chart: op-notes,
referrals, imaging, PT discharge summaries, DME authorizations,
patient communications, insurance correspondence. One hundred and
eighty-three documents.
The robot fetches each one and tosses it into the defense box. The
ticker streams the merkle leaf for each as it lands. The system asks
the question that decides the response shape: only what the demand
letter requested, or everything on the thread including context the
payer didn't ask for. When the allegation is vague, the wider thread
is the answer — and the wider answer is the one the walk takes.
Each of the 183 documents comes with its merkle leaf, its ceremony
anchor, and its chain-of-custody since authorship. The packet
assembles itself in under two minutes.
You call your healthcare attorney — not a consultant. The attorney
you already use for practice contracts. They review the packet
remotely that afternoon and say, "This is the most organized
demand-letter response I've seen. Let me write the cover."
The attorney's cover letter runs two pages. It opens with a sentence
you have probably never seen an attorney write:
"Attached, please find the complete documentary record for each of
the forty-seven charts referenced in your demand letter. Every
document bears an independently verifiable hash anchor, making the
record provable against tampering by any party, including ours."
It closes with one sentence:
"We invite your auditors to verify the attestation chain themselves.
The public verification URL is included in each document's metadata.
Should any of the attached documents appear, upon verification, to
have been altered after authorship, we welcome the finding."
The packet goes out certified mail plus email. The merkle root of
the packet is itself anchored to the ceremony that evening — there
is now a timestamped, cryptographically verifiable record that on
this date, you sent this specific response.
If you would like a critical reviewer to read this strategy and tell
you where it might break, the .md button at the bottom adds the
card's summary to your tag-along bundle, and the comment field below
the attestation strip routes a specific question to your own
claude.ai session — with the prompt shown to you before it sends.
The payer's audit unit responds. Not with a counter. Not with a
clawback. With a two-line letter:
"Upon review of the documentation submitted, the referenced
concurrent review is withdrawn. No further action is required."
The payer didn't try to argue. The payer didn't try to narrow the
scope. The payer closed the file.
That evening's ceremony anchors this letter into the chain alongside
the original packet. The complete arc — the demand letter, the
response, the withdrawal — is now part of the practice's verifiable
history. If a different payer pulls a similar move next quarter, the
record of how this one resolved is already on the chain.
No weekends lost. No consultant fees. No settlement. No clawback. No
anxiety bleeding into the next quarter.
What happened instead: an attorney's time (six hours billable), one
chart-review afternoon for you (three hours), and the ongoing
ceremony cost — which didn't change, because the system runs daily
anyway.
The defense was already written before the demand letter arrived.
The ceremony just made it provable.
You take a signed package with you — yours to keep, downloaded
directly when you finish. The package contains the manifest, the
certificate of registration, the architecture docs, the verification
scripts (verify.sh and verify.py), a claude_prompt.md for
independent review, the JSON schemas, and a DISCLAIMERS.md. The
certificate is your identity for the way back; a recovery seed file
rides along with a self-protecting preamble for break-glass scenarios
only.
<!-- finish_text -->
That was the simulated path. The full card breaks out the cost
numbers in detail, the commons-benefit framing — what one practice's
defense contributes to peer practices' resilience — and a
prediction-frame close that's yours to test.