from osmoda research · healthcare

Run your clinic. PHI stays on your box.

HIPAA-aligned ops, FHIR-native, audit-ready. Tofu handles intake voice + SMS, frog reconciles claims, naga enforces HIPAA policy per action, lantern drafts CMS-0057-F prior-authorization in the 72-hour window. PHI never leaves the NixOS box you own.

Spawn a clinic stack HIPAA controls →

TL;DR

• 43.2% of physicians reported burnout in the AMA 2024 study; charting is the #1 driver [AMA 2024]
• Primary care spends ~3 hrs/day on EHR documentation; 13 hrs/week on prior auth alone [AMA]
• CMS-0057-F goes live Jan 1, 2026 — payers owe 72-hr urgent and 7-day standard PA decisions [CMS]
• Healthcare data breach cost: $7.42M average in 2025; Change Healthcare hit 192.7M people [IBM/HIPAA Journal]
• os.moda runs your stack on a NixOS box you own. PHI never leaves. SHA-256 audit ledger
• Tofu handles intake voice + SMS, frog reconciles claims, naga enforces HIPAA policy per action

1. The pain — burnout, denial rates, and a fragmented stack

US physicians spent an average of 3 hours per day on clinical documentation and 13 hours per week navigating prior authorization in 2024, per AMA surveys. The MGMA 2026 Regulatory Burden Report found 77% of practices cite regulatory load as a primary cause of burnout, while replacing a single physician costs $500K–$1M. Private-payer claims denial rates averaged 15% across 516 hospitals (MDClarity), with 65% of denials never reworked — a direct hit to clinic margins.

The legacy stack is fragmented and seat-priced. Tebra runs $99–$399 per provider/month, AdvancedMD's EHR+PM bundle is $729/month per provider, DrChrono starts at $349/month, and patient-comms add-ons like Solutionreach run $329+/month with RevenueWell and Weave in the same band. A 6-provider clinic easily clears $5K/month before claims tooling, and none of it talks cleanly to Epic (42.3% acute share), Oracle Health (22.9%), eClinicalWorks, or athenahealth.

2026 makes it worse. CMS-0057-F operational provisions go live Jan 1, 2026 — payers must publish PA metrics and meet 72-hour urgent / 7-calendar-day standard turnaround. USCDI v3 becomes mandatory the same day, with HTI-1 enforcement discretion ending March 1, 2026. Meanwhile ambient scribes (Abridge, Nuance DAX Copilot, Suki, Nabla) are commoditizing notes — saving Cooper University ~4 minutes per visit — but leaving the rest of the ops stack untouched.

Tebra (formerly Kareo)

PM+EHR for private practice at $99–$399/provider/month. Locks data behind their UI, claims module up-sells, AI features are seat-priced add-ons.

AdvancedMD

$429–$729/month per provider for PM+EHR. Heavy implementation cycle, dated UX, patient-comms requires a separate Solutionreach-class vendor.

Solutionreach / Weave / RevenueWell

Patient-comms point tools at $300–$700+/month. Each runs its own outbound queue, none own your audit trail, none plug into your claims AR.

Epic + DAX Copilot

Enterprise-grade but enterprise-priced. DAX licenses + Epic seats price out single-specialty groups, and your ambient transcripts live in someone else's cloud.

2. What 2026 is bringing

Ambient AI scribes → standard of care. Yale New Haven and UChicago Medicine report large burnout drops; a 263-physician study showed burnout fall 51.9% to 38.8% in 30 days [npj Digital Medicine 2025].
CMS-0057-F goes operational Jan 1, 2026. Mandatory PA metrics reporting + 72-hr urgent / 7-day standard decision windows force payers + providers onto FHIR Prior Authorization APIs.
USCDI v3 mandatory same day. ONC released Draft USCDI v7 in Jan 2026 — the data model is now a moving target [ONC Standards Bulletin 2026-1].
Healthcare cyber-attacks rose 400% YoY. Change Healthcare alone affects 192.7M individuals — driving real demand for self-hosted PHI [HIPAA Journal].

3. The os.moda stack — seven spirits, one clinic

1 · tofu (intake voice + SMS) answers new-patient calls, runs Telegram/WhatsApp intake, captures insurance card photos, books the slot — replaces front-desk overflow without sending PHI to a third-party voice vendor.
2 · soot (EMR sync) runs FHIR R4 + US Core profile adapters for Epic, Oracle Health, eClinicalWorks, athenahealth, Tebra — bidirectional, idempotent, with rollback on schema drift via NixOS atomic deploys.
3 · frog (claims + reconciliation) scores claims against 835/837 history pre-submission, flags the 65% of denials worth reworking, and reconciles ERA payments to your AR aging.
4 · naga (HIPAA policy vault) enforces minimum-necessary access per signed action, holds payer credentials in KEYD so the LLM never touches them, produces the SHA-256 hash-chained ledger your BAA requires.
5 · lantern (PA + appeal drafter) ingests payer policy docs, drafts CMS-0057-F-compliant FHIR PA requests in the 72-hr window, produces audit-ready appeal letters on denial.
6 · soot (recall + reactivation) runs recall campaigns from your EMR roster — annual exams, vaccine windows, lapsed patients — across SMS/voice/WhatsApp, replacing Solutionreach/Weave seat fees.
7 · haku (patient-facing content) generates pre-visit forms, post-visit summaries at appropriate reading level, translated discharge instructions — logged for 21 CFR Part 11 traceability where applicable.

4. Why it works

Sovereignty + compliance

PHI never leaves the NixOS box you own (or the EU-1 Frankfurt managed instance). KEYD vault holds payer creds and signs every outbound action so the LLM never holds a secret; the SHA-256 hash-chained ledger satisfies HIPAA §164.312(b) audit controls and survives 21 CFR Part 11 inspection if you do clinical research.

Workflow integrity

Daemons are idempotent and watchdog-recovered (6s median wedge recovery). FHIR R4 adapters mean the same intake message lands the patient in Epic, Tebra, or athenahealth without you rewriting glue. Every claim, PA, recall, and note is one provable transaction in the audit ledger.

Economics

$29–$299/month replaces Tebra + Solutionreach + DAX + claim scrubber + recall + PA tool — routinely $1.5K–$6K/month per provider. Flat-fee, no per-seat tax, BYO LLM key, and Apache-2.0 so a vendor sale doesn't bury your data.

5. The 3–5 year future

2027 · ambient agentic intake. The front desk dissolves. Tofu answers, verifies eligibility against the payer in real time, slots against provider+room+equipment availability, lands the patient in the EMR with a draft chief-complaint note before they hang up.
2028 · FHIR-native PA at the point of order. When a provider orders an MRI, lantern checks payer policy live, drafts the PA in the CMS-0057-F flow, either auto-approves or routes a 60-second peer-to-peer call — no manual fax loop, no $25K/year staff-PA cost center.
2029–2030 · per-patient longitudinal agent. Each patient gets a private agent on your box — remembers their history, runs cross-EMR FHIR queries, fields routine refill requests via Telegram/SMS, escalates the 8% that need a clinician. Front-of-house headcount becomes care-coordinator headcount.

FAQ

Does PHI ever leave my NixOS server?

No. LLM calls are signed actions; KEYD holds the keys and redacts PHI from prompts using the configured de-id policy before egress. If you BYO an Anthropic/OpenAI key with a BAA, the same applies but you control the contract. For air-gapped clinics, run a local model — the daemon interface is identical.

Which EMRs do you sync with?

Epic (FHIR R4 + US Core), Oracle Health, eClinicalWorks, athenahealth, Tebra/Kareo, AdvancedMD, and DrChrono via published FHIR + their proprietary APIs. Adapters live in soot and are versioned with NixOS atomic deploys, so a vendor schema change rolls back cleanly without a 2 a.m. outage.

How does this satisfy CMS-0057-F by Jan 2026?

lantern produces FHIR Prior Authorization API requests and the metrics payload payers must publish, frog reconciles the 72-hr / 7-day SLA into your AR aging, and the audit ledger gives you the evidence trail if a payer pushes back. You stay the requesting provider; we just remove the fax.

Run a single-clinic pilot on EU-1 Frankfurt for $99/month. PHI stays yours.

Spawn a clinic stack →

1. The pain — burnout, denial rates, and a fragmented stack

Tebra (formerly Kareo)

PM+EHR for private practice at $99–$399/provider/month. Locks data behind their UI, claims module up-sells, AI features are seat-priced add-ons.

AdvancedMD

$429–$729/month per provider for PM+EHR. Heavy implementation cycle, dated UX, patient-comms requires a separate Solutionreach-class vendor.

Solutionreach / Weave / RevenueWell

Patient-comms point tools at $300–$700+/month. Each runs its own outbound queue, none own your audit trail, none plug into your claims AR.

Epic + DAX Copilot

Enterprise-grade but enterprise-priced. DAX licenses + Epic seats price out single-specialty groups, and your ambient transcripts live in someone else's cloud.

2. What 2026 is bringing

Ambient AI scribes → standard of care. Yale New Haven and UChicago Medicine report large burnout drops; a 263-physician study showed burnout fall 51.9% to 38.8% in 30 days [npj Digital Medicine 2025].

CMS-0057-F goes operational Jan 1, 2026. Mandatory PA metrics reporting + 72-hr urgent / 7-day standard decision windows force payers + providers onto FHIR Prior Authorization APIs.

USCDI v3 mandatory same day. ONC released Draft USCDI v7 in Jan 2026 — the data model is now a moving target [ONC Standards Bulletin 2026-1].

Healthcare cyber-attacks rose 400% YoY. Change Healthcare alone affects 192.7M individuals — driving real demand for self-hosted PHI [HIPAA Journal].

3. The os.moda stack — seven spirits, one clinic

1 · tofu (intake voice + SMS) answers new-patient calls, runs Telegram/WhatsApp intake, captures insurance card photos, books the slot — replaces front-desk overflow without sending PHI to a third-party voice vendor.

2 · soot (EMR sync) runs FHIR R4 + US Core profile adapters for Epic, Oracle Health, eClinicalWorks, athenahealth, Tebra — bidirectional, idempotent, with rollback on schema drift via NixOS atomic deploys.

3 · frog (claims + reconciliation) scores claims against 835/837 history pre-submission, flags the 65% of denials worth reworking, and reconciles ERA payments to your AR aging.

4 · naga (HIPAA policy vault) enforces minimum-necessary access per signed action, holds payer credentials in KEYD so the LLM never touches them, produces the SHA-256 hash-chained ledger your BAA requires.

5 · lantern (PA + appeal drafter) ingests payer policy docs, drafts CMS-0057-F-compliant FHIR PA requests in the 72-hr window, produces audit-ready appeal letters on denial.

6 · soot (recall + reactivation) runs recall campaigns from your EMR roster — annual exams, vaccine windows, lapsed patients — across SMS/voice/WhatsApp, replacing Solutionreach/Weave seat fees.

7 · haku (patient-facing content) generates pre-visit forms, post-visit summaries at appropriate reading level, translated discharge instructions — logged for 21 CFR Part 11 traceability where applicable.

4. Why it works

Sovereignty + compliance

Workflow integrity

Economics

5. The 3–5 year future

2027 · ambient agentic intake. The front desk dissolves. Tofu answers, verifies eligibility against the payer in real time, slots against provider+room+equipment availability, lands the patient in the EMR with a draft chief-complaint note before they hang up.

2028 · FHIR-native PA at the point of order. When a provider orders an MRI, lantern checks payer policy live, drafts the PA in the CMS-0057-F flow, either auto-approves or routes a 60-second peer-to-peer call — no manual fax loop, no $25K/year staff-PA cost center.

2029–2030 · per-patient longitudinal agent. Each patient gets a private agent on your box — remembers their history, runs cross-EMR FHIR queries, fields routine refill requests via Telegram/SMS, escalates the 8% that need a clinician. Front-of-house headcount becomes care-coordinator headcount.

FAQ