Forensic PSV for NY physicians.
Under a minute per provider.
A self-hosted or managed container that performs Primary Source Verification against NYSED, NPPES, and the NY Physician Profile — and hands your NCQA auditor a timestamped PDF with a tamper-evident audit log. Your provider data never leaves your network.
- per verification
- <60s
- primary sources
- 2
- audit chain
- SHA-256
Built for credentialing, compliance, and RCM teams at
Manual PSV doesn't scale.
And screenshots in a shared drive aren't an audit trail.
Your clerks are copy-pasting license numbers from three websites
NYSED for the license. NPPES for the NPI. NY Physician Profile for discipline. For every provider, every renewal, every new hire. It's 20 minutes of humans doing the same thing a script could do in 45 seconds.
Your NCQA reviewer asks for forensic evidence
Dated screenshots, time-stamped, from primary sources, stored immutably. Most teams stash PNGs in a Google Drive folder and hope the reviewer doesn't notice that the folder's modified-date is last Tuesday.
SaaS credentialing tools want your data
The big incumbents charge per-provider per-month and require your provider roster to live in their cloud. For many compliance teams that's a non-starter — or an annual BAA review they'd rather not do.
One API call. Three primary sources. One forensic packet.
Integrate with your existing credentialing workflow in an afternoon. POST a license number and last name; receive a JSON decision plus a PDF with timestamped screenshots.
- 01
Submit
CallPOST /verifywithlicense_numberandlast_name. Authenticated viaX-API-KEY. Schema rejects any unknown field so PHI can't enter the pipeline by accident. - 02
Verify
Headless Chromium visits NYSED and NY Physician Profile; NPPES is queried via its public API. Full-page screenshots, deterministic parsing, CAPTCHA and maintenance detection, license-to-NPI cross-reference. - 03
Decide + preserve
Get back a structured outcome (Pass / Human Review Required / Fail), a forensic PDF with every screenshot, and a SHA-256 chained audit log entry proving exactly what was retrieved, when.
Tamper-evident by design.
Every verification step appends a SHA-256-chained JSON line to an append-only log. Every screenshot carries its own hash. Every generated PDF is hashed into the chain at the moment of creation.
If a screenshot is modified, a PDF is edited, or a past audit record is altered on disk, GET /audit/verify returns chain_ok: false. That's the forensic claim your auditor asks for, backed by math and not policy.
- Append-only file; application has no seek/truncate path
- Hash chain anchored at a fixed genesis hash
- PDFs and screenshots hashed at creation, written into the chain
- Designed to mount on WORM storage (S3 Object Lock, immutable FS)
{
"chain_ok": true,
"records": 12
}
Honest scope. No hand-waving.
We tell you exactly which NCQA-designated sources we cover and which we don't. The checks we run are primary-source. The checks we don't are on the roadmap.
| Source | Role | Status |
|---|---|---|
NYSED Office of the Professions NCQA-designated primary source | NY medical license verification | Live |
NPPES Registry (CMS) NCQA-designated primary source | Federal provider identity | Live |
NY Physician Profile Not NCQA-designated; used for due-diligence cross-check | Supplementary disciplinary signal | Live |
OIG LEIE (federal exclusions) NCQA-designated; free CSV feed | Sanctions + debarment | Next |
SAM.gov (federal debarment) NCQA-designated; free API | Federal contractor debarment | Next |
NPDB, DEA, ABMS On the roadmap; paid data access | Additional primary sources | Roadmap |
TX, CA, FL state boards Same driver pattern as NY | Multi-state license verification | Next |
Self-hosted or managed. Same code, same audit log, same PDF.
Run the container yourself.
- Pull from our private registry
- Run via docker compose on your infra
- Audit log + PDFs stay on your disk — we never see data
- BAA not legally required, but available on request
- Most compliance-paranoid story
Ideal for teams with existing DevOps and strict data-residency policies.
We run it on a VPS dedicated to you.
- HTTPS endpoint + API key in 2 hours
- Customer-dedicated single-tenant VPS, US region
- We operate updates, security patches, backups
- BAA signed as standard
- Zero DevOps burden on your team
Ideal for teams who want SaaS ergonomics without multi-tenant data mixing.
Transparent. Retainer-based. No per-provider gotchas.
One-time setup, monthly maintenance retainer. Managed hosting adds a modest uplift. No per-verification billing, no surprise overages.
Starter
- Up to 50 verifications / month
- NY only
- Business-hours ET support
- 5-business-day selector-drift SLA
- Quarterly audit-chain attestation
Single-location practices, bootstrapped telehealth, first pilot.
Talk to usPro
Most popular- Up to 500 verifications / month
- NY included; additional states as add-ons
- Extended-hours support
- 2-business-day selector-drift SLA
- Quarterly NCQA evidence-binder call
- Priority email / Slack channel
Mid-size telehealth (~50-200 providers), RCM firms, specialty groups.
Talk to usEnterprise
- Unlimited verifications
- NY + 1 additional state included
- 1-business-day SLA; 24/7 urgent line
- BAA signed as standard
- Custom PDF branding, EHR integration hours
- Dedicated account contact
Larger RCM firms, multi-state networks, anyone with a compliance officer on staff.
Talk to usAdd-ons: additional states at $7,500 setup + $500/mo each. White-label PDFs $2,000. EHR integrations $5–10K scoped. Ask about founding-customer pricing.
Straight answers.
Why not just use Medallion / symplr / Modio?
How is this different from a Python contractor building a scraper?
What happens when NYSED changes their site?
Is this HIPAA-compliant?
Do you see our provider data?
Why NY only?
How long does onboarding take?
Your next NCQA review has a forensic trail.
Book a 20-minute demo. We'll run a live verification against a real NY license in front of you, show you the audit log, and walk through the PDF your reviewer will see.