Skip to content
FonteumThe Graph

By use case

Exclusion & monitoring (self-serve)Free roster screen — no accountExclusion & sanctions screeningCredentialing & provider-data enrichmentAudit evidence & defensible programsProvider data for AI / RAGM&A & network diligence

By buyer

Compliance & riskDevelopers & AI teams

By industry

HealthcareProviders & facilitiesFederal contractingSAM · USASpending · FAPIIS

The capability layer

APIREST + bulk accessMCP serverCallable by AI agentsFHIR R4 APIBulk exportAttestation & audit packReconciliationSource-vs-source diffsEntity graphSnapshotsPoint-in-time, bitemporal

The differentiator

Coverage & sourcesThe catalogFreshnessMethodologyCare CompareFacility qualityBrowse all datasets →
Research

The dev on-ramp

DocsAPI referenceMCP — connect your agentOne-paste installFHIR sandboxLive API surfaceQuickstartStatusChangelogSDKs & integrations
Pricing
Sign inFree roster screen →Get a signed certificate →

Solutions

Exclusion & monitoring (self-serve)Exclusion & sanctions screeningCredentialing & provider-data enrichmentAudit evidence & defensible programsProvider data for AI / RAGM&A & network diligenceCompliance & riskDevelopers & AI teamsHealthcareFederal contracting

Platform

APIMCP serverFHIR R4 APIBulk exportAttestation & audit packReconciliationEntity graphSnapshots

Data

Coverage & sourcesFreshnessMethodologyCare CompareBrowse all datasets →
Research

Developers

DocsAPI referenceMCP — connect your agentFHIR sandboxQuickstartStatusChangelogSDKs & integrations
Pricing
Sign inFree roster screen →Get a signed certificate →
Docs · Source-cache mirror

Source-cache mirror.

Fonteum mirrors every federal-source snapshot to S3-compatible storage with 90-day rolling retention. When a source goes down — DOGE-driven access disruption, scheduled CMS portal maintenance, DNS issues, anything — verifiers can still re-download the original archive bytes from Fonteum’s mirror, recompute SHA-256, and confirm the hash matches the public attestation. The cache is both a trust signal and a liability shield.

Why a cache mirror?

Per Q2 2026 Strategic Research (failure mode #1), DOGE-related CMS access disruption is modeled at 40–60% probability over a 12-month window. CMS contingency plans exist (issued February 2026) but exclude the survey/certification systems Care Compare depends on. Even outside the DOGE-specific risk, federal data portals have routine outages, planned maintenance windows, and occasional URL rotations that interrupt access.

The cache mirror is a defensive layer: when the upstream source is unavailable, verifiers can still complete the byte-for-byte hash-match flow against Fonteum’s published attestation. The integrity contract — “hash of the bytes we ingested matches what we published” — stays open even when the bytes themselves are temporarily unreachable upstream.

90-day rolling retention

Every cached archive carries a retention_expires timestamp set to cached_at + 90 days at write time. A separate cleanup cron (queued §sprint3-cache-cleanup-cron) deletes the S3 object + drops the cache log row when the time arrives.

Why 90 days: long enough to span any plausible upstream outage (CMS scheduled maintenance windows are typically measured in days; even an extended DOGE-style policy disruption is unlikely to exceed a quarter without generating its own legal-system response). Short enough that aggregate storage cost stays bounded for a small healthcare-data publisher; rolling expiry keeps the bucket from accumulating decade-old snapshots that no verifier would re-fetch anyway.

SHA-256 hash-match flow

Every snapshot exposes a SHA-256 hash via /verify/[snapshot_id]. The response carries content_hash, source_archive_url (upstream), and cache_url (Fonteum’s S3 mirror). Two equivalent hash-match paths:

  1. Upstream path — fetch source_archive_url + shasum -a 256 + compare to content_hash. Works when the upstream source is healthy.
  2. Cache path — fetch cache_url + shasum -a 256 + compare to content_hash. Works regardless of upstream health (within the 90-day retention window).
# Path 1: upstream
SOURCE=$(curl -s https://fonteum.com/verify/123 | jq -r '.source_archive_url')
EXPECTED=$(curl -s https://fonteum.com/verify/123 | jq -r '.content_hash')
ACTUAL=$(curl -sL "$SOURCE" | shasum -a 256 | awk '{print $1}')
[ "$ACTUAL" = "$EXPECTED" ] && echo "verified" || echo "MISMATCH"

# Path 2: cache mirror
CACHE=$(curl -s https://fonteum.com/verify/123 | jq -r '.cache_url')
EXPECTED=$(curl -s https://fonteum.com/verify/123 | jq -r '.content_hash')
ACTUAL=$(curl -sL "$CACHE" | shasum -a 256 | awk '{print $1}')
[ "$ACTUAL" = "$EXPECTED" ] && echo "verified" || echo "MISMATCH"

Both paths produce the same hash because content_sha256 in the cache log is computed from the exact bytes that produced content_hash in the attestation log. The two tables are written in the same code path (the puller cron) from the same archive buffer; byte-for-byte equality is guaranteed at write time, not at read time.

Degraded-state surfacing

A 15-minute cron HEAD-probes every registered source URL and writes the current health status to source_health_status. The /freshness page reads from there + surfaces an amber “⚠ source degraded” pill on each affected source card. Hover the pill for the underlying reason: 404 (URL rotated), 401/403 (auth changed — DOGE-disruption candidate), 5xx (upstream outage), network throw (DNS or connectivity).

The freshness band (fresh / stale / overdue) and the degraded badge are independent signals. A source can be fresh (last snapshot is recent) and degraded(upstream is currently down) at the same time — that’s the cache mirror earning its keep. The opposite case (overdue + degraded) is the alarming one; operators know to check Sentry + the Inngest dashboard.

Storage backend

Fonteum’s upload helper writes via plain PUT + AWS Signature v4 against any S3-compatible store: AWS S3, Cloudflare R2, MinIO, Backblaze B2, etc. The endpoint is configurable per environment via the AWS_S3_ENDPOINT / AWS_S3_PUBLIC_BASE env vars; the upstream choice is a deployment decision, not a contract change for verifiers.

Public-readable bucket policy (or a CDN that reads from a private bucket) is the default — verifiers fetch cache_url directly without signed URLs.Fonteum never logs or returns the secret key associated with the upload role.

Cross-links
  • /freshness — live snapshot age + status band + per-source upstream health badge.
  • /trust/integrity — public SHA-256 attestation index per snapshot.
  • /methodology/changelog — methodology version-bump log.
  • /docs/source-coverage — schedule of the puller crons that produce the snapshots this cache mirrors.

Built on the authoritative federal record

The primary sources, named on every page.

These are the federal agencies whose public datasets Fonteum ingests and attributes — the issuing authorities, not customers or partners. Every figure on the site links back to one of them.

  • CMS
  • HHS-OIG
  • HRSA
  • FDA
  • NLM
  • NUCC
  • Census
  • BLS
  • BEA

See the full source registry, with license and refresh cadence for each →

Reproducible by design

Every figure traces to its federal source.

14-tuple provenance

Every rendered fact ties to a source URL, dataset ID, snapshot date, row key, and SHA-256 — the full chain-of-custody record.

Reproducible SQL

Each study ships the exact query behind its figures, run against the cited federal snapshot. Re-run it yourself.

Daily count checks

Published counts are checked against the upstream federal datasets on a daily cadence, with drift logged.

Named medical review

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

Read the full provenance and attestation methodology →

Two doors

Use the free API and open data

Query providers, facilities, sanctions, and quality scores — each field carrying its federal source. Self-serve, no call to start.

Explore the API →Browse the data catalog →

Talk to us

Managed pilots, enterprise terms, and audit-ready, signed attestation packages for compliance, risk, and research teams.

Talk to us →
Fonteum
Platform
Platform overviewAPIMCP serverFHIR R4 APIBulk exportAttestation & audit packReconciliationEntity graphSnapshots
Solutions
All solutionsExclusion & sanctions screeningCredentialing & enrichmentAudit evidenceProvider data for AI / RAGM&A & network diligenceCompliance & riskDevelopers & AI teams
Data & sources
Coverage & sourcesBrowse all datasetsState Medicaid exclusionsFreshnessMethodologyCare CompareSanctionsOwnershipStaffingDeficienciesSpecial Focus Facilities
Federal contracting
OverviewAwards during active exclusionFederal debarment scorecardProcurement questionsContractor lookup8(a) certification guide
Developers
Developer hubDocsAPI referenceQuickstartStatusChangelogSDKs & integrationsWebhooks
Research & guides
Research hubGuidesHealthcare provider dataExclusion & sanctions screeningProvider credentialing dataHealthcare data for AIHospital margin gapProvider access gapsGlossaryComparisonsCitationsWhy Fonteum
Company
AboutPressCustomersPricingContactEditorial policyCorrections
Trust & legal
TrustTrust markQualitySecurityPrivacy policyTerms of serviceAPI & MCP termsMedical disclaimer

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

© 2026 Fonteum LLC. All rights reserved.

·hello@fonteum.com

The U.S. healthcare graph AI can cite — every fact carries its source.

Every fact Fonteum serves carries a signed, re-checkable trust mark — source, as-of date, and an Ed25519 signature travel with the data. Re-check any fact at fonteum.com/verify · the trust-mark standard (W3C Verifiable Credentials 2.0, C2PA-aligned).
Request access→

The substrate, by the numbers

9.2Mgraph entitiesProviders, organizations, owners, and facilities
15.7Mlinked identifiersNPIs, CCNs, LEIs and more, resolved to entities
5Mgraph edgesSource-attested relationships between entities
44federal source familiesDistinct CMS, OIG, HRSA, FDA and peer datasets
35dataset pagesCitable, downloadable /data catalog pages
70reproducible studiesEach shipping the SQL behind its figures