Hypex
Contingency RCM — you pay only when a denial is reversed

We recover denied claims — and you pay only when we win.

Hypex turns claim denials into recovered revenue with AI-drafted appeals and a zero-PHI architecture your compliance team can verify. No added headcount. No upfront fee. You keep 85% of every dollar recovered.

Claim fragment · CMS-1500

sample · not a real patient
PatientJordan A. Whitfield
DOB1972-04-18
MRNMRN-0042-8815
CPT99213
DenialPR-96 · non-covered
At issue$420.00

PHI is stripped before it leaves your network. The model sees the code and the dollar — not the name.

Remittance summaryverified terms

Contingency fee

of dollars the payer paid

15%

Patient identifiers in DB

de-identified before egress

0

Returned to your org

of every recovered dollar

85%

Appeals reviewed

human or confidence-gated

100%

The problem

Denials are rising. Most are never appealed.

In the 2026 Revenue Cycle Trends Report, the share of providers reporting denial rates above 5% nearly doubled in a single year — from 12% to 20%. A large share of denied claims are appealable and win on review, but appeal volume scales with staff time, so most groups appeal only a fraction and write the rest off.

Hypex processes the full denial population and keeps your team in control of every submission — so the recoverable revenue stops being left on the table.

How it works

From denial to recovered revenue

  1. 01

    Connect denial feed

    Upload 835 remittance and denial files, push via API, or connect through EHR SMART-on-FHIR. PHI stays in your US environment — we receive de-identified codes and an opaque token.

  2. 02

    We draft, you review

    Hypex classifies each denial, cites the payer rule, and drafts the appeal. High-confidence appeals can auto-submit; everything else routes to your reviewer with the rule shown. You authorize every submission.

  3. 03

    Submit & reconcile

    Approved appeals transmit as validated X12 837s to your clearinghouse. When the payer pays, we parse the 835, mark the claim recovered, and invoice 15% of the amount received.

  4. 04

    BAA, then rollout

    We sign a Business Associate Agreement and enroll payers one at a time, watching remittances for 30 days before expanding. No upfront fee at any stage.

What we built

Engineered for healthcare compliance

De-identification before egress

A claim is stripped of patient identifiers before it leaves your network. The scrubber fails closed — a record it cannot fully de-identify is rejected, never stored.

Appeals built to payer spec

Each letter cites the specific denial reason and payer rule, in the structure payer review teams expect. The model never sees PHI; it works from codes and the opaque token.

835 reconciliation and billing

Recovery is confirmed against the payer's own remittance, not self-reported. The fee is calculated only on amounts your finance team can verify in their own system.

Per-tenant isolation

Every organization's data is scoped and access-controlled to that organization. Your workspace cannot read another's, and ours cannot read yours.

Example appeal draft — de-identified

Sample · not a real patient

Denial

Claim CLM-4471 · CPT 99213 · reason PR-96

Payer: Aetna · At issue: $420.00

Drafted appeal

“Per LCD L12345, CPT 99213 is covered when documentation supports a moderate E/M visit. Attached: progress note, last 12 months of history, and medical-necessity statement.”

Human reviewer approval required before submission.

Security & compliance

What we do to protect PHI

Hypex operates as a business associate under HIPAA. Each control below carries an attestation stamp.

Open PHI-leak test suite — run it yourself

An open test asserts no patient identifier reaches the database, the model, or the letter store. Your security team can run it against our build before signing. Most vendors only assert this.

View the suite →
Live

PHI never reaches the model

De-identified records only. The language model processes codes and tokens; patient data is not in its training, context, or storage path.

Live

Encryption in transit and at rest

TLS 1.2 or higher on every connection. Managed encryption for storage and the database, with keys held in the cloud provider's key management service.

Live

Access control and audit

Tenant-scoped data access, token or API-key authentication, IP-allowlisted machine ingest, least-privilege roles, and an append-only audit trail of every action.

Live

Verifiable, not asserted

An open test suite asserts that no patient identifier reaches the database, the model, or the letter store. Your security team can run it themselves.

Integration

Async by design — no sales calls

Everything is set up in writing. You share a test feed, we prove recovery in a sandbox, and you review before anything reaches production.

Start by message

Request a pilot in writing. We reply with the workspace link, the BAA draft, and connection steps. Nothing requires a call.

Prove it in a sandbox

We connect to a test clearinghouse feed — never production PHI — and demonstrate recovery, win-rate, and days-to-cash with a human in the loop.

BAA before any data moves

We sign a Business Associate Agreement and provide cyber and E&O insurance naming you as additional insured. Liability is written in before PHI changes hands.

Where we are today

Built, and building toward

We would rather show you than claim. Here is exactly what is live now, and what is in flight.

Live today

  • De-identification pipeline with fail-closed scrubber
  • AI appeal drafting with human review gate
  • 835 reconciliation and 15% contingency billing
  • Per-tenant isolation and audit trail

In flight

  • Live, measured recovery rates — we will publish verified outcomes as design partners complete payer enrollment, not before.
  • Named reference customers — we are in pilot discussions and will list references only once live recoveries are confirmed.
  • SOC 2 Type II report — the examination is underway; the controls it tests are implemented and evidenced today.

Trust posture

AWS

SOC-backed cloud hosting

Zero-PHI

Open test suite published

HIPAA

Business associate / signed BAA

SOC 2

Type II examination in progress

BAA

Template on request

Encryption

In transit & at rest

SOC 2 Type II is an examination in progress — we show the control matrix and independent-audit timeline on request, and never claim a certification we do not hold.

FAQ

Questions buyers ask

Do you ever see patient data?

No. Claims are de-identified before they leave your network. Our database and the model handle only codes and an opaque token — verifiable by our open PHI-leak test suite.

What do we pay?

A flat 15% of the amounts the payer actually pays on appeals we file. No upfront fee. If an appeal does not recover, that claim costs you nothing.

Who decides what gets submitted?

Your team. Auto-submit applies only to high-confidence, low-dollar appeals; the rest route to your reviewer with the cited rule shown. Nothing is sent blind.

How long until go-live?

A sandbox pilot on sample denials runs in one to two weeks. Full automated submission depends on payer EDI enrollment, typically six to ten weeks, run in parallel.

Are you HIPAA compliant?

Hypex operates as a business associate under a signed BAA and applies HIPAA Security Rule safeguards. The SOC 2 Type II examination is in progress.

How do we know PHI never reaches the model?

We publish an open test suite that asserts no patient identifier reaches the database, the model, or the letter store. Your security team can run it against our build before signing — most vendors only assert this.

Request a pilot

Start a risk-free pilot — you pay only on recovery

No call, no commitment. Request the plan and we send your workspace plus the full data room.

Tell us where to send the plan

We provision a workspace and reply with next steps. No commitment.

Why teams say yes

  • Zero-PHI by architecture — verifiable, not promised
  • Flat 15% only on dollars the payer actually paid
  • Every appeal human-reviewed or confidence-gated
  • No upfront fee, no added headcount
How we protect PHI →