We recover denied claims — and you pay only when we win.
Hypex turns claim denials into recovered revenue with AI-drafted appeals and a zero-PHI architecture your compliance team can verify. No added headcount. No upfront fee. You keep 85% of every dollar recovered.
Claim fragment · CMS-1500
sample · not a real patientPHI is stripped before it leaves your network. The model sees the code and the dollar — not the name.
Contingency fee
of dollars the payer paid
15%
Patient identifiers in DB
de-identified before egress
0
Returned to your org
of every recovered dollar
85%
Appeals reviewed
human or confidence-gated
100%
The problem
Denials are rising. Most are never appealed.
In the 2026 Revenue Cycle Trends Report, the share of providers reporting denial rates above 5% nearly doubled in a single year — from 12% to 20%. A large share of denied claims are appealable and win on review, but appeal volume scales with staff time, so most groups appeal only a fraction and write the rest off.
Hypex processes the full denial population and keeps your team in control of every submission — so the recoverable revenue stops being left on the table.
How it works
From denial to recovered revenue
- 01
Connect denial feed
Upload 835 remittance and denial files, push via API, or connect through EHR SMART-on-FHIR. PHI stays in your US environment — we receive de-identified codes and an opaque token.
- 02
We draft, you review
Hypex classifies each denial, cites the payer rule, and drafts the appeal. High-confidence appeals can auto-submit; everything else routes to your reviewer with the rule shown. You authorize every submission.
- 03
Submit & reconcile
Approved appeals transmit as validated X12 837s to your clearinghouse. When the payer pays, we parse the 835, mark the claim recovered, and invoice 15% of the amount received.
- 04
BAA, then rollout
We sign a Business Associate Agreement and enroll payers one at a time, watching remittances for 30 days before expanding. No upfront fee at any stage.
What we built
Engineered for healthcare compliance
De-identification before egress
A claim is stripped of patient identifiers before it leaves your network. The scrubber fails closed — a record it cannot fully de-identify is rejected, never stored.
Appeals built to payer spec
Each letter cites the specific denial reason and payer rule, in the structure payer review teams expect. The model never sees PHI; it works from codes and the opaque token.
835 reconciliation and billing
Recovery is confirmed against the payer's own remittance, not self-reported. The fee is calculated only on amounts your finance team can verify in their own system.
Per-tenant isolation
Every organization's data is scoped and access-controlled to that organization. Your workspace cannot read another's, and ours cannot read yours.
Example appeal draft — de-identified
Sample · not a real patientDenial
Claim CLM-4471 · CPT 99213 · reason PR-96
Payer: Aetna · At issue: $420.00
Drafted appeal
“Per LCD L12345, CPT 99213 is covered when documentation supports a moderate E/M visit. Attached: progress note, last 12 months of history, and medical-necessity statement.”
Human reviewer approval required before submission.
Security & compliance
What we do to protect PHI
Hypex operates as a business associate under HIPAA. Each control below carries an attestation stamp.
Open PHI-leak test suite — run it yourself
An open test asserts no patient identifier reaches the database, the model, or the letter store. Your security team can run it against our build before signing. Most vendors only assert this.
PHI never reaches the model
De-identified records only. The language model processes codes and tokens; patient data is not in its training, context, or storage path.
Encryption in transit and at rest
TLS 1.2 or higher on every connection. Managed encryption for storage and the database, with keys held in the cloud provider's key management service.
Access control and audit
Tenant-scoped data access, token or API-key authentication, IP-allowlisted machine ingest, least-privilege roles, and an append-only audit trail of every action.
Verifiable, not asserted
An open test suite asserts that no patient identifier reaches the database, the model, or the letter store. Your security team can run it themselves.
Integration
Async by design — no sales calls
Everything is set up in writing. You share a test feed, we prove recovery in a sandbox, and you review before anything reaches production.
Start by message
Request a pilot in writing. We reply with the workspace link, the BAA draft, and connection steps. Nothing requires a call.
Prove it in a sandbox
We connect to a test clearinghouse feed — never production PHI — and demonstrate recovery, win-rate, and days-to-cash with a human in the loop.
BAA before any data moves
We sign a Business Associate Agreement and provide cyber and E&O insurance naming you as additional insured. Liability is written in before PHI changes hands.
Where we are today
Built, and building toward
We would rather show you than claim. Here is exactly what is live now, and what is in flight.
Live today
- De-identification pipeline with fail-closed scrubber
- AI appeal drafting with human review gate
- 835 reconciliation and 15% contingency billing
- Per-tenant isolation and audit trail
In flight
- Live, measured recovery rates — we will publish verified outcomes as design partners complete payer enrollment, not before.
- Named reference customers — we are in pilot discussions and will list references only once live recoveries are confirmed.
- SOC 2 Type II report — the examination is underway; the controls it tests are implemented and evidenced today.
Trust posture
AWS
✓SOC-backed cloud hosting
Zero-PHI
✓Open test suite published
HIPAA
✓Business associate / signed BAA
SOC 2
•Type II examination in progress
BAA
✓Template on request
Encryption
✓In transit & at rest
SOC 2 Type II is an examination in progress — we show the control matrix and independent-audit timeline on request, and never claim a certification we do not hold.
FAQ
Questions buyers ask
Do you ever see patient data?
No. Claims are de-identified before they leave your network. Our database and the model handle only codes and an opaque token — verifiable by our open PHI-leak test suite.
What do we pay?
A flat 15% of the amounts the payer actually pays on appeals we file. No upfront fee. If an appeal does not recover, that claim costs you nothing.
Who decides what gets submitted?
Your team. Auto-submit applies only to high-confidence, low-dollar appeals; the rest route to your reviewer with the cited rule shown. Nothing is sent blind.
How long until go-live?
A sandbox pilot on sample denials runs in one to two weeks. Full automated submission depends on payer EDI enrollment, typically six to ten weeks, run in parallel.
Are you HIPAA compliant?
Hypex operates as a business associate under a signed BAA and applies HIPAA Security Rule safeguards. The SOC 2 Type II examination is in progress.
How do we know PHI never reaches the model?
We publish an open test suite that asserts no patient identifier reaches the database, the model, or the letter store. Your security team can run it against our build before signing — most vendors only assert this.
Request a pilot
Start a risk-free pilot — you pay only on recovery
No call, no commitment. Request the plan and we send your workspace plus the full data room.
Tell us where to send the plan
We provision a workspace and reply with next steps. No commitment.
Why teams say yes
- Zero-PHI by architecture — verifiable, not promised
- Flat 15% only on dollars the payer actually paid
- Every appeal human-reviewed or confidence-gated
- No upfront fee, no added headcount