Our Mission

MyRxWallet North America Corporation exists to put patients in absolute control of their health identity — permanently. We build infrastructure in which patient data control remains with the patient. No third party outside MyRxWallet can revoke or transfer a patient's credential. MyRxWallet retains revocation authority only for off-boarding, consent withdrawal, or security incidents, and each revocation is logged on-ledger.

Our Foundation

• Led by Olivia Trinh, Chairman and CEO
• Incorporated in Wyoming, USA
• CAGE: 9VNZ7 · NAICS 518210 · SIC 7374-00
• Unique Entity ID: RKYFJECN9GL3

Our Values

• Patients first — always
• Zero data brokering — patient data is never sold
• Open standards, fully interoperable
• Zero Dependency infrastructure
• Built on open standards; patient data is never sold

The Founding Story

MyRxWallet was born from a simple but radical conviction: your health data belongs to you — not your insurer, not your pharmacy chain, not your EHR vendor. We built the infrastructure to make that a legal reality, not a marketing promise.

Why We Exist

• Over 12M Americans lack a consistent health record
• $350B+ lost annually to fragmented, siloed data
• Most patients cannot access or control their own records
• Existing platforms monetize data — we don't

Our Credentials

• Headquartered: Las Vegas, Nevada
• ONC-registered developer — 10 SMART client IDs
• USCDI v7 submission #703 — on federal record
• NPI registered — multiple provider identifiers
• Electronic prescribing architecture aligned with 21 CFR Part 1311 (third-party audit in progress) — electronic prescribing

For Patients

• Sovereign health identity — MyRx Credential
• Full medical record ownership and portability
• AI health coach and clinical decision support
• Emergency card with instant provider access
• Platform activity tracking for clinical workflow purposes only

For Providers

• ONC (g)(10) standardized API test — PASS with FHIR R4 — live
• EPCS electronic prescribing — 21 CFR Part 1311 aligned
• Telehealth + scheduling built in
• SMART on FHIR payer client architecture (CMS Blue Button live; commercial agreements in progress)
• Hyperledger consent trail — HIPAA-grade audit

For Partners

• White-label EHR infrastructure — licensing available
• MyRx Credential issuance integration
• Developer API + SMART on FHIR
• Pharmaceutical and insurance API integrations

Backend & API Layer

• FastAPI (Python) — EHR core backend
• FHIR R4 — full interoperability compliance
• PostgreSQL — encrypted, sovereign health records
• SMART on FHIR — OAuth2 + PKCE authorization
• ONC (g)(10) certified API — in production

Blockchain Layer

• Hyperledger Fabric 2.5 LTS — permissioned ledger
• 4 dedicated channels (identity, consent, health, participation)
• 4 Go CaaS chaincodes — deployed and live
• Immutable consent audit trail — every event on-chain
• Soulbound credential engine — Hyperledger Fabric native

Security & Infrastructure

• MyRx-Sentinel v2.0 — DoD STIG hardening standards applied
• WireGuard VPN — MyRx-Gateway zero-trust overlay
• Credential-keyed service access — port-level auth
• Zero Trust architecture — no implicit trust
• Sovereign VPS — all data stays on our metal

What Is the MyRx Credential?

Each MyRxWallet member receives a unique, non-transferable credential issued on our permissioned Hyperledger Fabric network. It is their sovereign health identity attestation — proving who they are, controlling what they access, and recording consent history permanently on-chain.

Credential Functions

• Identity attestation — cryptographic proof of identity
• Platform access key — gates services by authorization level
• Consent ledger — immutable HIPAA consent record on-chain
• Participation record — tracks health-positive platform activity
• Credential issuance — providers can onboard patients directly

Technical Architecture

• Soulbound — cryptographically bound, non-transferable
• Permissioned ledger — Hyperledger Fabric (not a public chain)
• Chaincodes: myrxcc-identity + myrxcc-consent (permissioned channels)
• Non-custodial — only the holder controls their credential
• SDK: @myrxwallet/credential-sdk on npm

What Is the MyRx DAO?

The MyRxWallet DAO is a decentralized governance structure that guides platform evolution. Credentialed participants contribute governance input on protocol upgrades, fee structures, and partner integrations — removing unilateral control by any single entity.

DAO Functions

• Protocol governance — proposals and votes on upgrades
• Fee schedule — community-reviewed rate structures
• Operational allocation — voted by governance participants
• Partner vetting — on-chain approval process
• Incident response — on-chain audit log

Why Zero Dependency?

• No single institution can freeze the platform
• No vendor lock-in at any infrastructure layer
• Protocol changes require community consensus
• Patients always retain control of their own data
• Open governance — auditable by design

MyRx-Chain Architecture

• Hyperledger Fabric 2.5.6 LTS — enterprise permissioned ledger
• Orderer + Peer + CA + CLI — full node stack
• 4 dedicated channels — isolated by function
• 4 Go chaincodes — CaaS deployment, sequence 2 VALID
• myrxchain Docker network — fully isolated

The 4 Channels

• Identity channel — identity credential ledger
• Consent channel — HIPAA consent audit trail
• Health channel — encrypted health event log
• Participation channel — platform activity ledger

Why Hyperledger?

• Permissioned — only authorized nodes participate
• HIPAA-grade audit trail built into the protocol
• No public blockchain exposure of health information
• Go chaincode — enterprise throughput
• Linux Foundation — open standard, no vendor lock-in

What Is MyRx-Rail?

MyRx-Rail is our proprietary health data transport infrastructure — combining FHIR R4 APIs, Hyperledger channels, and WireGuard tunnels into a unified sovereign rail that moves health records without ever touching a third-party cloud provider.

Rail Components

• FHIR R4 API — inbound and outbound data exchange
• MyRx-Gateway — WireGuard VPN zero-trust overlay
• Hyperledger channels — immutable on-chain event bus
• MyRx-Mail — secure encrypted provider-to-patient messaging
• 6 Payer API connectors — live integrations

Rail Standards

• TEFCA / QHIN — national health information interoperability
• USCDI v7 — all universal data classes supported
• SMART on FHIR — app authorization and launch protocol
• CDS Hooks — clinical decision support at point of care
• Bulk FHIR — population-level export for research

Unmatched Regulatory Standing

• ONC (g)(10) standardized API test — PASS API (g)(10) — production ready
• EPCS prescribing — 21 CFR Part 1311 aligned; third-party audit in progress
• Hyperledger consent trail — legally defensible audit record
• DoD STIG hardening standards applied — highest achievable security posture
• USCDI v7 submission #703 — on federal record

Commercial Opportunities

• White-label EHR licensing — subscription and per-seat models
• API access — per-call and enterprise subscription tiers
• Pharmaceutical integration — formulary and prior auth APIs
• Insurance integration — eligibility and claims pipeline

Strategic Position

• USCDI v7 Comment #703 filed with ONC (April 11, 2026); FDA CDER concept paper submitted (no regulatory response received)
• Architecture aligned to HSCC CWG published guidance (no formalized HSCC CWG partnership)
• Global partnerships framework — live and operational
• Zero data brokering — patient data is never sold

How the Program Works

MyRxWallet operates structured service-fee and engagement-recognition programs. Providers receive compensation for verified clinical services. Patients receive recognition for health-positive behaviors — similar to established wellness incentive programs in the insurance industry.

Provider Service Compensation

• Credential issuance fee — for onboarding new patients
• Per-session fee — verified telehealth completions
• EPCS service fee — verified electronic prescriptions
• All governed by platform service agreement

Patient Program Features (No Monetary Value)

• Profile completion progress indicators
• Medication adherence reminders — tracked via MyRx-MedTracker for clinical workflow purposes only
• Preventive care appointment reminders
• Anonymized research consent — patient-controlled, opt-in only
• All program features are administrative in nature — no monetary value, no redemption, no exchange for cash or any item of value

✅ Complete (Phase 1–4)

• ONC (g)(10) standardized API test — PASS + FHIR R4 API — live
• Patient + Provider portals — live
• MyRx-Chain — Hyperledger Fabric 2.5 LTS
• MyRx-Sentinel v2.0 — DoD STIG hardening standards applied
• USCDI v7 #703 — filed April 11, 2026
• Credential SDK — @myrxwallet/credential-sdk on npm
• MyRx-Mail — Electron desktop client

🔄 In Progress (Phase 5)

• Inferno (g)(10) full certification run
• MyRx-Gateway — WireGuard + credential-keyed access
• Hosting migration DNS cleanup
• FDA CDER concept paper submission
• HSCC CWG partnership formalization

📅 Upcoming (Phase 6+)

• MyRx-ID — public identity credential launch
• Enhanced clinical analytics module (provider-facing)
• MyRx-Shield — free access distribution program
• TEFCA QHIN — network node application
• International expansion — GDPR framework

Patient Portal

• Full health record access — FHIR R4 (20+ resource types)
• AI assistant + personal health coach
• Consent management — grant or revoke instantly, on-chain
• Prescriptions, lab results, vitals, immunizations
• Emergency access card with NFC tap support
• 6 payer API connections — insurance history auto-imported
• Credential Identity — your sovereign health profile
• Appointment scheduling + telehealth video

Provider Portal

• ONC (g)(10) standardized API test — PASS — (g)(10) PASS April 17, 2026
• EPCS prescribing — DEA 21 CFR Part 1311 compliant
• FHIR R4 patient records + 6 payer APIs
• SOAP notes with AI-assisted ICD-10 + CPT coding
• Hyperledger consent trail — every access immutable
• Drug recall alerts via FDA openFDA; drug-interaction advisories subject to prescriber judgment
• Recall alerts delivered at point of prescribing
• Lab ordering — Quest / LabCorp routing

🔐 Security Architecture (Both Portals)

• MyRx-Sentinel v2.0 — DoD STIG hardening standards applied compliant
• Fullscreen lock + screenshot guard in clinical mode
• HIPAA idle timeout — auto-logout after inactivity
• AES-256-GCM encryption at rest · TLS 1.3 in transit
• Zero PII on-chain — only SHA-256 hashes + FHIR resource IDs

🌐 Access

• Patient portal — patients.myrxwallet.io
• Provider portal — providers.myrxwallet.io
• Both portals accessible via ehr.myrxwallet.io
• Mobile-responsive — iOS + Android compatible
• MyRx-Mail desktop client — Electron app available

📋 ONC Finalizes TEFCA Exchange Protocols

The Office of the National Coordinator published updated TEFCA exchange framework rules, expanding the Qualified Health Information Network (QHIN) pathway. MyRxWallet is preparing its Phase 6 QHIN application in alignment with these rules.

💊 FDA Drug Recall Alert System — Live

MyRxWallet's prescribing module now integrates FDA openFDA drug recall alerts at the point of prescribing. Providers receive instant inline warnings when prescribing a recalled medication.

🔒 HIPAA Security Rule Modernization — 2026

HHS finalized amendments to the HIPAA Security Rule requiring enhanced encryption standards, multifactor authentication, and new audit logging requirements. MyRxWallet exceeds all updated standards with AES-256-GCM + TLS 1.3 + Hyperledger audit trail.

📡 CMS Interoperability Rules — Payer API Expansion

CMS finalized expanded payer API mandates requiring all MA, Medicaid, CHIP, and QHP plans to publish SMART on FHIR APIs. MyRxWallet is connected to 6 major payers and ingests patient data automatically on consent.

🏛️ USCDI v7 Comment #703 — On Federal Record

MyRxWallet filed Comment #703 to USCDI v7 on April 11, 2026, proposing "Patient Digital Identity Credential" as a new national data class. This positions the MyRx Credential as a federally-recognized health identity standard.

✅ ONC (g)(10) Inferno — Full PASS

MyRxWallet completed the ONC Inferno v8.0.0 (g)(10) standardized API test suite with a full PASS across all 317 sub-tests on April 17, 2026. This is the platform's federally-attested interoperability certification.

🌍 International Standards

• FHIR R4 IPS — International Patient Summary support
• GDPR Article 9 — special health data category compliance
• ISO 27001 — information security management aligned
• HL7 International — global interoperability framework
• WHO ICD-10/ICD-11 — international diagnosis coding

🤝 Partnership Categories

• Health system integrations — payer + provider networks
• Government health agency API connectors
• Pharmaceutical and clinical trial data partnerships
• Academic medical center research agreements
• International telehealth network expansion

🏗️ Infrastructure Design

• Self-hosted Hyperledger — no third-party cloud dependency
• Multi-region deployment capable — no US-only lock-in
• FHIR R4 base spec — universal across health jurisdictions
• Consent layer — maps to GDPR, PIPEDA, PDPA frameworks
• No PHI on-chain — architecture is jurisdiction-agnostic

📋 Engagement Model

• White-label EHR licensing — full branding + customization
• API integration agreements — revenue share available
• Research participation programs — IRB-governed consent
• Joint venture structures — region-specific deployments
• Contact: info@myrxwallet.io to begin conversations

📋 Fee Structure

• Fees are charged only under written service agreements
• All fees cover operating costs and regulatory compliance
• No profit-sharing, royalty, rebate, or token-value distribution
• Patients are never charged to access their own health records
• Fee categories: API access, EHR licensing, EPCS per-prescription, integration engineering

🏥 Who Pays What

• Patients: $0 — record access is always free
• Providers: Per-transaction micro-fee under service agreement
• Partners: API access under signed service agreement
• Researchers: Consent event fee per participant enrolled
• Payers: Data exchange governed by CMS interoperability mandate

🔍 Transparency Commitments

• Every fee publicly auditable — on-chain transaction log
• No hidden charges — fee type disclosed before transaction
• No data brokering — PHI never sold to third parties
• No subscription fees for patients — free access always
• Provider pricing: contact info@myrxwallet.io

🏥 Who Pays What

• Patients: $0 — record access is always free
• Providers: Per-transaction micro-fee (clinical anchoring)
• Partners: API access under signed service agreement
• Researchers: Consent event fee per participant enrolled
• Payers: Data exchange governed by CMS interoperability mandate

🏛️ Federal Business Identifiers

• CAGE Code: 9VNZ7
• Unique Entity ID: RKYFJECN9GL3
• NAICS: 518210 (Data Processing & Hosting)
• SIC: 7374-00 (Computer Processing & Data Prep)
• SAM.gov: Active registration
• EIN and other sensitive identifiers available upon verified request — info@myrxwallet.io

🏥 Health Industry Registrations

• NPI × 3 — multiple National Provider Identifiers
• ONC Developer Registration — 10 SMART on FHIR client IDs
• Electronic prescribing architecture aligned with 21 CFR Part 1311 (third-party audit in progress)
• OIG LEIE — provider exclusion screening integrated
• USCDI v7 Comment #703 — filed April 11, 2026

📜 Certifications

• ONC (g)(10) Standardized API — PASS April 17, 2026
• Inferno v8.0.0 — 317/317 sub-tests PASS
• SMART App Launch 2.0.0 — Inferno test PASS
• Bulk Data 2.0.0 — Inferno test PASS
• US Core 6.1.0 — 20 resource types

📋 Federal Filings & Engagements

• USCDI v7 Comment #703 — patient digital identity credential
• FDA CDER concept paper — DSCSA/interoperability (pending)
• HSCC CWG — Health Sector Cybersecurity Council engagement
• ONC Developer Portal — registered API developer
• Corporate HQ: MyRxWallet North America Corporation

What We Passed

• OAuth 2.0 authorize + token endpoints (TLS 1.2/1.3)
• SMART on FHIR /.well-known/smart-configuration
• PKCE-enforced authorization code flow
• Granular scopes (v1 + v2) with sub-resource filtering
• Bulk Data 2.0.0 with _since parameter
• US Core 6.1.0 — 20 resource types

Why It Matters

The (g)(10) certification is a federally-attested identity, authentication, and consent infrastructure. It validates that patients can access their health data from any certified app using open standards. It is the platform's single most valuable compliance asset.

EPCS Authorization

• Electronic prescribing architecture aligned with 21 CFR Part 1311 (third-party audit in progress) — electronic prescribing live
• 21 CFR Part 1311 compliant — full regulatory alignment
• Two-factor authentication required for all controlled substance Rx
• Identity proofing — NPI + OIG LEIE verified
• Logical access controls — per-provider scoping

Clinical Workflow

• Provider signs Rx with DEA-compliant 2FA
• Prescription anchored to Hyperledger — tamper-proof
• Patient receives Rx in FHIR MedicationRequest format
• Drug interaction checker inline — FDA database
• Recall alerts delivered at point of prescribing

HIPAA Compliance

• PHI encrypted at rest (AES-256-GCM) and in transit (TLS 1.3)
• Zero PII stored on-chain — only SHA-256 hashes and FHIR resource IDs
• Consent-gated access — no data without explicit patient authorization
• Minimum necessary standard — enforced at OAuth scope level
• BAAs required for all vendors touching PHI

HITECH & Audit Logging

• Breach notification procedures — 60-day maximum
• Audit logging — every PHI access recorded
• HIPAA §164.312(b) — audit controls implemented
• 6-year retention — logs never truncated
• FHIR AuditEvent resources — queryable via certified API

Test Results

• SMART App Launch 2.0.0 — PASS
• Bulk Data 2.0.0 — PASS
• US Core 6.1.0 — PASS (all 20 resource types)
• Token introspection — PASS
• Token revocation — PASS
• Granular scopes v1 + v2 — PASS

Regression Policy

All (g)(10) test items must remain PASS before any PR merges to main. The Inferno test suite is run against the branch endpoint. TLS posture is verified (SSL 2/3 + TLS 1.0/1.1 rejected; TLS 1.2/1.3 accepted). This certification is the platform's single most valuable compliance asset.

FHIR Endpoints Live

• Patient, Practitioner, Organization
• Condition, Observation, MedicationRequest
• AllergyIntolerance, Immunization, Procedure
• DiagnosticReport, DocumentReference
• ExplanationOfBenefit, Coverage, Goal
• AuditEvent, Consent, Device

Standards Compliance

• FHIR R4 (4.0.1) — base specification
• US Core 6.1.0 — profile conformance
• USCDI v3 — data class coverage
• SMART App Launch 2.0.0
• Bulk Data 2.0.0 with _since parameter

🔬 Clinical Resources

• Patient · Practitioner · Organization
• Condition · Observation · MedicationRequest
• AllergyIntolerance · Immunization · Procedure
• DiagnosticReport · DocumentReference

💳 Financial & Coverage

• ExplanationOfBenefit — claims history
• Coverage — insurance detail
• CoverageEligibilityRequest/Response
• AuditEvent · Consent · Device

🔗 API Base URLs

• FHIR Root: ehr.myrxwallet.io/api/v1/fhir/r4
• Auth: ehr.myrxwallet.io/oauth/authorize
• Token: ehr.myrxwallet.io/oauth/token
• Discovery: /.well-known/smart-configuration
• Bulk: /\$export (system-level)

Active Connections

• CMS Blue Button 2.0 — Medicare beneficiary data — LIVE

Architecture Tested Against

• Published SMART on FHIR endpoints of major US payers (architecture verified; commercial onboarding agreements under discussion, not executed)

Data Retrieved (CMS Live)

• ExplanationOfBenefit — claims history
• Coverage — insurance details
• Patient — demographics
• Medication dispensing history
• AI agents pull automatically on patient consent

Veterans Support

• VA Lighthouse API architecture compatibility (no executed VA agreement)
• CCN-compatible architecture (no executed VA agreement)
• VHA patient record portability
• VA formulary integration

CSOS Compliance

• DEA CSOS — Controlled Substances Ordering System
• Electronic ordering of Schedule I–V substances
• Digital certificates for CSOS authentication
• Audit trail integration — every order on-chain

Family Accounts

• Guardian-linked accounts for minors under 18
• Pediatric FHIR profiles — US Core Pediatric Weight/BMI
• Age-of-majority transition workflow
• Sibling record linking with consent inheritance

Consent Architecture

• Guardian consent on behalf of minor — HIPAA compliant
• Consent transfer at age of majority
• Adolescent privacy — 42 CFR Part 2 sensitive categories
• Family health history aggregation

Technical Controls

• AES-256-GCM encryption — at rest and in transit
• Zero Trust architecture — no implicit trust at any layer
• MyRx-Sentinel v2 — DoD STIG hardening standards applied compliance
• WireGuard VPN — all traffic over encrypted tunnel
• Credential-keyed port access — no open endpoints

Operational Controls

• Zero PII on-chain — only hashes and FHIR resource IDs
• BAAs for all vendors touching PHI
• 6-year audit log retention — never truncated
• Incident response — on-chain logging + FHIR AuditEvent
• Breach notification — 60-day HITECH maximum

Architecture as Compliance

Every HIPAA control at MyRxWallet is enforced by code, not policy. PHI cannot reach the blockchain — the chaincode rejects it at the protocol layer. Consent cannot be bypassed — OAuth scopes enforce it at the API layer. Audit logs cannot be deleted — they are append-only on Hyperledger.

Proactive Engagement

• USCDI v7 Comment #703 — shaping national standards
• HSCC CWG — health sector cybersecurity council
• FDA CDER — concept paper filed April 2026
• ONC 10 SMART client IDs — registered developer
• Inferno (g)(10) — full test suite PASS

TEFCA Pathway

• QHIN application planned — Phase 6
• Patient-as-requester conduit model
• SMART on FHIR certification prerequisite — in progress
• ONC Recognized Coordinating Entity (RCE) alignment

Why TEFCA Matters

TEFCA establishes the rules of the road for nationwide health information exchange. As a QHIN member, MyRxWallet will be able to query and respond to patient record requests across all participating networks — giving patients truly universal record portability.

🔑 Authentication

• OAuth 2.0 + PKCE — SMART App Launch 2.0.0
• Authorization: /oauth/authorize
• Token: /oauth/token
• Introspect: /oauth/introspect
• Revoke: /oauth/revoke
• 10 registered SMART client IDs available

📡 FHIR Endpoints

• Base: /api/v1/fhir/r4/[Resource]
• 20 US Core 6.1.0 resource types
• Bulk export: /\$export with _since
• Search, read, create, update supported
• Granular scopes v1 + v2

📦 SDK & Tools

• Credential SDK: @myrxwallet/credential-sdk (npm)
• Install: npm install @myrxwallet/credential-sdk
• Discovery: /.well-known/smart-configuration
• Capability: /api/v1/fhir/r4/metadata
• Inferno (g)(10) — full PASS, all 317 tests

🔐 Developer Access

• Contact: info@myrxwallet.io to request client ID
• Sandbox environment available on request
• Rate limits: documented per scope tier
• Webhook events: consent grant / revoke
• Org: myrx-token on npm (owner: myrxwallet)

Certified Products

• MyRxWallet EHR — ONC (g)(10) certified
• FHIR R4 API — US Core 6.1.0 compliant
• SMART App Launch 2.0.0 — Inferno test PASS
• Bulk Data 2.0.0 — Inferno test PASS
• EPCS Module — DEA 21 CFR Part 1311

EPCS Module

• DEA-compliant two-factor authentication
• Controlled substance Rx — Schedule II–V
• Identity proofing at provider onboarding
• Logical access controls per provider
• Every Rx anchored to Hyperledger — immutable

Clinical Integrations

• 6 payer SMART on FHIR connections
• FDA openFDA — drug recall alerts live
• NPI registry — provider verification
• OIG LEIE — exclusion screening
• Quest / LabCorp — lab order routing

Platform Integrations

• Hyperledger Fabric — consent and identity ledger
• WireGuard — zero-trust network overlay
• SMTP + MyRx-Mail — secure messaging
• Twilio — SMS alerts (optional)
• Webhook events — consent grant/revoke

Partnership Categories

• Pharmaceutical companies — formulary + prior auth APIs
• Insurance carriers — eligibility + claims APIs
• Health systems — EHR data exchange
• Academic medical centers — research consent programs
• Government agencies — ONC, HHS, FDA engagement

Become a Partner

MyRxWallet offers white-label EHR licensing, API integration agreements, and research participation programs — all governed by signed service agreements. Contact us to discuss partnership opportunities.

Book a Consultation

Whether you're a provider evaluating the EHR, a partner exploring API integration, or a health system considering white-label deployment — our team is available for a direct conversation. Contact: info@myrxwallet.io

Available Resources

• FHIR Capability Statement (JSON)
• SMART Configuration (JSON)
• ONC (g)(10) test results
• Fee schedule PDF
• MyRx Credential SDK documentation

Import Sources

• 6 connected payers — automated on consent
• FHIR R4 bulk import — any compliant EHR
• CCD/C-CDA document import
• Lab result PDF parsing — AI-assisted
• Wearable device data — HL7 FHIR Observations

Your HIPAA Rights

• Right to access your PHI — free within 30 days
• Right to correct inaccurate health information
• Right to know who has accessed your data
• Right to restrict certain uses and disclosures
• Right to receive a Notice of Privacy Practices

Our HIPAA Obligations

• We only use PHI for treatment, payment, and operations
• We never sell PHI to data brokers — ever
• We notify you within 60 days of any breach
• All staff with PHI access complete HIPAA training
• BAAs executed with all business associates

⚠️ Violation Reporting

• File a HIPAA complaint: HHS Office for Civil Rights
• OCR hotline: 1-800-368-1019
• Internal complaints: info@myrxwallet.io
• We investigate all complaints within 30 days
• No retaliation for good-faith HIPAA complaints

📋 Notice of Privacy Practices

• Effective Date: January 1, 2025
• We use PHI only for treatment, payment, and healthcare operations
• We never sell your health data — to anyone, ever
• You may request a paper copy of this Notice at any time
• Contact: info@myrxwallet.io for full NPP document

How Consent Works

• Patient grants consent via QR, NFC tap, or in-app
• Consent event recorded to Hyperledger consent-channel
• FHIR Consent resource created — queryable via certified API
• Time-limited grants — 8h visit window default
• Revocable instantly — on-chain revocation immediate

Consent Principles

• Affirmative consent required — no opt-out default
• Minimum necessary — scoped to specific resource types
• Audit trail — every grant and revoke permanently recorded
• 42 CFR Part 2 — sensitive categories protected separately
• GDPR Article 9 — special health data protections applied

📱 How to Grant Consent

• QR code scan at point of care
• NFC tap — credential card or phone
• In-app — patient portal consent manager
• Verbal consent + provider-initiated — witnessed and recorded
• Each grant is scoped to a specific provider + visit window

🚫 How to Revoke Consent

• Patient portal → Consent Manager → Revoke
• Revocation is immediate — on-chain within seconds
• Revoked consent cannot be re-read retroactively
• Revocation event recorded as FHIR Consent resource
• Contact info@myrxwallet.io for emergency revocation

🏛️ Federal Identifiers

• CAGE Code: 9VNZ7
• SAM.gov Unique Entity ID: RKYFJECN9GL3
• NAICS: 518210 · SIC: 7374-00

🏥 Health Registrations

• NPI × 3 (multiple provider identifiers)
• ONC Developer — 10 SMART client IDs
• DEA EPCS — Schedule II–V authorized
• USCDI v7 Comment #703 — April 11, 2026

✅ Certifications on Record

• ONC (g)(10) — PASS April 17, 2026
• Inferno v8.0.0 — 317/317 sub-tests PASS
• SMART App Launch 2.0.0 — Inferno test PASS
• Bulk Data 2.0.0 — Inferno test PASS

SMART Endpoints

• Authorization: /oauth/authorize
• Token: /oauth/token
• Introspect: /oauth/introspect
• Revoke: /oauth/revoke
• Discovery: /.well-known/smart-configuration

Supported Capabilities

• PKCE — required for all public clients
• Asymmetric + symmetric client auth
• Granular scopes v1 + v2
• Refresh tokens — 90-day minimum
• SMART App Launch 2.0.0

🔐 Token Details

• Access token lifetime: 3600 seconds (1 hour)
• Refresh token lifetime: 90 days minimum
• Token format: JWT (signed)
• Token introspection: active/inactive + scope list
• Refresh grants new access token without re-auth

📋 Scope Format Examples

• patient/Patient.read — patient demographics
• patient/Observation.read — vitals + labs
• patient/*.read — all patient resources
• system/Patient.read — bulk/system-level
• launch/patient — EHR-launched context

👤 Patient & Clinical

• Patient — demographics, contact, identifiers
• Practitioner — provider profile + credentials
• PractitionerRole — specialty + organization link
• Organization — health system entity
• Condition — diagnosis + problem list
• Observation — vitals, labs, social history

💊 Medications & Orders

• MedicationRequest — Rx + EPCS
• MedicationDispense — pharmacy fulfillment
• AllergyIntolerance — allergy + adverse reactions
• Immunization — vaccine history
• Procedure — clinical procedures
• ServiceRequest — lab + imaging orders

📋 Documents & Results

• DiagnosticReport — lab + imaging results
• DocumentReference — CCD, SOAP, clinical docs
• CarePlan — care coordination
• Goal — patient health goals
• Encounter — visit history
• Location — facility + address

🔒 Consent & Coverage

• Consent — on-chain consent record
• Coverage — insurance plan detail
• ExplanationOfBenefit — claims history
• AuditEvent — access log (FHIR queryable)
• Device — connected device records
• RelatedPerson — guardian / family link

Our Submission

MyRxWallet filed USCDI v7 Comment #703 proposing "Patient Digital Identity Credential" as a new national data class — establishing that a patient's sovereign health identity credential is a first-class USCDI data element, not an afterthought. This aligns our NFT Credential architecture with federal interoperability standards.

Strategic Significance

• Positions MyRxWallet at the forefront of national identity standards
• Supports the (g)(10) → USCDI v7 → NFT Credential narrative arc
• Aligns with W3C DID and HL7 SMART Health Cards

📊 USCDI v3 Data Classes We Cover

• Patient Demographics — name, DOB, address, language
• Clinical Notes — SOAP, discharge, operative, referral
• Medications — active + historical + allergies
• Laboratory — results, reports, orders
• Vital Signs — BP, HR, SpO2, BMI, weight
• Immunizations — vaccine history + schedules
• Problems — ICD-10 coded condition list
• Health Insurance — coverage + EOB
• Assessment & Plan — care goals + instructions

🚀 USCDI v7 — What We Proposed

Comment #703 proposes adding "Patient Digital Identity Credential" as a new USCDI data class — a patient's sovereign, consent-anchored health identity. If adopted, this would make the MyRx Credential architecture a federal interoperability standard, not just a platform feature. Filed April 11, 2026. Public record at healthit.gov.

🤖 Tool Scope

• MyRx-Assistant — information retrieval and administrative assistance only
• MyRx-HealthCoach — general wellness information; not a substitute for medical advice
• MyRx-ClinicalAI — provider-facing administrative drafting of SOAP notes, ICD-10, and CPT suggestions, always subject to provider review and sign-off before clinical use

💊 Drug-Related Features

Drug recall notifications display information retrieved from the FDA openFDA public dataset. Any drug-interaction information displayed in the provider workflow is advisory only and is subject to the prescribing provider's independent judgment and separate FDA-cleared drug-interaction software where clinically required.

⚖️ Regulatory Status

• Not FDA-cleared as a medical device
• Not a diagnostic tool — no clinical decisions made by AI
• All AI output requires licensed provider review before clinical use
• FDA CDER concept paper submitted (no regulatory response received)
• AI features operate under 21st Century Cures Act administrative use exemption