Skip to content
FonteumThe Graph

The capability layer

APIREST + bulk accessMCP serverCallable by AI agentsFHIR R4 APIBulk exportAttestation & audit packReconciliationSource-vs-source diffsEntity graphSnapshotsPoint-in-time, bitemporal

By use case

Exclusion & sanctions screeningCredentialing & provider-data enrichmentAudit evidence & defensible programsProvider data for AI / RAGM&A & network diligence

By buyer

Compliance & riskDevelopers & AI teams

The differentiator

Coverage & sourcesThe catalogFreshnessMethodologyCare CompareFacility qualityBrowse all datasets →
Research

The dev on-ramp

DocsAPI referenceMCPQuickstartStatusChangelogSDKs & integrations
Pricing
Sign inTry the FHIR sandbox →Request access →

Platform

APIMCP serverFHIR R4 APIBulk exportAttestation & audit packReconciliationEntity graphSnapshots

Solutions

Exclusion & sanctions screeningCredentialing & provider-data enrichmentAudit evidence & defensible programsProvider data for AI / RAGM&A & network diligenceCompliance & riskDevelopers & AI teams

Data

Coverage & sourcesFreshnessMethodologyCare CompareBrowse all datasets →
Research

Developers

DocsAPI referenceMCPQuickstartStatusChangelogSDKs & integrations
Pricing
Sign inTry the FHIR sandbox →Request access →
  1. Fonteum
  2. /
  3. Glossary
  4. /
  5. Attestation
Healthcare Data GlossaryTech

Attestation: Definition and Healthcare Context

Full name: Cryptographic Data Attestation

An attestation is a signed, tamper-evident statement that a specific set of data existed in a specific form at a specific time. In a data-integrity context, each captured source snapshot is hashed and the hash is signed with a cryptographic key, then linked into an append-only chain so the record cannot be altered after the fact without breaking the chain. An attestation does not assert that the underlying facts are correct — it attests, with a signature and timestamp, to exactly what was received from a source and when.

Last updated: 2026-06-17Reviewed by: Dr. Jennifer Montecillo, MD — Gullas College of Medicine, 2019. Non-practicing medical reviewer.

How it’s used

  • Each source snapshot is hashed with SHA-256 and the hash is signed with an Ed25519 key, producing a witness signature stored alongside the snapshot.
  • Signatures link into a hash chain, so any change to a past record breaks the chain and is detectable on re-derivation.
  • An external timestamp anchor records when each signature was made, so the attestation chain cannot be claimed to have been backdated.

Frequently asked questions

What is a cryptographic attestation?
A cryptographic attestation is a signed, timestamped statement that specific data existed in a specific form at a specific time, made tamper-evident by hashing the data and signing the hash.
How is an attestation different from saying data is correct?
An attestation does not claim the underlying facts are accurate. It attests only to what was received from a source and when, so the captured bytes can be re-derived and the signature checked later.
What signs Fonteum's attestations?
Each snapshot hash is signed with an Ed25519 key and linked into an append-only chain, with an external timestamp anchor recording when the signature was made.

Related terms

  • Provenance
  • Bitemporal
  • Exclusion Screening
  • Entity Resolution

Explore in Fonteum

How Fonteum sources, resolves, and publishes data tied to this term.

  • PlatformAttestations
  • PlatformIntegrity chain
  • PlatformRe-derive an attestation
  • PlatformData provenance model

Authoritative sources

  • RFC 8032 — Edwards-Curve (Ed25519) signatures↗
  • RFC 3161 — Time-Stamp Protocol↗
  • in-toto attestation framework↗
← All glossary terms

The substrate, by the numbers

9.2Mgraph entitiesProviders, organizations, owners, and facilities
15.7Mlinked identifiersNPIs, CCNs, LEIs and more, resolved to entities
5Mgraph edgesSource-attested relationships between entities
44federal source familiesDistinct CMS, OIG, HRSA, FDA and peer datasets
35dataset pagesCitable, downloadable /data catalog pages
65reproducible studiesEach shipping the SQL behind its figures

Built on the authoritative federal record

The primary sources, named on every page.

These are the federal agencies whose public datasets Fonteum ingests and attributes — the issuing authorities, not customers or partners. Every figure on the site links back to one of them.

  • CMS
  • HHS-OIG
  • HRSA
  • FDA
  • NLM
  • NUCC
  • Census
  • BLS
  • BEA

See the full source registry, with license and refresh cadence for each →

Reproducible by design

Every figure traces to its federal source.

14-tuple provenance

Every rendered fact ties to a source URL, dataset ID, snapshot date, row key, and SHA-256 — the full chain-of-custody record.

Reproducible SQL

Each study ships the exact query behind its figures, run against the cited federal snapshot. Re-run it yourself.

Daily reconciliation

Published counts are reconciled against the upstream federal datasets on a daily cadence, with drift logged.

Named medical review

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

Read the full provenance and attestation methodology →

Two doors

Use the free API and open data

Query providers, facilities, sanctions, and quality scores — each field carrying its federal source. Self-serve, no call to start.

Explore the API →Browse the data catalog →

Talk to us

Managed pilots, enterprise terms, and audit-ready, signed attestation packages for compliance, risk, and research teams.

Talk to us →
Fonteum
Platform
Platform overviewAPIMCP serverFHIR R4 APIBulk exportAttestation & audit packReconciliationEntity graphSnapshots
Solutions
All solutionsExclusion & sanctions screeningCredentialing & enrichmentAudit evidenceProvider data for AI / RAGM&A & network diligenceCompliance & riskDevelopers & AI teams
Data & sources
Coverage & sourcesBrowse all datasetsFreshnessMethodologyCare CompareSanctionsOwnershipStaffingDeficienciesSpecial Focus Facilities
Developers
Developer hubDocsAPI referenceQuickstartStatusChangelogSDKs & integrationsWebhooks
Research
Research hubGlossaryComparisonsCitationsWhy Fonteum
Company
AboutPressCustomersPricingContactEditorial policyCorrections
Trust & legal
TrustQualitySecurityPrivacy policyTerms of serviceMedical disclaimer

Reviewed by Jennifer Montecillo, MD, medical reviewer. Non-practicing medical reviewer.

© 2026 Fonteum LLC. All rights reserved.

·hello@fonteum.com

The U.S. healthcare graph AI can cite — every fact carries its source.

Request access→