Private preview

The Five x Five integration MVP is open to invited visitors. Enter your access key.

That key does not verify
Checked in your browser as a SHA-256 digest. Nothing is sent anywhere. Access ends when the tab closes.
No key? Request access on the main site or ask us at the booth.
Five x FiveLoud, clear, & provable
↖ fivebyfive-site.vercel.app · Integration MVPPrototype · simulated data
A heart attack charted as “confirmed.” It never was.Composite scenario, simulated data, modeled on published diagnostic-momentum failures. Ninety seconds to watch it get caught, sealed, and fixed.
How it connects
writes SMART on FHIR read · write sealed AI SCRIBEAbridge · DAX · Nabla · any CORCAREEpic · NL Health Services · simulated EXAM ROOMindependent ambient capture FIVE × FIVEcapture · seal · verify
Step 0 / 6
FHIR R4 DocumentReference SMART on FHIR OAuth2 Epic (CorCare) ca-central-1 Montreal Ed25519 signed Advisory only never touches orders
A 34-year-old with chest pain is medevaced from a rural ED, charted as a confirmed heart attack that was never confirmed, and lined up for high-dose therapy.

1. Five x Five captures the encounter independently and seals it to the session ledger.
2. It pulls the AI scribe's note from CorCare (Epic, simulated).
3. It verifies the charted note against the sealed source. You can edit the note and re-run it.
4. It writes an advisory flag for clinician review.
5. The clinician signs the correction, and that decision is sealed too.

Press Run a live encounter.

Sealed source Five x Five · session ledger

Sealed · block · retained
  • Presentation34M, chest pain. Medevac from rural Labrador ED. (Simulated.)
  • Working dxPresumptive STEMI per referring site (ECG + troponin). Unconfirmed.
  • Confirm testCoronary angiogram (dye test) not performed. MI not verified.
  • DifferentialMyocarditis. Cannot exclude without angiogram.
  • PlanConfirm with angiogram before MI-directed therapy; monitor BP.
SHA-256 · computing…
Fails loud, not silent. A low-confidence segment at 14:32 was sealed as an uncertainty event (block ) and the advisory reads: review the source audio before relying on the plan field. Uncertainty is surfaced on the record, never asserted as fact.

Charted note pulled from CorCare · FHIR DocumentReference · simulated

  • Presentation34M, chest pain. Transfer from rural Labrador ED.
  • Diagnosis
  • Confirm test
  • Differential
  • Plan

Verification sealed source vs charted note

● Sealed source (truth)
● Charted note
Try it yourself · edit the note, re-run verification
Demo checker: structured field comparison. Production: model-assisted claim extraction with clinician adjudication.

Advisory attestation to CorCare · clinician-reviewed · simulated

EncounterSealed at block · CCU transfer
StatusAdvisory flag · unverified dx driving high-risk therapy
Advisory block
Sealed source
Regionca-central-1 (Montreal) · production target
SignatureEd25519 · publicly verifiable
↩ Advisory flag surfaced for the CCU clinician on the note's FHIR DocumentReference (simulated here). It does not change the chart or the orders. A clinician adjudicates, and that decision is itself sealed. The source is retained and immutable: when this record is challenged, nobody offers their word. They produce the record.

Resolution proposed · clinician-signed · sealed

Proposed amendment, drawn from the sealed source
  • DiagnosisPresumptive STEMI, unconfirmed; coronary angiogram pending. Myocarditis in differential.
  • PlanHold high-dose nitro pending confirmation; expedite angiogram.
✓ Clinician reviewed the source & signed adjudication sealed · block
Five x Five proposes; the clinician signs. The correction is grounded in the retained source and checked against the recording. Nothing changes without a human. The signed amendment and the decision are both sealed.

White-glove: tailored to your site and specialty. We tune what counts as material and run a resolution desk, so flags become fixes, not more work.

Take the proof with you peak-end · three ways

I am a:
1 · The sealed receipt

The record you just watched, its flags, the chain head, and a real Ed25519 signature. Check it at /verify or offline on any machine.

2 · A Phase-A validation slot

Synthetic encounters only, no patient data, six weeks to evidence. One click opens the request with your role and intent prefilled.

3 · The evidence pack

The receipt plus the pilot one-pager, sent to you once.

Used once to send the pack. No list, no tracking. Nothing here is gated.
Don't trust us · verify it

The record proves itself.

Every sealed record carries a signature anyone can check on their own equipment, with no access to our keys. Recompute the hash below, then alter the record and watch verification fail. The SHA-256 and Ed25519 on this page are real and run in your browser.

Sealed record · block
Presentation34M chest pain, Labrador transfer
DiagnosisPresumptive STEMI, unconfirmed
AngiogramNot done; myocarditis not excluded
PlanConfirm dx first; monitor BP
SHA-256
Recomputed···
Signature
Public key
Ready

Press Recompute & verify to check this record against its seal.

Scope, stated plainly: this demo generates a fresh keypair in your browser, so it proves integrity (the record was not altered after signing). In production, keys are created and held in AWS KMS/CloudHSM in Canada, never leave hardware, and only the public key is published, which adds provenance: who signed, and when, with the daily chain-root anchored to an independent RFC-3161 timestamp authority.

The obvious question, answered

“If their AI makes mistakes, can't yours?”

Yes. Our AI can misread a moment too; any AI can. So we built a product that never depends on being perfect. No single point of failure, and the final word is never the AI. It is the retained source and a human. Here is the net.

01
Two independent witnesses. Our capture is separate from the scribe. For an error to slip through, it has to survive two records made independently, not one.
02
We keep the raw source. The audio and a verbatim transcript are sealed and retained. Doubt any call, ours included, and you go back to the tape. The incumbents delete it. We don't.
03
The seal is math, not AI. Unaltered is guaranteed by cryptography (SHA-256, Ed25519), which does not make mistakes. Capture can be fallible; the integrity of what was captured is not.
04
It only flags. It never decides. The AI raises a hand for a human to look. It does not diagnose, prescribe, change the chart, or block care.
05
It fails loud, not silent. When capture is uncertain it says “review the source” and seals an uncertainty event. It never asserts a shaky reading as fact. Try it on the first step of the walkthrough.
06
A clinician has the final word, and it's sealed too. Every flag is adjudicated by a person; their decision goes on the record. Authority stays with the doctor.
Their AI makes a mistake and deletes the evidence: the error is permanent and invisible. Ours might make a mistake, but it keeps the receipts and shows its work, so any mistake, theirs or ours, becomes catchable. A safety net doesn't have to be perfect. It has to be there. Right now, there is none.
Built for the privacy & security review

Safe by design.

Every gate a health-system evaluator scores (residency, consent, least privilege, human oversight, tamper-evidence) is a design decision, not an afterthought. No real patient data flows until a PIA and TRA are signed off.

Canadian residency

ca-central-1 (Montreal). Region-locked by policy. Data never leaves Canada.

Consent-first

Consent captured before capture. Minimized to the clinical encounter. No SIN, no ID numbers.

Least privilege

SMART on FHIR: reads the note, writes an advisory flag only. Never touches orders or medications.

Advisory · human decides

Flags for clinician review. Does not diagnose, prescribe, or block. The clinician adjudicates; the decision is sealed.

Tamper-evident

Ed25519 signed, hash-chained, S3 Object Lock (WORM). Anyone can verify offline. Deletion never breaks the chain.

Full audit

Role-based, owner-scoped access. Every read and write logged to an immutable trail.

Regulatory path

PHIA · PIPEDA · ITSG-33 / Protected B · PIA + TRA before real PHI · SOC 2 Type II · independent pen-test.

Scribe-agnostic

Works beside any scribe and never needs its transcript. It holds the chart up to its own sealed source.

What we'd run · and what you'd learn

A pilot with zero patient-data risk.

Start where nothing can go wrong: role-played and synthetic encounters, no PHI, no PIA required. Prove the catch rate and the seal in weeks. Then, only after PIA and TRA sign-off, a small consented run.

  • SiteOne CCU or clinic within NL Health Services (CorCare / Epic).
  • Phase ASynthetic / role-played encounters, no PHI, no PIA needed. Prove accuracy + the seal.
  • Phase BConsented real encounters, only after PIA + TRA sign-off.
  • Duration6 to 8 weeks to a defensible evidence pack.
  • ScopeRead-only + advisory. Reads the charted note; writes an advisory flag. Never touches orders.
  • OversightEvery flag adjudicated by a clinician; the decision is sealed.
The ask

A clinical champion and a Phase-A validation slot. No PHI, no risk, six weeks to evidence.

What we already know (published)
  • Ont. AG17 of 20 approved AI scribes missed key mental-health details in provincial testing.Auditor General of Ontario, 2026
  • BMJ~795,000 people a year are killed or permanently disabled by diagnostic error in the US.Newman-Toker et al., BMJ Qual & Saf, 2023
What this pilot will measure
  • DetectDiscrepancy detection rate per encounter
  • AgreeClinician agreement with each flag
  • ResolveFlags that become clinician-signed corrections
  • BurdenAdded workflow time (guardrail: near zero)

These are the pilot's endpoints. The numbers come from the pilot. We don't pretend to have them yet.

Session ledger
Your browser only · demo chain, not the production ledger · append-only · tap a block to copy its JSON
verifying chain…
Tap or → to advance · R resets · Esc exits