FHIR Option H Workflow Broker · Patent Pending

The Stripe
for Healthcare AI.

One integration. Every AI vendor. Architecture-level data protection.

CitaCell is a structural compliance and integration rail between EHRs and external AI vendors. Health systems integrate once. PHI exposure is structurally minimized at the trust boundary, by design.

Request a Conversation See How It Works
277M
U.S. patient records breached in 2024 alone
$9.8M
Average cost of a single healthcare breach
1
One integration, every AI vendor in the network
The Problem

Healthcare AI Has a Trust Boundary Problem.

Every new AI vendor a health system adopts means a new integration, a new Business Associate Agreement, a new audit cycle, and a new copy of patient data leaving its perimeter.

Each vendor receives identifiable PHI under access-control assumptions that fail the moment a token leaks, a vendor is breached, or an API is misused. The compliance burden compounds. The breach surface compounds.

And meanwhile, the AI capability the clinic actually wanted, the coding assist, the ambient scribe, the prior-auth automation, sits behind months of legal review.

21×
Healthcare breach surface compared to other regulated industries
$187B
Projected healthcare AI market by 2030
Patient Records Breached, U.S.
A vendor-integration problem masquerading as a cybersecurity problem.
2018
15M
2020
26M
2022
52M
2023
133M
2024
277M
82% of the U.S. population had health data exposed in 2024 alone.
How CitaCell Works

One Rail. Every AI Vendor.

The clinical workflow doesn't change. The trust boundary does. CitaCell sits between the EHR and the AI vendor, routing what the vendor actually needs, never the full record.

EHR Intake

A clinical event, a note, an encounter, an order, fires a routing request via SMART on FHIR or CDS Hooks. CitaCell receives the request through one approved integration.

Scope & Route

The routing layer determines what the vendor actually needs to perform the task, and constrains the request to that scope. The vendor never sees the rest of the record.

Vendor Computes

The AI vendor receives a scoped request, performs the task, and returns a structured result. Codes, suggestions, scribes, authorizations. CitaCell hands the result back through the same single connection.

Write-Back

The clinician reviews and approves. The approved result is written back to the EHR via FHIR. An audit trail is produced as a byproduct of the flow, not as an afterthought.

Use Cases

One Integration. Every Workflow.

Any AI capability that needs scoped access to clinical data can run on the rail. These are the workflows in the active pipeline.

Medical Coding

ICD-10 and CPT code generation from clinical notes. Missing-modifier detection, undercoded E&M review, documentation-gap flags before claims are submitted.

Active Pilot

Ambient Documentation

AI scribes that listen during the encounter and produce structured notes, problem lists, and orders, with the patient context constrained to the encounter only.

In Pipeline

Prior Authorization

Automated PA assembly. Pull only the elements payers actually require, structure the submission, surface the decision back into the workflow. No full chart exposure to the vendor.

In Pipeline

Medication Management

Drug interaction checking, allergy verification, dosing review. Constrained to the medication list and relevant labs. The vendor never sees the surrounding chart.

LOI Signed

Revenue Cycle

Claims integrity, denial prevention, charge capture. Run vendor logic against the billing-relevant slice only, return structured fixes, write back to the practice management system.

LOI Signed

Clinical Decision Support

Risk stratification, diagnostic suggestions, guideline alignment. Scoped to the question being asked. Suggestions surface in the workflow, the clinician decides.

Roadmap
How CitaCell Compares

A Different Layer. A Different Posture.

Existing approaches sit at the authentication, scrubbing, or policy layer. CitaCell sits at the data-minimization layer beneath them.

The New Layer CitaCell FHIR Option H Workflow Broker Integration Layer API Gateways Redox, Health Gorilla, Particle Data Layer Clean Rooms De-identified data environments In-House DIY Vendor Onboarding One BAA per AI vendor
Integration Model One connection, every vendor inherits the integration. One connection, but PHI flows to each vendor individually. Bulk export to an analytics environment, not workflow-time. Custom integration per vendor.
PHI to Vendor Structurally minimized at the boundary. Vendor receives identifiable PHI under scoped tokens. De-identified, but not real-time and not workflow-bound. Full chart access per vendor, per workflow.
Vendor Onboarding Vendor integrates with CitaCell once. Inherits the health-system relationship. Standardizes the API. Compliance review still per vendor. Not designed for production AI workflows. Months of legal, security, and integration review per vendor.
Audit Trail Produced as a byproduct of the routing flow, not a separate system. Per-vendor audit logs that the health system must consolidate. Analytics-grade, not workflow-grade. Per-vendor logs, manually reconciled.
Compliance Burden Compliance posture becomes a property of the rail. Reduced, but compliance still scales with vendor count. Compliant for analytics, not for clinical AI in the workflow. Linear with vendor count. The burden compounds.
Time to New Vendor Days. The health system has already approved the rail. Weeks to months, depending on the BAA cycle. Not the right vehicle for vendor onboarding. 3 to 9 months on average.
Network Effects

Every Connection Compounds.

The first integration is hard. The hundredth is a configuration change. CitaCell turns vendor adoption from a compliance project into an operational decision.

HEALTH SYSTEMS HS HS HS HS HS CITACELL RAIL AI VENDORS CODE SCRIBE PA MEDS RCM
Health-System Lift

One BAA, one security review, one integration, regardless of how many AI vendors plug in.

Vendor Lift

Build to the rail once, reach every CitaCell-connected health system without re-doing compliance per buyer.

Compounding Value

Every new vendor makes the rail more valuable to health systems. Every new health system makes it more valuable to vendors.

First Production Deployment
Pilot Planned for Late June 2026.

A multi-site specialty practice. The rail in production. Code generation, write-back, audit trail, end to end.

The Team

Physician-Architect. Industry Operators.

Built by a working internal medicine physician with a team that has shipped healthcare integrations at scale.

Abdullah Darvesh

Abdullah Darvesh, MD

Founder & CEO

Practicing internal medicine physician. Incoming Duke MMCi. Sole architect of the rail. Named inventor on all patents. Built the entire framework from the clinical bedside outward.

Naresh Sundar Rajan

Naresh Sundar Rajan

CTO

PhD Health Informatics. MS Computer Science. Federal advisory committee experience. Former Chief Digital & Technology Officer at Systems Integrations. Led 400+ hospital integrations across the U.S.

Julian Kuhnl

Julian Kuhnl, MD

CPO & Founding Partner

Physician-engineer. Holds MD and CS. Owns coexistence architecture and product depth.

Sulaiman Shibly

Sulaiman Shibly

COO & Founding Partner

Senior Product Manager at Microsoft. Previously Google. CMU Tepper. Drives operations, finance, and go-to-market.

Engineering, Security & Growth
BZ
Bilal Zahoor
VP Sales
MB
Michael Blazej
Sr. Security Engineer
AT
Apil Tamang
VP Engineering
IS
Ibrahim Saifullah
Founding Engineer
Get in Touch

Dignity for Your Data.

If you are a health system evaluating AI adoption, an AI vendor looking to reach health-system buyers without months of legal review, or an investor focused on healthcare infrastructure, we want to hear from you.

Request the Pitch Deck See How It Works
Abdullah Darvesh, MD · Founder & CEO
[email protected]