Frequently Asked Questions

What data formats does your API accept (e.g., X12 837, CMS-1500, UB-04)?

The API expects and will return JSON. The expected JSON format will be provided.

Can we send both professional and facility bills?

Yes

Do you support real-time and batch processing?

Yes. We can process a bill in as little as 50 milliseconds, but the average is 250 milliseconds.

What's the typical response time for a bill submission?

250ms.

Do you offer webhooks or callbacks for asynchronous processing?

Nothing currently.

How do you handle OCR for scanned/PDF bills?

Currently, we have not partnered with OCR vendors. However, we are looking into OCR partnerships.

What authentication and security protocols are used (OAuth, API keys, HIPAA compliance)?

BillSentry employs a two-factor authentication approach for API access.

• OAuth 2.0 and short-lived JWT Access Tokens
• TLS minimum version is 1.2
• All access is logged for audit purposes (PHI is not logged, only transaction-level data)

Which state fee schedules do you support, and how often are they updated?

We currently support 40 states, with full 50-state support expected to be completed by Q2 of 2026. The fee schedules are updated as soon as they are available.

Do you support OWCP (Federal workers' comp)?

Yes. We have full support for OWCP.

Do you support auto workers' comp?

No.

Do you store the Bills we send you to review?

Suppose you are using our API solely to price bills. We only process your bill and return the results in JSON format. We do not store your bill. However, we do store aggregated data so we can provide analytics and compare your bill against averages. No PHI data is stored.

By signing up for our Recon feature, we store the bills to calculate the deltas between them effectively.

Do you handle UCR calculations where fee schedules don't apply?

We use medicare values for states that do not currently have a fee schedule. Inpatient bills for UCR states are not currently supported. BillSentry may license a UCR fee schedule from FairHealth in 2026.

Do you support Medispan and/or Redbook for drug pricing?

BillSentry is using NADAC (National Average Drug Acquisition Cost) from Medicare, which we have found to be a higher-quality database of drug prices.

We may integrate Medispan pricing as needed.

Do you support PPO contract pricing or custom network discounts?

We support PPO and many other values, such as negotiated or adjuster denials. However, we do not have any partnerships with PPO vendors to send them the bill, have them reprice it, and then send us the price back. If the user enters a PPO value, though, or the bill is sent to us with a PPO value, we'll include that in our calculation.

How do you deal with code bundling and unbundling?

We fully support NCCI to bundle code pairs together.

Do you apply edits like NCCI, MUEs, or global surgery rules?

We follow the state regulations. If a state has adopted NCCI or MUE, we apply it. We use surgery follow-up days to office visits when appropriate.

Can we use outside values for the fee schedule rates? In other words, can a customer override the fee schedule rate?

Yes. We support external values from any source (customer, PPO vendor, UR vendor, etc) that can override any bucket in multiple ways:

Override the fee schedule or bill review value and do not run any fee schedule or bill review rules against the service code. Values are supported at both a bill and line level. Bill level values will be distributed to the service lines according to their billed charges. Percentage discounts at both the line and bill levels are also supported. This will allow the customer to force the allowance to a specific value, knowing the fee schedule or bill review rules will not adjust it.

Replace or add to the fee schedule or bill review value. This allows the customer to specify a fee schedule or bill review value that can be adjusted by a fee schedule or bill review rule (for example, the "multiple surgery discount" bill review rule). A customer can specify a bucket’s value either before the rules run, during the rules execution, or after the rules have run. A customer can also take a percentage discount. For example, the state fee schedule is $100, and the customer wants a 10% discount after the fee schedule allowance has been applied.

Override all fee schedule values and rules, and place all allowances into a single bucket, supported at both the bill and line levels. For example, pay $100 into the UR bucket and ensure there is no reduction in any of the other buckets.

For #1 and #2 above, multiple values per bucket are supported. For example, the customer can set the bill review allowance to $100 and also apply a 10% discount, each with its own reason code.

Can we configure or override specific pricing rules or modifiers?

BillSentry is designed from the ground up to support this. You have multiple options, including augmenting the fee schedule allowance, replacing it, and the same applies to the bill review rules.

Is every reduction supported by a reason code?

Yes. A reason code will support every reduction.

Are CARC and state reason codes supported?

There is full support for states (such as California) that mandate CARC and state-specific reason codes. The appropriate CARC and state-specific reason code will be given along with the internal reason code from the BillSentry API.

Recons

Recons replace prior bills with a new "original," tracked by control number + sequence. Only the latest sequence matters for payments and history. This approach simplifies totals and allows delta tracking, with some future options for handling discounts and allowances.

What does your API return—just the pricing, or an entire EOR (Explanation of Review)?

The BillSentry API returns all repriced bill and service information in JSON format, which can be used to produce an EOR. We currently support CARC and state-specific reason codes for those states that mandate them on the EOR.

The JSON includes a link to our SmartBill, along with an optional QR Code for access.

View a sample SmartBill (Enter $13,667.23 for verification)

Do you return detailed audit notes or reasons for reductions?

Yes. We include a detailed breakdown of exactly what went into each line's allowance.

Can we obtain a breakdown of allowed amounts by line item, along with the corresponding reasons?

Yes.

Is your documentation self-service and up-to-date (Swagger, Postman collection, etc.)?

When customers sign up for the BillSentry API, we will provide full details on how to integrate the BillSentry API into your Bill Review system.

How does BillSentry make its Bill Review API pricing defensible?

BillSentry provides full defensability for every bill. Returned in the BillReview API JSON, we include the Bill Review allowances.

In the return JSON, we provide a unique link to our SmartBill, along with optional verification, to access it. The SmartBill, although not an EOR, is similar but with full defensibility built in. The Bill Information and each service line provide a detailed breakdown of why the line was paid as it was, with live links to the state regulation defining the applicable rule(s).

View a sample SmartBill (Enter $13,667.23 for verification)

Are you HIPAA compliant?

Yes. Our platform is built to meet HIPAA’s administrative, physical, and technical safeguard requirements (Such as privacy, security, notifications, and Omnibus rules).

Do you sign Business Associate Agreements (BAAs)?

Yes. We execute BAAs with all covered entities and business associates handling PHI.

How is PHI stored and transmitted?

All PHI is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). Access is role-based and logged for auditing.

Please note that unless we are processing your Recons, we only store aggregated data and no PHI.

Do you log or store PHI in audit trails?

No. We only log transaction metadata (timestamps, request IDs, etc.), never PHI.

Where is PHI stored?

All PHI is stored in secure, HIPAA-compliant AWS regions located in the United States.

How do you control internal access to PHI?

We utilize role-based access control (RBAC) and the principle of least privilege, and require multi-factor authentication for all administrative access.

Do you have breach notification procedures?

Yes. We follow HIPAA's breach notification rules and can notify customers within the required timeframes.

How do you handle data retention and disposal?

We retain PHI only for as long as required by law or as specified in our contracts. Secure deletion methods are used for disposal.

Do you support the de-identification of data for analytics or testing purposes?

Yes. We can strip or mask identifiers to create HIPAA-compliant de-identified datasets.

Do you conduct regular HIPAA security risk assessments?

Yes. We perform annual HIPAA security risk assessments and periodic penetration testing.

Is your team trained on HIPAA requirements?

Yes. All employees undergo HIPAA and data privacy training annually.

Do you have physical security measures?

Yes. All systems hosting PHI are located in SOC 2/ISO 27001 certified data centers with strict physical access controls.

How do you handle unlisted codes or unknown modifiers?

This is state-specific. We follow state requirements.

Do you support DRG-based hospital reimbursement?

Yes. Our BillSentry API supports both professional and facility bills for all states.

What happens if multiple jurisdictions apply to a single claim (e.g., multi-state employers)?

We base the allowance on state regulations regarding claim location and provider location. We also support comparing the out-of-state total with the in-state total for states like Delaware that require us to pay the lesser of.

Can the BillSentry API flag questionable or duplicate charges?

Yes. We will flag codes that were disallowed due to a lack of documentation or prior authorization. We also support duplicate checking and disallow duplicate lines.

Do you support rules for treatment duration limits, frequency caps, or pre-auth requirements?

We support pre-auth requirements. We support duration and frequency limit rules as per state guidelines. We do not have a stand-alone UR (utilization review) product that allows end users to set their own limits.

Do you provide reporting or analytics APIs (e.g., top reductions, savings by code)?

In 2026, we will provide customers with KPI data, enabling full analytics on their BillReview business.

Can we obtain logs of all bill review requests and their corresponding results?

Yes. Detailed logs of how the bill was paid are standard.

Can your system track historical pricing or rule changes over time?

Yes. Generally, it depends on the availability of the data as to how many years of historical data we'll support. For Medicare, we go back almost 25 years. For Pennsylvania, we go back 1 year.

As rules change over time, we will term out the old rules, bring in new rules with the correct effective date, and all the fee schedule data we use is based on an effective-term date range.

How is your API priced—per bill, per line, per hit, or subscription?

Tiered pricing based on expected usage. Pricing can be per-bill or volume-based, depending on the predicted bill volume.

Do you offer a sandbox or free tier for development/testing?

Yes.

Are there SLAs for uptime or response time?

Uptime is currently 99.99%, with 99.999% uptime available upon request, as per contract requirements and applicable pricing levels.

What volume can your API handle—are there rate limits?

There are no technical restrictions on API call rates. We may, however, implement a rate limit to prevent unauthorized access.

The API is multi-threaded and is load-balanced.