Questions from compliance officers, general counsel, and procurement teams, including the hard ones about data, privacy, and discoverability. If you don't find what you're looking for, email us at support@ruleresource.com.
RuleResource is a healthcare compliance intelligence platform built for in-house compliance officers, general counsel, and risk managers at health systems and provider organizations. It combines federal statutes, regulations, OIG advisory opinions, enforcement actions, and state guidance into one platform, synthesizes them into a structured plain-language analysis, and delivers a citeable, exportable research record for your compliance file.
Chief Compliance Officers, General Counsel, compliance analysts, and risk managers at hospitals, health systems, physician practices, behavioral health organizations, FQHCs, and other healthcare providers. If your team regularly asks "what does the regulation say" and needs a documented, citeable answer — RuleResource is built for you.
General-purpose tools generate answers from their training data. They cannot tell you which official source a statement comes from, cannot verify that the source is current, and frequently produce confident-sounding but incorrect regulatory statements. RuleResource only synthesizes information from indexed official government sources. Every statement is tied to a specific cited document. You can click through and verify every authority cited. We will never produce a statement that is not grounded in an indexed official source.
Westlaw and LexisNexis are general-purpose legal research databases priced for law firms — typically $6,000–$10,000 per seat per year. Most in-house compliance teams don't have them. RuleResource is purpose-built for healthcare compliance: it covers the specific regulatory areas that matter (CMS, HHS, OIG, DEA, HIPAA, Stark, AKS, EMTALA, CLIA), produces a structured 12-section deliverable instead of raw search results, includes automated regulatory change monitoring, and is priced as an organizational subscription rather than per attorney seat.
Only official government sources: federal statutes via the eCFR and Congress.gov, federal regulations (42 CFR, 45 CFR, 21 CFR, and others), Federal Register notices and final rules, federal court opinions from all circuits and the U.S. Supreme Court, OIG Advisory Opinions, HHS Departmental Appeals Board decisions, and state statutes and agency guidance for covered states. We never use secondary sources, commentary, or third-party summaries.
Yes. Every research query includes a dynamic search of federal court opinions, which covers all federal appellate courts and the U.S. Supreme Court. For fraud and abuse topics, we also include OIG Advisory Opinions — the most authoritative guidance available on specific Anti-Kickback Statute arrangements. The case law citations are synthesized into the analysis alongside the regulatory text, so you get both the rule and the judicial interpretation.
Every source record displays a 'last verified' date. Our system re-fetches and hash-checks all indexed sources nightly. When content changes, the source is flagged and a significance assessment is generated. The confidence badge on every research result tells you how recently the underlying sources were verified: Verified (within 7 days), Review (7–30 days), or Stale (over 30 days).
We will tell you explicitly. If no indexed sources match your topic and jurisdiction combination, the response will say so clearly — we will never generate content from general knowledge to fill a gap. This is a feature, not a bug: a "no indexed sources" result is an accurate answer, not a failure.
Currently: California, Texas, Florida, New York, Pennsylvania, Illinois, Ohio, Georgia, North Carolina, and Michigan — plus Federal. Federal coverage is comprehensive across all 15 topic areas. State coverage is being expanded continuously. Enterprise clients may request prioritized coverage for additional states.
Every report has twelve sections: (1) the research question in professional language, (2) a summary of applicable standards, (3) federal standards, (4) state standards by jurisdiction, (5) how federal and state standards interact, (6) relevant case law and agency guidance, (7) common compliance pitfalls, (8) an audit-ready checklist, (9) documentation requirements, (10) a risk watch flag when applicable, (11) related requirements to review, and (12) recommended next steps.
Yes. Every completed research report can be exported to PDF (formatted, with a locked disclaimer footer) or Word (.docx) for your compliance file. The PDF includes the full 12-section report with all authorities cited and linked. You can also copy the full text to your clipboard.
No. RuleResource provides informational research — the same kind of research a paralegal or compliance analyst would produce to support a legal decision. It tells you what the law says, what courts have held, and what OIG has opined. It does not tell you what your organization should do, does not create an attorney-client relationship, and does not substitute for qualified legal counsel. The research record is designed to support your counsel's analysis, not replace it.
Yes. After receiving a result, you will see suggested follow-up questions that could sharpen the research — for example, whether an LCSW is in a private practice vs. agency setting, or whether the arrangement involves a telehealth component. You can answer those questions and re-run the analysis with the additional context.
No. RuleResource's analysis engine is configured for zero data retention. Your queries and org data are never used to train any external model, by anyone. Each request is processed and discarded. The system has no memory of what you asked yesterday, last week, or last year. Your questions do not improve any service that any other organization uses. This is a core architectural commitment, not a setting you have to remember to turn on.
Your data lives in RuleResource's private database, hosted in a SOC 2-compliant cloud environment in the United States. It is row-level isolated, so no other organization can access your queries, history, or profile. The analysis engine processes your queries in transit but does not store them. Your data is not indexed, not shared, and not visible to other RuleResource users or customers.
No. This is deliberate. When we inject your organization's profile into an analysis to personalize it, we strip your organization's name and any identifying details before it reaches the analysis engine. The system receives categorical context, such as "medium-sized behavioral health organization operating in Texas and Florida with Medicare/Medicaid payer mix," not your org's name. Your organization's name stays in your private account database only.
The text of the research question you type. Official source content retrieved from government databases. An anonymized profile of your organization's type, size, states, and compliance risk areas (no name, no identifying info). That's it. The analysis engine receives enough context to produce a tailored, relevant result, but not enough to identify your organization.
RuleResource is best suited for regulatory research and proactive compliance work. For sensitive investigations — potential fraud, specific individual conduct, whistleblower matters — you should work directly with qualified legal counsel. The platform's query history is a business record, and for sensitive investigations you want to manage privilege and discoverability carefully from the start. We provide research infrastructure, not legal strategy.
RuleResource does not process, store, or transmit Protected Health Information (PHI). The platform handles regulatory research, billing pattern analysis using publicly available CMS data, and compliance assessment — none of which involves individual patient records. Do not submit PHI in your research queries. The NPI and billing analysis tools use public CMS datasets that do not contain individual patient information.
This is the right question to ask, and here is the straight answer: queries stored in your RuleResource history are business records held by your organization. Like any business record, they are potentially subject to legal process — subpoena, document requests in litigation, government investigations. Researching a regulatory issue does not itself establish notice of wrongdoing. Courts consistently recognize that compliance research is the responsible thing to do. But you should understand what you are creating and manage it accordingly.
No more than you should worry about any compliance documentation. Good compliance programs create records — that is the point. An organization that researches regulatory requirements and documents that research is in a far better position than one that doesn't. The research history shows your program is active and responsive. If you take action based on what you find, that action (and the documentation of it) is what protects you — not the absence of a research record.
Yes. Individual queries can be deleted from your History. You control your data. If your organization's records retention policy requires deletion of certain categories of documents after a defined period, you can apply that policy to your RuleResource history. We do not maintain backup copies accessible to us after deletion.
Potentially yes, depending on how they're used. If queries are submitted by or at the direction of legal counsel in connection with legal advice, they may qualify for attorney-client privilege or work product protection. That determination depends on facts specific to your organization and jurisdiction — it is not something RuleResource can guarantee. Consult your general counsel about how to integrate RuleResource into your privileged compliance workflow.
We will cooperate with lawful legal process directed to us. That said, we don't have much: we hold account records (user email, organization name, subscription data, query history, research results) but we do not have access to your internal documents, communications, or clinical records. We will notify you of any legal process directed to your account data where legally permitted to do so. See our Terms of Use and Privacy Policy for the complete picture.
Yes, in two ways. First, your Organization Intelligence Profile improves with use — the more your team interacts with the platform, the richer the profile of your organization's risk profile, service lines, and compliance focus areas. Second, the relevance feedback you give (marking results as helpful or not) is used to understand what kinds of analyses your team finds most valuable, and future responses are shaped by that history.
The Intelligence Profile is a structured description of your organization built from your website, public enforcement records, and operational data you provide. When you run a research query, this profile is used (in anonymized form) to tailor the analysis to your specific context — your provider type, your payer mix, your risk areas, your enforcement history if any. A hospital's research result looks different from a physician practice's, even on the same question. The profile is what makes that personalization possible.
When you mark a research result as helpful or unhelpful, that signal is stored against your account. Over time, patterns in your feedback tell the platform which types of analysis, which source types, and which levels of detail your compliance team finds most useful. Future responses are calibrated against those patterns. This learning is local to your account — it never leaves your database or improves anyone else's experience.
Yes. Build your Intelligence Profile first (Settings → Build Intelligence Profile), then use the platform for the regulatory questions your team actually has. The more queries you run in your actual practice areas, the faster the platform understands your risk profile. High-quality feedback — marking what's useful and what isn't — accelerates the calibration.
When you run a research query, you can click 'Monitor' to add that query to your watch list. When any of the regulatory sources underlying that query change, you will receive an alert via your weekly digest email. Changes are classified as Significant or Minor — you can configure your account to receive alerts only for significant changes.
Our system re-fetches all indexed sources nightly and compares a cryptographic hash of the content to the previous version. If the content has changed, the platform analyzes the new content and classifies the change as significant (a substantive change to requirements, enforcement, or coverage) or minor (formatting, cross-references, or clerical). Significant changes are flagged immediately in your next digest.
Weekly, on Monday mornings, if you have active monitors and there are changes to report. You can configure your frequency to monthly or never in your account settings. We only send the digest when there is something to report — we do not send blank digests.
We will answer them on a demo call — using your own compliance questions as examples.
Request a Demo