Methodology Changelog

Methodology Changelog

A public record of every material change to how DocTransparency presents its data. We update this page whenever editorial methodology, source attribution, scoring, or display logic changes.

The current methodology is documented at /methodology.

2026-04-17 — Pre-launch hardening

Changes that affect what visitors see:

  • Every provider profile now displays a "verify on NPPES" link next to the NPI, plus per-section "verify on CMS" links for Medicare Provider Utilization and Open Payments. Each link points directly to the official CMS source record for that provider's NPI.
  • Every provider profile now includes a persistent disclaimer banner at the top: "Informational, not a quality rating," with a direct link to the Provider Portal for corrections.
  • Every provider profile now includes a persistent legal footer summarizing data sources, statutory basis (Sunshine Act §6002 ACA, FOIA), and the non-clinical-advice disclaimer.
  • Two new pages: Provider Portal (with defined SLAs and CMS dispute pathways) and Press (fact sheet and editorial position).
  • About page strengthened with explicit "no industry funding / no advertising / no data sale" up-front statement and "What we don't claim" section.

Changes to legal documents:

  • Methodology now includes the statutory basis for publication (Sunshine Act §6002, FOIA, Bartnicki v. Vopper), per-source data vintage dates, the Open Payments self-reported caveat, a corrections workflow with 5-day SLA, and named editorial responsibility.
  • Terms of Use hardened with: operator identity (unincorporated project pending US legal entity), explicit no-scraping / no-AI-training acceptable use, DMCA designated agent, ALL-CAPS warranty disclaimer with $100 liability cap and healthcare-decisions carve-out, indemnification, Delaware governing law, AAA arbitration with jury and class-action waiver, and 30-day arbitration opt-out.
  • Privacy Policy expanded to: full nginx server-log enumeration with 14-day retention and GDPR Art. 6(1)(f) lawful basis, GDPR controller designation (Yoel Castaño, Spain — Art. 3(1) applies for all visitors regardless of location), CCPA/CPRA notices with 12-month lookback and 45-day SLA, third-party processor list (Hetzner DE, Cloudflare US with SCCs), no-cookies-at-launch commitment, COPPA <13 statement, provider takedown process, and breach notification commitment.

Operational changes (not visible on public pages):

  • 809 orphan profile directories (legacy NPPES taxonomy-code slugs from earlier generation) removed from output/. All current profiles use human-readable specialty slugs.
  • /404 page now includes <meta name="robots" content="noindex, follow"> and is excluded from the sitemap.
  • Open Graph image (static/og-default.png, 1200×630) added for Facebook / Twitter card previews.

No changes to:

  • The Transparency Score formula
  • The four data sources (NPPES, Open Payments, Medicare Provider Utilization, PECOS)
  • The data vintage (NPPES weekly snapshot 2026-04, Open Payments PY2023, Medicare CY2022, PECOS 2026-04)
  • Coverage scope (Texas + Florida)

2026-04-16 — Full audit remediation

Source: Internal 6-team adversarial audit. 87 findings identified, 84 resolved across 5 sprints.

Major changes that affect what visitors see:

  • Hub provider count fix: corrected JOIN multiplication in scripts/11_generate_hubs.py that previously inflated provider totals on specialty/state and specialty/state/city hubs.
  • Company hub display fix: company directory pages now correctly show top doctors with payment amounts (previously a context mismatch caused empty rows).
  • Doctor profile URL format fix in analysis pages: links from /analysis/... to provider profiles now resolve correctly.
  • Per-procedure median values: scripts/10_generate_profiles.py now computes medians from sorted arrays instead of the previous "AVG-as-median" approximation.
  • Coverage display: replaced hardcoded coverage defaults with safer N/A and dynamic ranges where available.

Open Payments category reclassification:

  • "Current or prospective ownership or investment interest" → reclassified as financial (was: scientific)
  • "Royalty or License" → reclassified as financial (was: scientific)
  • Narrative copy and on-page chips updated accordingly.

E-E-A-T improvements:

  • Founder name (Yoel Castaño), LinkedIn link, and Organization schema added to /about and footer.
  • Editorial responsibility named on /methodology.

Technical infrastructure:

  • All SQL queries refactored to parameterized form (was: string concatenation in _state_filter() — potential injection).
  • Jinja2 autoescape enabled (was: false — CMS data was rendered un-escaped).
  • HSTS preload header, Permissions-Policy, CSP pinned to unpkg.com/[email protected]/, autoindex disabled in nginx.
  • Deploy runs as non-root deploy user.

Data refreshes:

  • All 497K pages regenerated against the same data vintage as the next entry.

2026-04-13 — Initial code-data integrity fixes (commit bfa12c9)

Pre-audit changes that established the current data invariants. Documented in MEMORY.md under "What Was Fixed in Code (bfa12c9)":

  1. Prevented JOIN multiplication in hub provider totals (scripts/11_generate_hubs.py).
  2. Fixed company hub context mismatch (top_doctors + amount) in hubs/template.
  3. Fixed doctor profile URL format in analysis links (scripts/13_generate_analysis.py).
  4. Replaced fake "median via AVG" with real median from sorted arrays.
  5. Replaced hardcoded coverage defaults with safer N/A and dynamic ranges.
  6. Reclassified Open Payments categories (Royalty / Investment → financial).

How we record changes

This changelog records:

  • Any change to what data we display on profile pages (new fields, removed fields, changed labels)
  • Any change to how data is sourced or computed (e.g., new data vintage, score formula change)
  • Any change to legal documents (Methodology, Terms, Privacy, About)
  • Any change to provider-facing process (correction SLA, takedown workflow)
  • Major infrastructure changes that affect how the site is served

This changelog does NOT record:

  • Bug fixes that don't change visible output (purely internal corrections)
  • Cosmetic style changes (CSS-only, layout tweaks)
  • Adding or removing individual provider profiles (that happens automatically with each data refresh)

For the complete commit-level history, see the GitHub repository (public at launch).

For specific provider data corrections, see the Provider Portal.

For questions about any change documented here: [email protected].

Data Disclaimer — Data sourced from the Centers for Medicare & Medicaid Services (CMS): National Plan and Provider Enumeration System (NPPES), Open Payments program, Medicare Provider Utilization and Payment Data, and Provider Enrollment & Certification data (PECOS). Published under the Freedom of Information Act (FOIA). This website is not affiliated with, endorsed by, or authorized by CMS, HHS, or the U.S. Government. Data may contain errors as reported to CMS by providers and reporting entities. Payments from industry are legal and do not indicate wrongdoing. Medicare data reflects only patients aged 65+ or those with qualifying disabilities. For corrections, contact CMS directly. This information does not constitute medical advice and should not be used as the sole basis for choosing a healthcare provider. Procedure descriptions use plain language and do not reference CPT® codes, which are copyrighted by the American Medical Association. Full methodology → · Report a data error → · Privacy policy →