Clinical software
under sign-off

Healthcare systems are regulated artefacts. We build clinical workflows, patient portals, imaging pipelines and interop layers that stay auditable, de-identified on the right sides, and clinician-approved on every decision that touches a patient.

See capabilities Scope a healthcare build
Clinical system topology: EHR, patient portal, imaging, research enclave with PHI and de-identified flows clinical.topology fhir r4 · hl7v2 ehr · portal · imaging · research EHR · coreepic · cerner · smart Clinician UIorders · notesdecision support PHI · patientportal · ssotelemedicine ImagingDICOM · PACSradiology sign-off De-identified research enclavek-anonymity · differential privacy · safe harbour Audit + complianceHIPAA · HITECH · GDPR · ISO 13485 · IEC 62304

CAPABILITIES

Six surfaces we ship under clinical review

Clinical workflow, patient portals, imaging, interop, RCM and research — run under one team with BAAs in place and decisions signed off by named clinicians.

01

Clinical workflow tools

EHR-aware front-ends, order entry, note templates, decision support pills under explicit clinician review.

02

Patient-facing portals

Appointment, telemedicine, secure messaging, pre-visit intake with SMART-on-FHIR and SSO.

03

Clinical imaging

DICOM pipelines, PACS integration, AI-assisted triage under radiologist sign-off, audit-ready.

04

Interop & HL7 / FHIR

Epic / Cerner / Allscripts connectors, HL7 v2 ingestion, FHIR R4 resource mapping, terminology binding (SNOMED, LOINC, ICD-10).

05

RCM & claims

Claims generation, 835/837 handling, denial routing, coding suggestions reviewed before submission.

06

Research platforms

Registry systems, eCOA / ePRO, de-identification pipelines, secure data enclaves for sponsored studies.

RISK LEDGER

Four failure modes we plan for from day one

Clinical software fails in specific, known ways. The four rows below are on every risk file we open — severity at the left, mechanism on the right. Mitigations ship before the product does.

High

De-identification drift

Re-identification risk when synthetic datasets leak quasi-identifiers; formal k-anonymity + DP audit.

High

Model bias on demographic slice

Accuracy gap across age, ethnicity, insurance. Fairness metrics stay on the release dashboard.

Medium

Terminology drift

Codes (SNOMED, LOINC, ICD) update quarterly; mappings versioned and diffed per release.

Medium

Alert fatigue

Decision-support pills tuned to precision, not recall; dismissal rate becomes a first-class signal.

AI under radiologist sign-off

AI-assisted triage does not dismiss the clinician. The MLOps layer carries the eval, bias audit and explainability needed for regulated model-in-the-loop decisions.

Open MLOps layer ↗

COMPLIANCE MAP

Four regulatory tracks we design against

Controls traced to evidence on each track. Ready for audit without a sprint of screenshot archaeology.

HIPAA · HITECH

  • PHI handling in-region
  • BAA and subprocessor registry
  • Audit-log coverage
  • Breach playbook + drill

GDPR · healthcare

  • Article 9 special-category handling
  • Data-residency (EU, UK)
  • DPIA per engagement
  • Delete-on-request + right to rectify

Clinical safety

  • ISO 13485 hooks where applicable
  • IEC 62304 software lifecycle
  • DTAC / NHS Digital
  • Risk file + hazard log

FDA / EU MDR

  • SaMD classification
  • 510(k) doc path
  • Clinical evaluation ready
  • Post-market surveillance hooks

Adjacent disciplines

Where clinical software connects

AI safety

MLOps & Governance

Eval suites, bias audit, explainability and the retraining pipeline behind clinical-decision models.

 Security

Cyber Security & Risk Ops

PHI handling, IAM, BAA management, incident workflow and HIPAA / GDPR audit readiness.

 Imaging

Computer Vision

Medical imaging pipelines: MRI, CT, X-ray, histopathology with radiologist-in-the-loop review.

 Product

SaaS Product Development

Six-surface subscription products: patient portals, admin consoles, billing and identity.
Regulated · reviewable

Build clinical software clinicians actually trust

Share the workflow, the EHR landscape, the patient cohort and the regulatory jurisdictions. We come back with an architecture sketch, BAA map and risk file inside ten working days.

Start a healthcare engagementOr open security