A virtual care startup launched their telemedicine platform — HIPAA-compliant, iOS and Android — in 14 weeks.
The client was a healthcare startup offering async telemedicine consultations: patient submits symptoms and photos, provider reviews and responds within 24 hours. No live video. HIPAA-compliant from day one. We built the iOS and Android apps and the provider web application.
No technical cofounder, clear product concept, and a HIPAA compliance requirement that required a developer who understood what that meant architecturally
The client was a physician who had built the clinical protocol for their virtual dermatology consultation service — a patient submits photos of a skin condition plus a structured symptom questionnaire, a dermatologist reviews the case and responds with a diagnosis and treatment plan within 24 hours, and the patient receives a prescription electronically if warranted.
The product was clinically sound. The problem was the technology. The client had received one proposal from a development agency: $180,000, 9 months, with an architecture that included Twilio for HIPAA-compliant messaging at $0.10/message (structurally expensive at scale) and a proprietary EHR integration the service didn't need at launch.
The HIPAA compliance requirement was real but not as expensive as the proposal had implied — if the architecture was designed correctly from the start.
iOS and Android patient app plus provider web dashboard — HIPAA-compliant, with async consultation workflow and Stripe billing — launched in 14 weeks
Intake questionnaire with condition-specific symptom fields
Photo capture for affected area (up to 6 photos per consultation)
Case submission with payment via Stripe ($75/consultation or monthly subscriptio
Secure in-app messaging for follow-up questions from the provider
Treatment plan view with prescription details and refill request **Provider web
Case queue with priority sorting by submission time and clinical flag
Patient case view: symptom questionnaire, photos, previous consultations, prescr
Response editor with diagnosis, treatment plan, and prescription fields
Prescription routing to pharmacy via Surescripts integration (integration facili
All PHI in Convex with row-level access control
Photo storage in Vercel Blob with signed access URLs (no public photo URLs)
Audit log on all PHI access
Automatic session timeout after 10 minutes of inactivity
One honest number to start.
Fixed-scope, fixed-price. The number below is the starting point — final scope is built from your brief.
iOS and Android patient app plus provider web dashboard — HIPAA-compliant, with async consultation workflow and Stripe billing — launched in 14 weeks
Three steps, every time.
The same repeatable engagement on every project. No surprises, no mystery, no billable ambiguity.
Brief & discovery.
We send you questions, then get on a call. Output: a written scope with every step, feature, and integration listed.
Build & ship.
Fixed schedule, weekly reviews. No scope creep unless you change the scope — and if you do, we reprice it transparently.
Warranty & retainer.
30-day warranty on every launch. Most clients stay on a monthly retainer for ongoing features and maintenance.
Results
- App Store and Google Play approval in first submission (HIPAA data practices disclosed in app store listing as required)
- First patient consultations 3 days after launch
- Provider response time target (24 hours) achieved in 97% of cases in first month
Related engagements.
HIPAA compliance is not a checkbox. It's an architectural requirement that must be built in from the start.
Read more02HIPAA compliance isn't a checkbox — it's an architecture decision made at the beginning.
Read more03Healthtech web applications need to be HIPAA-compliant before they can be used in clinical settings.
Read moreQuestions, answered.
For the async consultation model, prescriptions are managed through the prescribing service provider the client contracted with (which handles the state licensing requirements). The platform generates the prescription data; the service provider handles the routing to the pharmacy network.
The initial launch was async-only by design — lower latency requirement and lower infrastructure cost. Live video consultation is a future feature. Daily.co (HIPAA Business Associate Agreement available) is the planned video infrastructure.
HIPAA-compliant telemedicine mobile app with provider web application: from $60k. Fixed-price.
Tell Ryel about your project.
Describe what you’re building and what outcome you need. You’ll have a written, fixed-price scope within the week.