Health
Triage

Project triage

Tell us what's not working. We'll show you how to fix it.

A senior engineering review of your healthcare build — code, architecture, and HIPAA / FHIR / SOC 2 posture. Written diagnosis from the team that's shipped regulated software for 25 years. No decks, no sales pressure, no commitment to engage afterward.

What you get

Four deliverables. Yours to keep.

Written diagnosis

Risk-ranked findings with severity, evidence, and recommended fix. Shareable internally with engineering and exec leadership.

Architecture diagram

Current-state system diagram, with data flows, integration points, and trust boundaries called out.

Compliance gap analysis

Mapped against HIPAA Security Rule, SOC 2 TSC, and FDA premarket cybersecurity guidance (where applicable).

Fixed-price remediation plan

Scoped roadmap with weekly milestones. Optional — take it to your existing team or come back to us.

Pick your path

Three intake flows

Procurement, pace, and engagement look different at each scale. Pick the path that matches you — we'll surface the right form.

How it runs

Four phases. Same names on every call.

Two senior engineers, one architect, one compliance lead. No handoffs to junior staff between kickoff and readout.

  1. Kickoff

    Access + scope

    Intro call. NDA / BAA executed. Read-only repo + cloud account access (or architecture docs under NDA if no repo).

  2. Discovery

    Code & architecture review

    Two senior engineers + one architect walk the codebase. We read the code — not just the README.

  3. Compliance

    Regulatory posture review

    Security and compliance lead maps your current state against HIPAA, SOC 2, and FDA premarket cybersecurity guidance (where applicable).

  4. Readout

    Diagnosis + roadmap

    Live readout with your team. Written diagnosis delivered same day. Fixed-price remediation plan attached. Q&A for as long as you want.

Who qualifies

Honest filters.

Triage is invested time on our side — which means we're careful about who we run it for. If you don't fit, we'll tell you fast and point you somewhere useful.

  • Healthcare or healthcare-adjacent product (telehealth, EHR, RPM, payer, MedTech)
  • US-based company or product targeting US users
  • In-progress or production system (not a slide deck)
  • Willing to share repo access or detailed architecture docs under NDA
  • Pure consumer wellness apps with no clinical claims
  • Pre-seed without a working prototype yet
“Most useful engagement we've had with a vendor in a year. They found two compliance issues my own team had missed, and the fixed-price plan came in at half what our previous estimate was.”

[Client name], CTO · Series B digital health platform