HITRUST-ready as of 2026-05-20
The control families an auditor expects — identity, access, cryptography, audit logging, BCDR — map cleanly. Evidence lives in code + Terraform + the audit log.
For executives · 10-min read
The strategic case, in three frames.
Cost, cadence, risk. If a CEO of a behavioural-health billing organisation has ten minutes, these are the three frames that matter. The technical detail is elsewhere on the site.
Frame 01 · Cost
Structurally cheaper — by an order of magnitude.
The legacy stack model is roughly $5K-$20K per month per customer on the platform layer alone, plus DBA support, plus license costs, plus the per-customer integration overhead that grows linearly with the customer count. The new platform's cost structure is different in kind, not in degree.
$1.5–1.8k
Production / month
Azure spend at the platform's resource footprint, not per-customer
~$40
Dev environment / month
Idle dev environment cost
~$300–400
Staging / month
Hybrid tier; co-tenants the DevTest subscription
+$1.1k
DR flag-flip / month
Warm passive in centralus; armed only when needed
The cost is bounded by the platform's resource footprint — not by the customer count. Adding a customer means adding a tenant database (a few dollars/month) and a Front Door host (cents/month). It doesn't mean adding a server, a license, a DBA on the rotation, or a vendor SKU.
The numbers above are real production figures. They're not projections, and they're not best-case. The DR posture is dormant-by-default; the passive region adds ~$1.1K/month only when armed — but the wiring is in place so arming is a flag-flip, not an engineering effort.
Interactive estimate
Estimate your platform spend
MedSuite platform — monthly$2.1K
Legacy platform — monthly$125K
$1.5M estimated annual delta · ~58.5× cheaper
Model uses the $1.5K base platform spend + per-tenant + per-claim overhead from the platform's infrastructure brief, against the $5K-$20K/month/customer legacy band documented in the competitive differentiation section. Real engagements vary; this is an order-of-magnitude estimate, not a quote.
Frame 02 · Cadence
Structurally faster — daily releases as the steady state.
The relevant cadence metric isn't how many features ship in a quarter. It's how long a customer waits between asking for a change and getting it. On this platform, that interval is hours, not months.
234
Production commits
2026-04-01 → 2026-05-20 · 50 business days · ~4.7/day
2–3
AI dev engineers
Long-term support headcount, not a per-customer ratio
1 day
New brand onboarding
Theme + favicon + smoke test + production
5 in 8h
MFA platform shipped
Five sequential commits on 2026-05-14
The cadence is enabled by the operating model: AI agents do the implementation under a structured roadmap → workplan → session → commit protocol; humans own strategy and review. The platform is AI-built today; the same primitives will power AI-embedded features (analyst copilot, Healthcare Analyst Agent, autonomous denial resolution) next.
The competitive moat is the substrate, not any single AI feature. Competitors will eventually ship a copilot. They cannot easily ship an operating model.
The cadence is not a sprint. It is the steady-state.
Frame 03 · Risk
Structurally safer — HITRUST-ready, native MFA, federation.
The third frame is the one that lands with the CIO / CFO / general counsel. Security and compliance posture are part of the platform — not a checklist a vendor promises to satisfy.
Physical tenant isolation
One PostgreSQL database per customer. No row-level security to regress. Leaking a tenant token cannot grant access to platform routes, and vice versa.
Native MFA — TOTP + WebAuthn
Phishing-resistant policy enforceable per tenant. WebAuthn counter-regression detection catches credential-clone attacks. Step-up MFA on sensitive operations.
Federation as the integration model
Partner EMRs register themselves with standards-based JWT. Revoke propagates platform-wide in under 30 seconds.
BCDR — RTO ≤ 1h, RPO ≤ 5 min
DR drill artifact dated. Passive region in centralus; flag-flip, not an engineering effort.
PHI handling sealed
Per-tenant DEKs in Azure Key Vault. Quarterly rotation cadence. Connection strings never persisted in the master DB.