HIPAA-aware platform engineering
Sites and applications where Protected Health Information may flow. Encryption in transit and at rest, role-based access logs, BAA-able infrastructure. Scope determined per engagement.
Healthcare · Telemedicine · Wellness
Software for the practices and platforms at the edge of regulated health.
Specialty practices, diagnostic labs, wellness brands, and clinical directories. We build platforms that respect the privacy and integrity of the data they actually handle, including when HIPAA covered-entity status is unclear.
What we build
Services for healthcare and wellness platforms.
Platforms, applications, and integrations for the practices, brands, and clinical platforms that handle health-adjacent data day-to-day.
Specialty practice sites & portals
Patient-facing platforms for solo practitioners and group practices. Booking, intake, secure messaging, treatment summaries. Working pattern from our Dr Fortino engagement.
Telemedicine & remote consultation
Video and chat-based consultation platforms. Scheduling, e-prescription workflows, remote patient monitoring integrations, secure messaging between clinicians and patients.
Lab & diagnostics platforms (LIMS)
Sample tracking, results portals, lab-to-clinician workflows, instrument integration. Powering Integrity Laboratories operations.
Medical directory & referral platforms
Searchable directories for specialists, practices, and clinical services. Smart filtering, location lookups, editorial workflows. Powering Know Your Doctor for 12+ years.
Wellness platforms & member portals
Web platforms for gyms, wellness practices, and member-facing brands. Class scheduling, member workflows, content delivery, and payments. Anchor: Metrostars Gym.
AI assistants for patient & member services
Public-facing chatbots that answer eligibility, scheduling, and program questions. Configurable per organization policy and PHI scope.
Practice management web applications
Appointment workflows, payment processing, multi-location administration, custom integrations with existing EHR and billing systems. FHIR or HL7 wiring when integration is in scope.
Migration & modernization
Joomla, custom PHP, and legacy stack moves to modern frameworks. Mobile-first redesigns. Done without breaking what already works in production.
Featured engagement
12 years on a medical directory we still ship to.
Know Your Doctor is OST's longest-running healthcare engagement. Searchable directory of doctors and clinical services, continuously engineered through multiple major platform refreshes.
Medical directory · 12-year ongoing engagement
Searchable medical directory with continuous platform engineering since the early 2010s.
Doctor and specialist search across thousands of profiles. Editorial workflows for staff, smart filtering by service and location, geo-aware search. Continuously engineered through multiple major platform refreshes without breaking the catalog or the editorial process.
12+ years partnership
1,000s doctor profiles in the directory
Active continuous engineering
Other healthcare & wellness clients
Practices, labs, brands, and platforms we have worked with.
A selection of healthcare, wellness, and lifestyle clients beyond the featured engagement above. Full named-reference list available to qualified prospects under mutual NDA.
12+
Years on our longest healthcare anchor (Know Your Doctor)
6
Active healthcare and wellness clients
3 verticals
Specialty practice, diagnostic lab, and clinical directory shipped under one team
HIPAA-aware
Scoped per engagement; BAA discussed at contract
Healthcare-sector compliance
Frameworks healthcare clients ask about.
Compliance we have experience implementing on healthcare engagements. Specific compliance is scoped per contract based on whether PHI is in scope and what your project actually requires. See the Trust Center for the broader posture.
Healthcare compliance is sensitive. Scope is determined per engagement based on whether Protected Health Information is actually in scope. Speak to us before assuming we can sign a BAA on a particular project. Some engagements do not require one, and we are direct about which do.
HIPAA
Health Insurance Portability and Accountability Act. Implemented when PHI is in scope. BAA executed at contract level on engagements that require one.
HITECH
Privacy and security extensions to HIPAA. Encryption, access logs, and breach notification controls when handling electronic PHI.
FHIR & HL7
Healthcare interoperability standards. Used when integrating with existing EHR or clinical systems. Scoped per integration target.
WCAG 2.2 AA + Section 508
Federal accessibility standards. Apply to Medicare and Medicaid platforms, federal grant recipients, and consumer health apps facing accessibility complaints.
State health-privacy laws
CMIA in California, state-specific patient and consumer health rules picked up where applicable. Scoped per the geographies your platform serves.
App Store privacy disclosures
iOS HealthKit and Android Health data declarations done correctly for member-facing apps. Privacy nutrition labels prepared for App Store and Google Play submission.
Building a patient, member, or wellness platform?
60-minute discovery call. We will tell you straight whether HIPAA and BAA scope is in play, what we can sign, and what the right architecture looks like for the data your platform actually handles.