Resources

The Technical Stack

Deep technical depth across the four disciplines healthcare compliance actually requires. Hands-on implementation, not vendor-deck familiarity.

Regulatory & Compliance
Customers we serve
  • Payers — CMS-9115, CMS-0057, CARIN BB, DaVinci PDex
  • PBMs — Formulary, Patient Access, Pharma portal
  • Utilization Management — CMS-0057 PA workflow (CRD / DTR / PAS)
  • Health Systems & Providers — HTI-1 through HTI-4, USCDI v3/v4
  • EHR & Health IT Vendors — ONC certification, CHPL Real-World Testing
  • Digital Health & Consumer Apps — MHMDA, CCPA/CPRA, BIPA
  • Clearinghouses & HIEs — X12 278/835/837, FHIR translation
  • ACOs & Risk-Bearing Entities — CMS quality reporting
Regulations we audit against
  • HTI-1 through HTI-4, USCDI v3 / v4
  • CMS-9115-F Patient Access, Provider Directory
  • CMS-0057-F Prior Authorization API + SLAs
  • HIPAA Security, Privacy, Breach Notification (45 CFR 160/164)
  • MHMDA (Washington) + state privacy laws (CCPA/CPRA, BIPA)
  • 42 CFR Part 2, ONC Information Blocking (45 CFR 171)
  • ISTQB quality standards
Interoperability
Standards
  • HL7 FHIR R4
  • US Core profiles
  • SMART on FHIR authorization
  • LOINC, SNOMED, RxNorm normalization
FHIR servers shipped to production (5+ years at Opala)
  • Intersystems IRIS for Health
  • Smile CDR (HAPI under the hood)
  • Fire.ly Server

Hands-on implementation, not vendor-deck familiarity.

Extensive use, not shipped
  • HAPI FHIR (evaluation, conformance testing, Smile CDR substrate)
Managed FHIR platforms
  • GCP Healthcare API
  • Azure Health Data Services
  • Epic FHIR R4 and MyChart
  • Cerner / Oracle Health FHIR
Conformance testing
  • ONC Inferno
  • HL7 Touchstone
  • Postman conformance suites
Cloud & Agentic AI
Cloud platforms (hands-on across all three)
  • Google Cloud Platform (Healthcare API, Firestore, KMS, Cloud Run, BigQuery)
  • Microsoft Azure (Health Data Services, FHIR service, AKS)
  • Amazon Web Services (HealthLake, Comprehend Medical, Lambda, S3)

No platform lock-in. Cloud choice should not dictate compliance posture.

Agentic AI & tooling
  • MCP (Model Context Protocol) server design and integration
  • Claude Code agentic CLI
  • Cursor AI
  • Python, TypeScript, Flutter
  • Databricks for clinical data workflows
Privacy & QA Engineering
Privacy engineering
  • Clinical data de-identification
  • Synthetic data generation
  • PHI handling and access controls
  • LOINC normalization and FHIR resource mapping
QA & security
  • QA automation (50,000+ hours delivered)
  • LLM-assisted test design
  • SOC 2, HIPAA, HITRUST audit workflows
  • Defect Prevention Governance framework

How we build: Python, TypeScript & Flutter on GCP with Claude Code agentic workflows, MCP server integrations, and synthetic FHIR test data, never exposing PHI.

Ready to engage the stack?

Start with an intake call so our delivery team can scope your systems, constraints, and endpoints in writing.

Book a Call