⚡
Acceleration Strategy — What Changed
Accelerated
Sales/BD starts Month 3 (was Month 4-5)
Buyer pipeline needs 3-4 months to close first deal. Starting earlier means first revenue at Month 6 is achievable, not optimistic. Hire BD earlier, run in parallel with build.
Impact: 2 months earlier pipeline, de-risks revenue milestone
New Track
Dedicated Testing & QA from Month 3
QA engineer onboards Month 3. Test automation runs parallel to dev. Integration testing, security testing, and consent propagation validation are gated before Beta.
Impact: Beta confidence, fewer production bugs, faster buyer trust
New Milestone
Beta Launch at Month 5
Invite 20-50 pilot patients + 1-2 pilot buyers for controlled access. Real data, real consent, real queries — but limited audience. Validate end-to-end flow before GA.
Impact: Catch issues before GA, build case studies for sales
Accelerated
Claims & Reconciliation overlap Phase 1
Start Claims Engine dev at Month 5 (was Month 7). Reconciliation follows at Month 6. Overlaps with core build using the healthcare data engineer while full-stack team focuses on consent + marketplace.
Impact: Claims V1 live by Month 8 (was Month 13-15)
Accelerated
SOC 2 observation starts Month 5
Push security hardening into Months 2-4 (aggressive). Begin SOC 2 observation at Month 5. Certification by Month 8-9 instead of Month 14. Enterprise buyers require SOC 2 — earlier cert = earlier enterprise deals.
Impact: Enterprise buyers accessible 5 months sooner
Accelerated
Scale targets compressed
5 buyers by Month 10. 10 buyers by Month 14. 5K patients by Month 13. Series A prep starts Month 12. These are aggressive but achievable with earlier BD start and SOC 2.
Impact: Revenue metrics for Series A 9 months earlier
Deferred
Direct EHR integrations → post-Month 15
Epic SMART on FHIR application still submitted at Month 6, but approval timeline is not on the critical path. Surescripts, X12 EDI clearinghouse deferred entirely. Aggregator covers all production data needs through Month 24.
Impact: Zero risk to revenue timeline. Picks up post-Series A.
Adjusted
20% buffer retained on critical milestones
Buffer is smaller in absolute weeks (compressed timeline), but still protects key gates: Beta, GA, First Revenue, SOC 2, and Series A readiness.
Impact: Realistic delivery without reckless optimism
🎯
Priority Matrix — What Gets You to Month 15
P1
Revenue-Critical (Months 1-7)
Azure infrastructure + FHIR server
Aggregator pipeline (patient data flowing)
Consent engine (production)
Marketplace engine (queries, attribution, billing)
Clear identity verification
Velo Payments payouts (80/20 split)
Beta launch gate (Month 5)
First buyer DUA + paid query
Aggregator pipeline (patient data flowing)
Consent engine (production)
Marketplace engine (queries, attribution, billing)
Clear identity verification
Velo Payments payouts (80/20 split)
Beta launch gate (Month 5)
First buyer DUA + paid query
P2
Scale-Critical (Months 5-12)
Claims engine (X12 ingestion, validation)
Reconciliation engine (auto-match, journals)
SOC 2 Type II certification
Zoho One (CRM, invoicing)
Patient acquisition (clinical trial matching)
Scale to 5 buyers
Test automation suite
Security hardening + pen test
Reconciliation engine (auto-match, journals)
SOC 2 Type II certification
Zoho One (CRM, invoicing)
Patient acquisition (clinical trial matching)
Scale to 5 buyers
Test automation suite
Security hardening + pen test
P3
Deferred (Post Month 15)
Epic SMART on FHIR (app submitted M6, not blocking)
Surescripts / NCPDP direct access
X12 EDI clearinghouse direct
Scale beyond 10 buyers
Scale beyond 5K patients
Advanced analytics / AI features
International expansion
Mobile app (native)
Surescripts / NCPDP direct access
X12 EDI clearinghouse direct
Scale beyond 10 buyers
Scale beyond 5K patients
Advanced analytics / AI features
International expansion
Mobile app (native)
🔬
Testing & QA Plan
Phase A — Foundation (Months 3-4)
Test Infrastructure Setup
QA engineer onboards Month 3
Test automation framework (Playwright + Jest/Pytest)
CI integration — tests run on every PR
Azure staging environment mirrors production
Synthetic patient data generation (FHIR R4 bundles)
HIPAA test data handling protocol
Test plan for all 7 folders documented
Consent propagation test suite (12 scenarios from F01 stories)
Test automation framework (Playwright + Jest/Pytest)
CI integration — tests run on every PR
Azure staging environment mirrors production
Synthetic patient data generation (FHIR R4 bundles)
HIPAA test data handling protocol
Test plan for all 7 folders documented
Consent propagation test suite (12 scenarios from F01 stories)
Phase B — Pre-Beta (Months 4-5)
Integration & Security Testing
End-to-end flow: patient sign-up → consent → data pull → query → payout
Aggregator API integration tests (data freshness, error handling)
Identity verification flow (Clear happy path + edge cases)
Velo payout accuracy (80/20 split, threshold, retry)
Security pen test #1 (pre-beta, critical findings only)
Load testing: 100 concurrent users, 1K patient records
HIPAA minimum necessary enforcement validation
Beta gate: All P1 tests green → proceed to Beta
Aggregator API integration tests (data freshness, error handling)
Identity verification flow (Clear happy path + edge cases)
Velo payout accuracy (80/20 split, threshold, retry)
Security pen test #1 (pre-beta, critical findings only)
Load testing: 100 concurrent users, 1K patient records
HIPAA minimum necessary enforcement validation
Beta gate: All P1 tests green → proceed to Beta
Phase C — Beta & GA (Months 5-7)
Beta Validation & Production Readiness
Beta: 20-50 patients, 1-2 pilot buyers, 4-week window
Real data flows validated end-to-end
Bug triage: P1 fixed same-sprint, P2 within 2 sprints
User acceptance testing with pilot participants
Security pen test #2 (pre-GA, full scope)
Performance baseline: p95 latency < 2s, uptime > 99.5%
DR failover test (Azure region failover)
GA gate: Zero P1 bugs, pen test passed, DR tested → GA launch
Real data flows validated end-to-end
Bug triage: P1 fixed same-sprint, P2 within 2 sprints
User acceptance testing with pilot participants
Security pen test #2 (pre-GA, full scope)
Performance baseline: p95 latency < 2s, uptime > 99.5%
DR failover test (Azure region failover)
GA gate: Zero P1 bugs, pen test passed, DR tested → GA launch
📅
Program Timeline — 15 Months
Workstream
M1
M2
M3
M4
M5
M6
M7
M8
M9
M10
M11
M12
M13
M14
M15
Phase 0 — Foundation & Team (Months 1-2)
Hiring & OnboardingCore team + SMEs
Azure AgreementMCA/CSP + BAA + credits
Dependencies
▶ PARALLEL — Azure & Aggregator run simultaneously (different counterparties)
▶ BOTH BLOCK → Pipeline (M2) — need Azure tenant + Aggregator contract before data flows
Aggregator SelectionEval, contract, BAA
Legal SetupBAA chain, privacy, ToS, DUA
Phase 1 — Core Build + Testing + Beta (Months 2-6)
Gate
Azure ✓ + Aggregator ✓ required → Pipeline starts
Pipeline ✓ → unlocks Consent & Marketplace (real data)
Consent V1 + MKTPL V1 → Beta gate
Azure InfrastructureTenant, FHIR, VNet, Entra
Aggregator → Azure PipelineData pull, normalize, FHIR
Consent EnginePropagation, jurisdiction, audit
Marketplace EngineQueries, attribution, billing
Clear IntegrationPatient + clinician identity
Velo PaymentsPayouts, 80/20, KYC
CI/CD & DevOpsGitHub Actions, Terraform, APM
Security HardeningPen test, IR, vulns
Twilio + SendGridMFA, email, 10DLC
Testing & QAAutomation, integration, security
BETA LAUNCH20-50 patients, 1-2 pilot buyers
GA LAUNCHProduction, open enrollment
Sales / BD PipelineBuyer prospecting & closing
20% BufferPhase 1 contingency
Phase 2 — Scale, Claims & Enterprise Readiness (Months 5-12)
Dependencies
▶ PARALLEL — Claims & Recon run concurrently (different engineers)
Pipeline ✓ required → Claims needs FHIR data for validation
GA ✓ → SOC 2 observation can reference production controls
Claims EngineX12 ingestion, validation, 837/835
Reconciliation EngineAuto-match, journals, queues
SOC 2 Type IIReadiness + 3-mo observation
Zoho OneCRM + Books (invoicing)
Epic SMART on FHIRApp submitted (non-blocking)
Patient AcquisitionEnroll, consent, data link
20% BufferPhase 2 contingency
Phase 3 — Series A Sprint (Months 12-15)
Series A PrepMetrics, deck, data room
Revenue at Scale10 buyers, 5K+ patients
⚖
Critical Path & Dependencies
The critical chain determines the minimum possible timeline. Any slip on critical-path items directly delays downstream milestones. Non-critical items have float and can absorb delays within buffer.
Azure
→
Pipeline
→
Consent
→
Marketplace
→
Beta
→
GA
→
Revenue
Slip Impact Analysis
| Component | Slip Duration | Impact | Mitigation |
|---|---|---|---|
| Aggregator Contract | +2 weeks | Absorbed by buffer | Pre-negotiate with 2 vendors |
| Aggregator Contract | +6 weeks | Exceeds buffer, scope cut needed | Defer Claims to Phase 3 |
| Azure Provisioning | +2 weeks | Absorbed by buffer | Use Azure Quickstart templates |
| Azure Provisioning | +4 weeks | Beta slips 2 weeks | Fast-track with Microsoft rep |
| Clear Integration | +3 weeks | Absorbed — not on critical path | Use manual verification interim |
| Consent Engine | +2 weeks | Beta slips 2 weeks (critical path) | Reduce scope to core consent only |
| Marketplace Engine | +3 weeks | GA slips 3 weeks (critical path) | Ship with limited query types |
| SOC 2 Observation | +4 weeks | Enterprise deals delayed | Start observation 2 weeks earlier |
| Velo Payments | +2 weeks | Absorbed — payout not on critical path | Manual payouts interim |
🏆
Key Milestones (with 20% Buffer)
1
Team Assembled & Contracts Signed
Month 2 (base: Week 6 → buffered: Week 7)
Core team onboarded (6-8 people). Azure BAA signed. Aggregator contracted. Velo applied. BD hire closing.
Unchanged from 24-month plan
2
Azure Infrastructure Live
Month 3 (base: Week 10 → buffered: Week 12)
Azure tenant, FHIR, Entra ID, VNet operational. CI/CD running. QA engineer onboarded and test framework set up.
Now includes QA setup as gate criteria
3
First Patient Data in Azure
Month 4 (base: Week 14 → buffered: Week 17)
Aggregator pipeline live. First pilot patients authorize data pull. FHIR resources stored. Integration tests passing.
Unchanged from 24-month plan
4
Beta Launch
Month 5 (base: Week 18 → buffered: Week 21)
20-50 pilot patients, 1-2 pilot buyers with controlled access. Real data, real consent, real queries. E2E flow validated. Pen test #1 passed. All P1 test cases green.
Buffer: 3 weeks for beta-blocking bugs
NEW milestone — did not exist in 24-month plan
5
GA Launch — Platform V1 Production
Month 6 (base: Week 22 → buffered: Week 26)
All 4 doors live on real data. Consent propagation, payouts, identity verification all production. Pen test #2 passed. Zero P1 bugs. DR tested.
Buffer: 4 weeks for GA-blocking issues
Same timing, now has Beta validation behind it
6
First Revenue — Buyer Onboarded
Month 7 (base: Week 26 → buffered: Week 31)
First buyer signs DUA, runs paid query. Revenue flows. 80/20 split operational. Pipeline has 3-5 more prospects.
Buffer: 5 weeks for buyer legal cycle
Unchanged, but BD started Month 3 (earlier pipeline)
7
SOC 2 Type II Certification
Month 9 (base: Month 8 → buffered: Month 9)
3-month observation complete. All controls effective. Enterprise buyer prerequisite met. Opens door to larger pharma and health system deals.
Buffer: 1 month for remediation
5 months earlier than 24-month plan (was Month 14)
8
Claims & Reconciliation V1 Live
Month 9 (Claims M8, Recon M9)
Claims ingestion (837P), remittance matching (835), validation rules, reconciliation auto-match, double-entry journal all operational.
4-6 months earlier than 24-month plan (was Month 13-15)
9
5K Patients Enrolled
Month 13 (base: Month 11 → buffered: Month 13)
5,000 patients with linked health data, active consents. Sufficient data depth for meaningful cohort and dataset queries.
Buffer: 2 months for acquisition variance
Scoped from 10K to 5K for compressed timeline
10
10 Buyers + Revenue at Scale
Month 14 (base: Month 12 → buffered: Month 14)
10 paying data buyers. MRR established. Unit economics validated. Diverse buyer types (pharma, CRO, health system). Monthly revenue run-rate supports Series A story.
Buffer: 2 months for sales cycle variance
8 months earlier than 24-month plan (was Month 22)
11
Series A Ready
Month 15
Revenue metrics proven. SOC 2 certified. 10+ buyers. 5K+ patients. Claims engine live. Data room prepared. Pitch deck with real metrics. Direct EHR integrations in progress (not blocking).
9 months earlier than 24-month plan (was Month 24)
👥
Hiring Plan — Accelerated
Key change: BD/Sales and QA both move earlier. 10 roles total. Contract-first for speed.
Sr. Full-Stack Engineers (2x)
Contract → FTE
Week 1-2
Core platform: Azure FHIR, consent engine, marketplace, portals. Node.js/Python + Azure + FHIR R4.
Healthcare Data Engineer
Contract → FTE
Week 1-2
Aggregator integration, FHIR normalization, clinical terminology. Pivots to Claims Engine at Month 5.
DevOps / Cloud Engineer
Contract
Week 2-3
Azure infra, Terraform, CI/CD, monitoring. Foundation then part-time.
HIPAA Compliance SME
Fractional
Week 1
BAA chain, consent review, SOC 2 prep. 10-15 hrs/week through Month 9+.
Healthcare Attorney
Outside Counsel
Week 1
Vendor contracts, DUA, ToS, clinical trial consent. As-needed.
Security Engineer
Contract
Week 2-3 (earlier)
Moved earlier to support Month 5 SOC 2 readiness. Pen test, vulns, IR playbook, Sentinel.
QA / Test Engineer
Contract
Month 3 (earlier — was Month 3 but now Beta-critical)
Test automation, integration testing. Must be onboard before Beta gate at Month 5. Owns test plan for all 7 folders.
Sales / BD (Healthcare)
FTE
Month 3 (was Month 4-5)
Moved 1-2 months earlier. Buyer pipeline needs time. Targets mid-market pharma, CROs. Commission-based comp.
Product Manager
FTE
Month 2-3
Backlog prioritization, sprint planning, stakeholder comms. Manages 115 stories. Healthcare PM experience preferred.
Additional Full-Stack (1x)
Contract
Month 5 (for Claims track)
Dedicated to Claims + Reconciliation engine build (M5-9). Allows core team to stay focused on marketplace + buyer scaling.
⚠
Risk Register — Accelerated Timeline
| # | Risk | Like. | Impact | Mitigation |
|---|---|---|---|---|
| 1 | Team burnout from compressed timeline | High | High | 20% buffer absorbs crunch. Sprint velocity monitored. Contract-first means capacity can flex. No-crunch culture from Day 1 — if buffer is consumed, scope cuts before overtime. |
| 2 | Beta uncovers critical bugs, delays GA | Medium | High | 4-week beta window gives time for P1 fixes. GA gate is explicit: zero P1 bugs + pen test passed. Buffer between Beta (M5) and GA (M6) is the safety net. |
| 3 | SOC 2 observation finds gaps, delays certification | Medium | Medium | Security engineer starts Month 2 (earlier). Continuous monitoring from Day 1 of observation. 1-month buffer on cert date. Non-blocking for first 3-5 buyers (SMB/mid-market). |
| 4 | Aggregator data quality / coverage gaps | Medium | High | Eval 2-3 vendors. Data quality SLAs in contract. Normalization layer handles variation. Beta validates real data quality before GA commitment. |
| 5 | Buyer sales cycle > 4 months | High | High | BD starts Month 3 (3-4 months lead). Target mid-market first (faster cycles). Pilot buyer in Beta as proof point. 5-week buffer on revenue milestone. 3-5 prospects in parallel. |
| 6 | Patient acquisition slower than projected | Medium | Medium | 5K target (not 10K) for M13. Provider partnerships for referrals. Compensation model differentiator. 2-month buffer on patient milestone. |
| 7 | Hiring delays — can't fill all 10 roles in time | High | Medium | Contract-first for speed. Remote-first widens pool. Recruiting firm engaged Week 1. Critical roles (full-stack, data) prioritized. PM and BD can be 1-2 weeks late without blocking. |
| 8 | Claims engine scope creep delays Phase 2 | Medium | Medium | Claims V1 is MVP: 837P ingestion + 835 matching + basic validation. Advanced features (denial appeal, HEDIS) deferred to V2. Additional engineer dedicated to claims track. |
| 9 | Series A fundraise takes longer than 3 months | Medium | Medium | Prep starts Month 12 (3-month runway). Revenue from buyers provides operational runway. Bridge financing option if needed. Data room prepared early. |
📋
Session Handoff — Decisions & Deliverables
Complete record of architectural decisions, strategy choices, and deliverables produced. Use this section to onboard new team members or resume planning in a new session.
Deliverables Produced
Moonlitic_Platform.html — Platform Dashboard (Door 1)
Investor-facing dashboard with 13-item backlog (10 Done, 3 Not Built). Clean — no internal details exposed. Links to other docs in footer.
Moonlitic_Folder_Map.html — Epics & Integrations Map
Internal reference. 7 folders, 3 epics each. Integration rows with vendors, lead times, priorities. Long poles (Phase 1 + Phase 2). Updated for aggregator-first strategy.
Moonlitic_User_Stories.html — Full Product Backlog
115 user stories, 34 epics, 465 story points across 11 sections (7 folders + Security, Infrastructure, Contracts, Integration Engineering). Each story has Given/When/Then acceptance criteria.
Moonlitic_Program_Plan.html — Original 24-Month Plan
Full 24-month program with 8 milestones, 5 parallel tracks, 9-role hiring plan, 6 vendor agreements, risk register. 20% buffer. Retained as reference baseline.
Moonlitic_Accelerated_Plan.html — This Document (15-Month Plan)
Compressed program targeting revenue at scale by Month 15. Adds Beta Launch, dedicated QA track, accelerated SOC 2, earlier BD. Defers direct EHR integrations.
☑
Key Decisions Made
Cloud Platform: Azure Health Data Services — Chosen over AWS HealthLake. Reasons: Epic partnership path, native FHIR de-identification, Entra ID RBAC for consent-gated access, Confidential Computing for investor trust.
Data Strategy: Aggregator-first for 24 months — Data Aggregator / 1upHealth / Particle for production clinical data. Collapses #1 long pole from 3-6 months to 2-6 weeks. Direct EHR (Epic) built in parallel starting Month 6.
Hiring: Contract-first, FTE conversion at Month 6 — 2-4 week onboarding. Broader talent pool. Flexibility. Convert top performers to FTE as revenue proves out.
Revenue Model: Per-query pricing with 80/20 split — Aggregate=$0, Cohort=$350, Dataset=$1,200. Patient gets 80%, Moonlitic keeps 20%. Attribution at query time.
Identity: Clear for IAL2 proofing — Both patient and clinician identity verification. NIST 800-63 compliant. BAA required (PHI-adjacent).
Payouts: Velo Payments (Custom accounts) — ACH disbursement, 80/20 split automation, 1099-NEC generation, KYC for patients. No BAA needed (financial data only).
HIPAA BAA Chain: 4 links — Moonlitic ↔ Azure, Moonlitic ↔ Aggregator, Moonlitic ↔ Clear. Velo excluded (no PHI). All BAAs executed before any PHI flows.
Architecture: 4-Door Model — Door 1 (Platform Dashboard), Door 2 (Patient Portal — Maria Santos), Door 3 (Marketplace Portal — Acme Pharma), Door 4 (Clinician Portal — Dr. Sarah Chen).
Branding: Midnight Navy + Lunar Silver-Blue + Moonlit Teal — #F0F4F8, #3D4F63/#1A2B3D, #1A7A8A/#2AABBF. Inter font. All docs use consistent theme.
Timeline Compression: 24 → 15 months — Earlier BD (M3), Beta gate (M5), GA (M6), SOC 2 by M9, 10 buyers by M14, Series A by M15. Defers Surescripts, X12 EDI, Epic direct. Patient target scoped to 5K.
🚀
Next Session Priorities
Recommended Next Steps
1. Sprint Planning — Sprint 1 Backlog
Pull the highest-priority user stories from F01 (Consent), SEC (Security), INF (Infrastructure), and LEG (Contracts) into a Sprint 1 backlog. Estimate velocity. Plan 2-week sprint.
2. Aggregator Vendor Evaluation Matrix
Build a comparison matrix for Data Aggregator vs 1upHealth vs Particle Health. Criteria: EHR coverage, FHIR R4 quality, pricing, BAA terms, data freshness, sandbox availability.
3. Azure Architecture Diagram
Design the Azure infrastructure: Health Data Services, Entra ID, VNet topology, private endpoints, Key Vault, Functions, API Management. Terraform modules.
4. Investor Deck Update
Update the investor deck with the 15-month accelerated timeline, Beta/GA gates, and revenue milestone at Month 7. Add the aggregator-first strategy as a de-risk narrative.
5. Job Descriptions & Recruiting Kickoff
Draft JDs for the 4 Week 1-2 hires (2x Full-Stack, 1x Healthcare Data, 1x DevOps). Engage recruiting firm. Post on healthcare tech job boards.
6. Budget / Financial Model
15-month burn rate model: salaries (contract rates), Azure spend, aggregator costs, vendor fees, legal fees. Map against funding and expected revenue ramp.