Build HIPAA-Compliant SaaS Platform

Build a HIPAA-compliant, multi-tenant healthcare SaaS platform on AWS — turning three working prior-authorization prototypes into a production product, with Claude/Bedrock AI integration, role-based auth, two clinical modules, an admin dashboard, and Stripe billing. 10–14 weeks, with a long-term technical partnership to follow. We're open to phased delivery — stability and HIPAA security come before raw speed. You must have 3+ hours of daily overlap with US Central Time for standups/reviews. OVERVIEW PreClear MD (preclearmd.com) is an AI-powered prior authorization intelligence platform built by a board-certified vascular surgeon. The product is real and working today as browser-based prototypes. We need a full-stack developer to build the production-ready hosted SaaS platform for licensing to medical practices. This is not spec-on-paper. The product logic, user flows, payer criteria engine, and AI prompts are already built and tested. You're building the infrastructure that turns these prototypes into a scalable, secure, commercial product. WHAT EXISTS TODAY (working prototypes) - PreClear Intake — MA-driven tool that collects clinical history, runs a payer-specific documentation check, and generates an optimized clinical note via Claude, formatted to the carrier's criteria. - PreClear Scan — Paste an existing note, select payer and procedure, get a scored report: every criterion checked, gaps flagged, fix language, readiness score. - Patient Cost Comparison Tool — Insurance vs. self-pay out-of-pocket calculator (Phase 2 build). MVP SCOPE (this engagement) 1. Auth & Multi-Tenant Architecture — Role-based access (Practice Admin, Provider, MA, Insurance Specialist); multi-tenant data isolation; practice onboarding; password reset, sessions, 2FA option. 2. HIPAA-Compliant Infrastructure — Compliance path is decided: AWS Bedrock. All Claude calls route through Amazon Bedrock, never the direct Anthropic API. The AWS Healthcare BAA (Anthropic as acknowledged sub-processor) will be signed before kickoff — you are not inheriting an unsolved legal problem. Encryption at rest and in transit; audit logging for all PHI access and API calls; no PHI in logs or error reporting. Infrastructure as Code expected (Terraform, AWS CDK, or CloudFormation) — not click-built by hand. Prior hands-on HIPAA experience required: PHI isolation, practice-isolated access, keeping PHI out of logs/monitoring. 3. PreClear Intake Module — 4-step form wizard; MA Intake and Full Note modes; payer-specific validation engine; Claude generation with payer-specific prompts; copy-to-clipboard output; session history. 4. PreClear Scan Module — Select payer/procedure, paste note; Claude analysis against payer criteria; scored criteria list (Pass/Partial/Fail) with fix language and overall score; session history. 5. Admin Dashboard — Per-practice usage metrics, user management, subscription status. 6. Subscription, Billing & Frontend — Stripe monthly subscriptions with tiers (Intake only, Scan only, Full Suite). Clean, professional medical UI; responsive (desktop, laptop, tablet for exam rooms); fast load. No Figma files exist — you design the screens as well as build them, from the prototypes and a clean component library. We want a full-stack developer with strong product sense, not a separate designer. Please link to UIs you've designed AND built. PHASE 2 (not part of this bid — ongoing relationship) Patient Cost Comparison (production build of existing prototype), PreClear Check (patient-facing self-assessment, designed not built), and multi-specialty expansion. PREFERRED STACK React • Node (Express) or Python (FastAPI) • PostgreSQL • Auth0 or Clerk • AWS • Claude via Bedrock • Stripe • SendGrid or AWS SES YOUR PROPOSAL SHOULD INCLUDE 1. A HIPAA-compliant web app you've built — architecture and PHI handling 2. LLM API integration experience (Anthropic, OpenAI, or equivalent) 3. Proposed stack and rationale 4. Timeline by phase, and your bid (hourly + estimated hours) 5. Solo or small team? 6. Preferred PM/workflow tool (Linear, Jira, Trello) — we have no setup; you run it 7. Required: In 3–5 sentences, how do you keep PHI out of application logs, error monitoring (Sentry, Datadog, etc.), and URLs/browser history? Proposals that skip this won't be reviewed. NDA required before sharing prototypes. Shortlisted candidates get a 30-minute video call to review the prototypes before finalizing scope. ABOUT PreClear MD is a real company — registered domain, working prototypes, a defined target market (vascular/vein first, then pain management, orthopedics, bariatrics), and distribution in development via Health Performance Specialists and ADI Management MSO. Founder is a practicing board-certified vascular surgeon in Nashville, TN with 18 years of clinical experience. We want a long-term partner who grows with the company post-MVP — not someone clearing a single ticket.