AI Teleradiology & Cloud PACS Platform Development, HIPAA/GDPR-Grade

Phased fixed-price. Discovery is $5-8k for 2-3 weeks and produces the architecture, the compliance control map (HIPAA + GDPR), the integration plan (RIS/EHR/HL7-FHIR), and a fixed-price Build statement of work. Build is typically $15-40k depending on scope — number of modalities, viewer tooling, AI surfaces, and integrations. Optional Run (monitoring, model/prompt upkeep, compliance support) is $2-6k/month, month-to-month. Hosting (your cloud or Swiss/EU/US region) is billed to you directly, not marked up.

Per-study SaaS rents you a login; you read on their platform, your studies live in their tenant, and you pay per study or per seat forever. We build you an owned platform — your source, your archive, your PHI under your contracts and data residency, with the worklist, viewer, report templates, and AI surfaces fit to how your group actually reads. The trade-off is honest: SaaS is faster to switch on and right for low volume; an owned build wins on control, workflow fit, compliance posture, and unit economics once volume is real. We tell you in Discovery which side of that line you are on.

6-10 weeks from the day Discovery starts: 2-3 weeks of Discovery (architecture, compliance map, integration plan, Build SoW), then a 6-10 week Build with a deliberate milestone — a thin slice of the platform (ingest → viewer → read → report on a single modality and one referring site) running on real, de-identified studies by roughly week 6, before the full scope is finished. That checkpoint de-risks the build: you see the viewer, the transmission path, and the workflow on real data before scaling to all modalities and sites.

We build the platform — cloud PACS, zero-footprint viewer, encrypted transmission, reporting workflow, and the integration and compliance stack. The AI we wire in is decision-support: worklist prioritization, triage flags, report drafting, and QA. The licensed radiologist reviews and owns every diagnosis. Where a specific AI function would be regulated as a medical device (for example, an autonomous CADe/CADx claim), that clearance sits with the algorithm vendor or with you as the manufacturer of the claim — it is scoped explicitly in Discovery, and we design the workflow to keep a human in the diagnostic loop. We do not market the platform as a cleared diagnostic device.

PHI handling, access, residency, and retention are scoped in Discovery before any data moves. The platform is built to the HIPAA Security Rule safeguards — encryption in transit and at rest, role-based access, audit logging of every view and action, unique user IDs, and emergency-access procedures — plus GDPR alignment where EU data is involved. We help you paper the BAA chain across every subprocessor that touches PHI (hosting, model providers, transmission gateways). HIPAA compliance is a property of the deployed system and your operating controls; we build the system to support it and document the control map for your compliance officer to review.

The platform clocks turnaround on every study and separates the urgent/STAT lane from routine volume, so you can hold a published SLA. The Swiss teleradiology provider we build and operate for runs 24/7 with a 6-24 hour report turnaround pattern; the urgent lane is engineered to surface time-critical studies to the top of the worklist via AI triage flags. The exact SLA is yours to set — the platform gives you the prioritization, routing, and measurement to commit to it and prove it.

Yes — multi-site is a core requirement, not an add-on. Referring facilities upload or push studies (web upload or secured DICOM gateway), studies land in a shared, access-scoped worklist, and each site sees only its own data under role-based access. Reading groups that cover many facilities get per-site scoping, per-site SLAs, and per-site billing handoff. Hanging protocols and report templates can vary by site or by reading radiologist.

No. AI helps the read — it prioritizes the worklist, flags time-critical findings for triage, drafts structured reports, and runs automated QA checks. A licensed radiologist reviews, edits, and signs every report; the diagnosis is always human-owned. We design the read path that way on purpose: it is the clinically and legally defensible model, and it is how the live Swiss platform operates.

We build the integration layer the platform needs to fit your environment: RIS and EHR connectivity over HL7 v2 and FHIR (orders in, results/reports out), referring-site upload (web and secured DICOM), and a billing handoff so completed reads flow to your billing or RCM system. Integrations are scoped concretely in Discovery against your actual systems and become fixed-price line items in the Build SoW — no open-ended 'integrations as needed.'

You own all of it — source code, configuration, the archive, the integration code, prompts and evals for the AI surfaces, and the operational runbooks — handed over at the end of Build with no license or lock-in. Hosting is in your cloud or a region you choose, under your accounts. Run is month-to-month and optional; you can take the platform fully in-house at any point. The whole engagement is built around the fact that this is critical, regulated infrastructure you must be able to operate without us.

Yes — and it is live. Our network is the exclusive technology partner behind a Swiss teleradiology provider: a cloud-based PACS, a zero-footprint DICOM viewer, AI-assisted diagnostic tooling, and encrypted transmission, running 24/7 with a 6-24 hour report turnaround and 100% GDPR compliance, on Swiss hosting, in production since 2025. That is the rare part — most dev shops have never shipped a compliant teleradiology stack. We re-target that exact architecture to US HIPAA and state requirements and your EHR/RIS environment.