Frequently Asked Questions
1. How long does it take to build a care-coordination platform?
The typical end-to-end timeline ranges from 4 to 9 months, but the exact duration depends on project complexity, integration scope, and regulatory requirements. Our process breaks down as follows:
• Discovery & Requirements (2–4 weeks): Stakeholder interviews, workflow mapping, and compliance assessments.
• Design & Prototyping (3–5 weeks): Low- and high-fidelity prototypes are validated with end users for early feedback.
• Incremental Development (8–16 weeks): Agile sprints deliver shippable modules every two weeks, allowing continuous review and course-correction.
• Testing & Compliance (3–6 weeks): Functional, performance, security, and interoperability testing are run in parallel with UAT.
• Deployment & Training (1–2 weeks): Final rollout, user onboarding, and handover to support teams.
Accelerators such as our pre-built FHIR modules and EHR connectors can reduce the timeline by up to 30%.
2. Can you integrate with our existing EHR and other third-party systems?
Absolutely. Cabot specializes in healthcare interoperability and has delivered integrations for Epic, Cerner, MEDITECH, Allscripts, Athena, and custom in-house systems. Our approach includes:
• Use of SMART on FHIR and HL7 v2/v3 standards for plug-and-play data exchange.
• Custom API gateways for bespoke or legacy systems that lack modern interfaces.
• Mirth Connect or Redox engines to broker data between multiple endpoints.
• Rigorous interface testing—conformance, transport layer security, and semantic validation—to ensure data integrity and compliance.
3. What security measures do you implement to meet HIPAA and SOC 2?
Security is embedded from day one. Key safeguards include:
• End-to-end encryption (TLS 1.3 in transit, AES-256 at rest).
• Role-based access control (RBAC) and optional attribute-based access control (ABAC).
• Centralized audit logging with immutable storage to satisfy HIPAA §164.312(b) and SOC 2 criteria.
• Multi-factor authentication (MFA) via SAML/OIDC providers like Okta and Azure AD.
• Regular penetration testing, static code analysis, and vulnerability scanning (Snyk, SonarQube).
• Business Associate Agreement (BAA) and SOC 2 Type II report provided upon request.
4. Do you offer post-launch support and what does it include?
Yes, we provide tiered support packages:
• Standard (9×5): Business-hour ticket resolution, minor updates, and monitoring.
• Enhanced (16×5): Faster SLAs, quarterly security audits, and performance tuning.
• Premium (24×7): Around-the-clock monitoring, incident response within 15 minutes, dedicated success manager, and continuous optimization roadmaps.
All packages include access to our knowledge base, release notes, and user-training webinars. Clients can upgrade or downgrade support tiers with 30-day notice.
5. Is the platform scalable for multi-site health systems and ACOs?
Definitely. We architect every solution using microservices and container orchestration (Kubernetes/EKS/AKS) to support horizontal scaling. Additional capabilities include:
• Tenant-aware data segregation for multi-facility deployments.
• Auto-scaling policies that spin up resources during peak census and dial back during off-hours, optimizing cost.
• Continuous performance monitoring (APM, log aggregation) with real-time alerts.
Our largest deployment currently supports 35 hospitals and 150+ outpatient clinics under a single ACO umbrella without performance degradation.
6. How are project costs structured, and what factors influence pricing?
We offer three engagement models:
• Fixed-Price: Best for well-defined scope; milestone-based payments; minimal change orders.
• Time-and-Materials (T&M): Flexible scope; pay only for actual hours; weekly burn-rate reporting.
• Dedicated Agile Team: A cross-functional pod (PM, BA, designers, engineers, QA) works exclusively with your organization for a monthly retainer.
Key cost drivers include:
• Number and complexity of EHR integrations.
• Required compliance certifications (e.g., HITRUST add-ons).
• Volume of analytics and reporting modules.
• Change-management and training scope.
We provide a transparent cost estimate with line-item detail after the discovery phase, along with ROI projections tied to readmission reductions, staff-time savings, and quality-measure improvements.