# Signal CGM — Business Model Analysis v1 ### STTIL Solutions LLC | Confidential | April 2026 > **Purpose:** Evaluate three monetization paths for Signal CGM, including > compliance obligations, delivery and customer acquisition costs, revenue > projections, and a recommendation for a solo pre-revenue founder in 2026 > who wants to retain IP and maximize long-term upside. --- ## Table of Contents 1. [Market Baseline](#1-market-baseline) 2. [Model A — Asset Sale](#2-model-a--asset-sale) 3. [Model B — Direct SaaS Licensing to DMEPOS Suppliers](#3-model-b--direct-saas-licensing-to-dmepos-suppliers) 4. [Model C — Distribution Licensing to Billing System](#4-model-c--distribution-licensing-to-billing-system) 5. [Phased Roadmap](#5-phased-roadmap) 6. [Revenue Milestone Table](#6-revenue-milestone-table) 7. [SSDI/SGA Risk Notes by Phase](#7-ssdisga-risk-notes-by-phase) 8. [Founder Recommendation](#8-founder-recommendation) --- ## 1. Market Baseline | Metric | Figure | Basis | |--------|--------|-------| | Medicare-enrolled DMEPOS suppliers billing CGM | ~7,500 | CMS data, Signal CGM TAM estimate | | CMS projected CGM beneficiaries by 2028 | 3.2 million | CMS projections | | Improper Medicare CGM payments (2024) | ~$278.5M | CMS OIG report | | DMEPOS total Medicare spend | $7B+ annually | OIG | | Target supplier size | 5–50 employees | Most common segment | **TAM math (annual recurring revenue):** ``` 1% penetration (75 suppliers) × $3,600 ARR = $270K ARR 3% penetration (225 suppliers) × $3,600 ARR = $810K ARR 5% penetration (375 suppliers) × $3,600 ARR = $1.35M ARR ``` **Key 2026 urgency drivers:** - CMS expanded prior authorization requirements effective April 13, 2026 - 2028 Competitive Bidding expansion to CGM categories → margin compression - CMS enrollment moratoria tightening the supplier pool → consolidation pressure - 2026 HIPAA Security Rule updates adding mandatory compliance costs --- ## 2. Model A — Asset Sale ### Overview A one-time sale of the full Signal CGM asset package to a qualified buyer. No ongoing operational obligations for STTIL Solutions after the knowledge transfer period. **Price range:** $25,000 – $60,000 (one-time) ### What the Buyer Inherits | Asset | Description | |-------|-------------| | Full source code | Python/FastAPI backend, coverage_calculator.py, audit_logger.py, db_models.py, payer_rules.json | | Research library | dmepos-research-v3.md, compliance roadmap, CB/PA regulatory analysis | | BAA templates | Hostinger VPS BAA request template; operator BAA framework for customer agreements | | Newsletter strategy | Subscriber acquisition strategy for DMEPOS supplier outreach | | n8n workflows | Self-hosted batch trigger workflow exports | | CLAUDE.md handoff | Full AI-assisted development context — new owner continues building without ramp-up loss | | 30-day knowledge transfer | Live sessions covering architecture, payer rule updates, compliance posture, go-to-market | ### IP Transfer Implications - **Full IP assignment:** All copyright, trade secrets, and documentation transfer to buyer on payment. STTIL Solutions retains no license unless negotiated. - **PHI exposure ends:** STTIL's Business Associate obligations to any future buyer-operated system are governed by the buyer's BAAs, not STTIL's. - **No residual royalty** in the standard asset sale structure — buyer owns it outright. This is the simplest exit but permanently caps STTIL's upside. - **Confidentiality:** Buyer likely requires an NDA covering the research library and market analysis. Build this into the sale agreement. ### Cost Structure (STTIL Side) | Cost Item | Estimate | |-----------|----------| | Legal: IP assignment agreement + NDA | $1,500 – $3,000 | | Knowledge transfer labor (30 days) | 40–80 hours founder time | | Opportunity cost of not operating | Forgone SaaS ARR (see Model B) | | **Net proceeds at $35K sale** | ~$31,500–$33,500 after legal | ### When Asset Sale Makes Sense - Founder needs immediate liquidity - No bandwidth to manage compliance, support, or customer success - Buyer is a DMEPOS operator who can deploy immediately (direct ROI case) - Regulatory risk (HIPAA compliance overhead) is not worth the SaaS upside ### When Asset Sale Does NOT Make Sense - **Pre-proof-of-concept sale undervalues the asset.** Without a single paying customer or pilot result, the buyer is pricing in maximum risk. Even one supplier testimonial — "Signal CGM prevented X denials in 30 days" — can move the negotiating floor from $25K to $45K or higher. - When a billing system deal (Model C) is realistically achievable. A $100K–$200K licensing fee + royalties makes a $35K asset sale look like a distress sale in hindsight. - When the founder has SaaS operational capacity and wants recurring income. **Validated assumption:** The $25K–$60K range is consistent with early-stage healthcare IT tools at pre-revenue stage. Post-pilot with documented denial reduction data, a $60K–$100K range is defensible. The upper end ($200K+) requires a billing system acquirer or consortium structure. --- ## 3. Model B — Direct SaaS Licensing to DMEPOS Suppliers ### Overview STTIL Solutions operates Signal CGM as a hosted SaaS and licenses access to individual DMEPOS suppliers on a monthly subscription basis. > **HIPAA compliance note:** Operating as a SaaS with supplier ePHI contact > makes STTIL Solutions a Business Associate under HIPAA. This triggers > mandatory compliance obligations. See > [hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md) > for the full technical and legal analysis, including the minimum viable > compliance stack, hosting cost comparison, and realistic launch timeline. > The cost and timeline estimates in this section are derived from that analysis. ### Pricing Model | Tier | Monthly Price | Annual ARR per Supplier | Assumed Supplier Size | |------|--------------|------------------------|----------------------| | Starter | $200/mo | $2,400 | 1–200 CGM patients | | Growth | $350/mo | $4,200 | 200–1,000 CGM patients | | Pro | $500/mo | $6,000 | 1,000+ CGM patients | **Blended assumption:** $300/mo average across the mix = $3,600 ARR/supplier. This is conservative; denial prevention ROI at even $300/mo is compelling for a supplier losing $500–$2,000/month on avoidable denials. **Assumption validation:** DMEPOS back-office software (Brightree, WellSky) runs $200–$600/mo per module. Signal CGM at $200–$500/mo is within the established price tolerance for this buyer. The ROI case is direct: one prevented denial per month at ~$150–$400 average CGM claim value pays for the tool. This pricing is supportable. ### Revenue Projections ``` TAM: ~7,500 Medicare-enrolled DMEPOS suppliers billing CGM Penetration | Suppliers | MRR | ARR ────────────┼───────────┼───────────┼────────── 1% │ 75 │ $22,500 │ $270K 3% │ 225 │ $67,500 │ $810K 5% │ 375 │ $112,500 │ $1.35M ``` Realistic Year 1 ceiling (solo founder, no sales team): 10–25 suppliers = $36K–$90K ARR. ### HIPAA SaaS Compliance Requirements and Costs Operating as a SaaS means STTIL touches supplier ePHI (patient_id mapped against shipment records), making STTIL a Business Associate. The 2026 HIPAA Security Rule updates add mandatory requirements previously listed as "addressable." Full detail in [hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md). **Estimated minimum compliance stack cost (Year 1):** | Item | Annual Cost | |------|-------------| | HIPAA-eligible hosting with BAA (Atlantic.Net or AWS) | $1,200 – $3,600 | | Compliance platform (Accountable HQ or similar) | $1,200 – $2,400 | | FIDO2 MFA implementation (Duo or Authelia) | $0 – $600 | | Legal: BAA templates per customer + policy docs | $2,000 – $4,000 | | Annual risk assessment (internal or consultant) | $500 – $2,000 | | Incident response planning | $500 – $1,000 | | **Total Year 1 compliance overhead** | **$5,400 – $13,600** | **Break-even analysis:** At $300/mo average, compliance overhead is covered by 2–4 paying suppliers. This is achievable in Year 1 if the pilot strategy (see Section 5 of the HIPAA analysis) generates even one paying customer. ### BAA Obligations Per Customer Every DMEPOS supplier customer requires: 1. A signed **Business Associate Agreement** before any ePHI is processed 2. A customer-specific **data processing addendum** covering scope 3. Documented security review in STTIL's risk assessment The existing BAA template in the asset package is a starting point. A healthcare attorney review ($500–$1,500) is recommended before first customer signature. ### Minimum Viable Compliance Stack Before First Customer 1. HIPAA-eligible hosting provider with signed BAA 2. FIDO2/WebAuthn MFA on all admin and staff access paths 3. AES-256 encryption at rest; TLS 1.3 in transit 4. WORM audit logging tied to existing `audit_logger.py` (6-year retention) 5. Documented annual risk assessment 6. Signed incident response plan (72-hour ePHI restoration target) 7. BAA executed with each customer before onboarding **The existing `audit_logger.py` already satisfies the audit log architecture requirement.** The gap is WORM storage enforcement — PostgreSQL must be configured with append-only log tables or exported to immutable object storage (S3 with Object Lock, or equivalent). ### Timeline to Compliant Launch | Milestone | Estimated Duration | |-----------|--------------------| | Hosting selection + BAA execution | 1–2 weeks | | FIDO2 MFA integration | 1–2 weeks | | Encryption audit + TLS hardening | 1 week | | WORM audit log storage implementation | 1–2 weeks | | Risk assessment documentation | 1 week | | BAA template legal review | 1–2 weeks | | **Total: compliant to first customer** | **6–11 weeks** | **> Consult WIPA before Phase 2** (see Section 7) --- ## 4. Model C — Distribution Licensing to Billing System ### Overview License Signal CGM to an existing DMEPOS billing system or software platform (Brightree, WellSky, Niko Health, or similar) as a white-label module or integrated feature. STTIL Solutions receives an upfront license fee plus ongoing royalties. ### Target Companies | Company | Why They're a Fit | |---------|------------------| | **Brightree** (ResMed subsidiary) | Largest DMEPOS billing platform; CGM is a growth category in their customer base | | **WellSky** | Major post-acute and home health platform; DMEPOS billing module customers need this | | **Niko Health** | CGM-focused billing platform — most directly aligned with Signal CGM's use case | | **Bonafide DME** | Regional but CGM-specialized; potential pilot-to-license path | | **Intermedix / R1 RCM** | Revenue cycle management at scale; denial prevention is core to their value prop | ### White-Label / Integration Licensing Structure **Option 1 — White-label OEM** - Billing system rebrands Signal CGM as their own module - STTIL provides code + documentation + update cadence - Billing system handles all HIPAA compliance, BAAs, customer support - STTIL's obligations: deliver working software, maintain payer rules, provide updates **Option 2 — API integration** - Signal CGM runs as a STTIL-operated microservice - Billing system calls STTIL's API per worklist calculation - Billing system owns the customer relationship; STTIL is a BA to the billing system - Requires STTIL to maintain HIPAA compliance posture (similar to Model B) **Recommendation:** White-label OEM (Option 1) is cleaner for a solo founder. STTIL delivers IP and updates; compliance burden passes to the buyer entity. ### Fee Structure | Component | Range | |-----------|-------| | Upfront license fee | $50,000 – $200,000 | | Per-supplier royalty (ongoing) | $10 – $30/mo per supplier on platform | | Annual maintenance fee | 15–20% of upfront fee | **Royalty projection:** ``` Brightree has 10,000+ DMEPOS customers. If 20% use CGM billing: 2,000 suppliers. At $15/mo royalty: $30,000/mo = $360K ARR (royalty only) Plus $100K upfront = strong deal economics. ``` **Assumption validation:** $50K–$200K is consistent with healthcare software module licensing at pre-scale stage. Niko Health or a regional platform might start at $50K–$75K. Brightree would likely start at $100K+ but requires more proof of concept. These numbers are negotiable; the royalty stream is the long-term value. ### IP Protection — What Transfers vs. What Stays | What Transfers (License) | What Stays with STTIL | |--------------------------|----------------------| | Right to use, embed, and white-label the software | Copyright and ownership | | Access to payer rules config updates | Right to license to other platforms | | Integration documentation | Future research and improvements | | 12–24 month update cadence | Right to terminate for non-payment | **Key contract terms to require:** - Field-of-use restriction (DMEPOS billing only — no resale to competitors) - Source code escrow for business continuity - Audit rights on royalty reporting - Termination-for-cause with reversion of deployed copies ### Why This Is Strategically Superior to Individual SaaS 1. **Customer acquisition cost near zero.** Billing system already has 2,000+ supplier relationships. STTIL acquires those customers through one deal. 2. **No per-customer BAA management.** White-label shifts compliance to the licensee. STTIL's HIPAA obligations are contained in the licensing agreement. 3. **Revenue concentration risk is real** (single large customer dependency), but the upfront fee de-risks the first 12–18 months. 4. **Faster to scale** than signing 200 individual SaaS customers. ### What Proof-of-Concept Data Makes This Deal Easier to Close A billing system will not pay $100K+ on a concept alone. The most useful proof points: | Proof Point | Impact on Deal | |-------------|---------------| | 1–3 pilot supplier testimonials with denial reduction data | Moves floor from concept to validated tool | | Worklist accuracy rate (coverage flags vs. actual claim outcomes) | Demonstrates technical reliability | | Payer rule accuracy across Medicare + 1–2 MACs | Shows maintenance commitment | | Prior authorization flag performance (post-April 2026) | Directly relevant to 2026 urgency narrative | **The zero-PHI pilot strategy** (see hipaa-deployment-analysis-v1.md, Section 5) is specifically designed to generate this proof-of-concept data before STTIL is fully HIPAA compliant — enabling early deal conversations with billing system partners. ### Initial Approach Strategy 1. **Niko Health first** — smallest and most CGM-aligned; most likely to move quickly 2. **Request a product demo slot** at NHIA 2026 or AAHomecare meeting 3. **Lead with the denial prevention ROI story** + the April 2026 PA expansion urgency 4. **Offer a structured pilot:** 30-day free integration, shared denial data results 5. **Brightree / WellSky:** Approach through their partner/integration program after Niko validation. These require a more established proof base. --- ## 5. Phased Roadmap ``` PHASE 0 — FOUNDATION (Now → Month 2) ───────────────────────────────────────────────────────────── Goal: Zero-PHI pilot ready; compliance posture documented □ Finalize synthetic dataset for demo/pilot □ HIPAA compliance stack selection (hosting + BAA) □ BAA template legal review □ Letter of Intent template for free pilots □ Niko Health outreach initiated ─ No ePHI touches at this phase ─ Revenue: $0 PHASE 1 — PILOT (Month 2 → Month 5) ───────────────────────────────────────────────────────────── Goal: 1–3 supplier pilots running; proof-of-concept data collected □ 1–3 DMEPOS suppliers on free pilot (synthetic or anonymized data) □ Denial flag accuracy validated against real claim outcomes □ Testimonials / case study data collected □ Billing system introductory meetings scheduled □ HIPAA compliance stack operational (if transitioning to live ePHI) Revenue: $0 (pilots are free) Key gate: At least 1 supplier can document denial reduction PHASE 2 — FIRST LICENSE (Month 5 → Month 12) ───────────────────────────────────────────────────────────── Goal: First paying customer(s); billing system deal in pipeline □ 1–5 paying SaaS customers (Model B) OR □ Letter of Intent from billing system partner (Model C) □ Full HIPAA compliance stack operational with signed BAAs □ Annual risk assessment documented □ Revenue begins ⚠️ CONSULT WIPA BEFORE PHASE 2 (see Section 7) Revenue: $3,600–$18,000 ARR (SaaS) or $50K–$200K (licensing deal) PHASE 3 — SCALE (Month 12+) ───────────────────────────────────────────────────────────── Goal: Distribution licensing executed; recurring revenue stable □ Billing system white-label deal closed □ Royalty stream established □ Signal CGM payer rules updated for 2027 changes □ Evaluate consortium / buying group strategy (Level 2/3) Revenue: $100K+ ARR target ``` --- ## 6. Revenue Milestone Table | Phase | Timeline | Model | Revenue Target | Key Milestone | |-------|----------|-------|---------------|---------------| | 0 — Foundation | Month 0–2 | — | $0 | Pilot ready, HIPAA posture documented | | 1 — Pilot | Month 2–5 | Free pilot | $0 | Denial reduction data collected | | 2A — First SaaS | Month 5–8 | Model B | $3,600–$18,000 ARR | 1–5 paying suppliers | | 2B — Licensing LOI | Month 6–12 | Model C | $50K–$200K (one-time) | Billing system LOI signed | | 3 — Distribution | Month 12–18 | Model C + B | $100K–$400K ARR | Royalty stream active | | 4 — Scale | Month 18–24 | Model C primary | $360K+ ARR | 2,000+ suppliers via platform | **Note on Model A:** Asset sale remains available at any phase. Post-pilot (Phase 1 complete), a realistic asset sale price is $45,000–$75,000. Post- first-license (Phase 2 complete), the range is $100,000–$200,000. Waiting for proof of concept before selling is almost always the right decision. --- ## 7. SSDI/SGA Risk Notes by Phase > **Disclaimer:** This is general context, not legal or benefits advice. > SSDI/SGA rules are complex and individual. Always consult a WIPA > (Work Incentive Planning and Assistance) counselor before generating > business income that could affect benefit status. | Phase | SSDI/SGA Consideration | |-------|----------------------| | **Phase 0 — Foundation** | Research, development, and documentation activity. No earned income generated. Standard Trial Work Period rules may not yet be triggered. Low risk. | | **Phase 1 — Pilot** | Free pilots generate no revenue. Time invested is not compensated. Monitor if consulting or advisory services emerge from pilot relationships. | | **Phase 2 — First License** | ⚠️ **Revenue begins here. CONSULT WIPA BEFORE PHASE 2.** SaaS subscription income and one-time licensing fees may count as earned income or Unearned Income depending on structure (see SSDI vs. SSI rules). LLC structure and active vs. passive income classification matter. | | **Phase 3 — Scale** | Ongoing royalty income classification (earned vs. unearned) depends on the degree of active management. Royalty streams from IP licensing may be treated differently than SaaS subscription income. Requires WIPA guidance. | **Action item:** Contact a WIPA counselor before signing a first customer or accepting any payment, regardless of structure. The Social Security Administration's treatment of self-employment income can be counterintuitive. WIPA counselors are free; find one at benefitsinfo.ssa.gov. --- ## 8. Founder Recommendation **For a solo, pre-revenue founder in 2026 who wants to retain IP and maximize long-term upside:** **Pursue Model C (Distribution Licensing) as the primary path, using Model B pilots as the proof-of-concept engine.** The specific sequence: 1. **Do not sell the asset yet (not Model A).** A $35K asset sale before proof of concept is a permanent exit at the worst possible valuation moment. The upside of a billing system deal ($100K+ upfront + royalties) is an order of magnitude larger. The option to sell always remains open — take it off the table only when necessary. 2. **Run 1–3 free pilots using the zero-PHI path** (synthetic data, no ePHI contact). This costs nothing in compliance overhead and generates the denial-reduction proof points that make the billing system conversation credible. 3. **Approach Niko Health first.** They are the most CGM-focused billing platform and the most likely to move quickly on a licensing conversation with a validated pilot behind it. Use AAHomecare or NHIA conferences as access points. 4. **Build the HIPAA compliance stack in parallel** (6–11 weeks effort) so you can convert pilot suppliers to paying SaaS customers if the billing system deal moves slowly. Model B provides cash flow while Model C deal terms are negotiated. 5. **Retain all IP.** License only. Structure every agreement with field-of-use restrictions, royalty audit rights, and termination-for- cause with software reversion. Your ongoing payer rule updates are the stickiness mechanism — build this into the license structure. **The single most important action in the next 30 days:** Execute one free pilot with a real DMEPOS supplier using synthetic or anonymized data. That pilot is the proof point that unlocks everything else. --- *Document version: v1 | April 2026 | STTIL Solutions LLC* *Cross-reference: [hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md)*