sttil/Signal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Signal/pitch/signal-business-model-v1.md
Kisa eb927258c6 refactor: reorganize repo structure — flatten CGM-Denial-Prevention/ and Projects/ into docs/ pitch/ research/ 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 05:10:00 -04:00

475 lines
22 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Signal — Business Model Analysis v1
### STTIL Solutions LLC | Confidential | April 2026
> **Purpose:** Evaluate three monetization paths for Signal, including
> compliance obligations, delivery and customer acquisition costs, revenue
> projections, and a recommendation for a solo pre-revenue founder in 2026
> who wants to retain IP and maximize long-term upside.
---
## Table of Contents
1. [Market Baseline](#1-market-baseline)
2. [Model A — Asset Sale](#2-model-a--asset-sale)
3. [Model B — Direct SaaS Licensing to DMEPOS Suppliers](#3-model-b--direct-saas-licensing-to-dmepos-suppliers)
4. [Model C — Distribution Licensing to Billing System](#4-model-c--distribution-licensing-to-billing-system)
5. [Phased Roadmap](#5-phased-roadmap)
6. [Revenue Milestone Table](#6-revenue-milestone-table)
7. [SSDI/SGA Risk Notes by Phase](#7-ssdisga-risk-notes-by-phase)
8. [Founder Recommendation](#8-founder-recommendation)
---
## 1. Market Baseline
| Metric | Figure | Basis |
|--------|--------|-------|
| Medicare-enrolled DMEPOS suppliers billing CGM | ~7,500 | CMS data, Signal TAM estimate |
| CMS projected CGM beneficiaries by 2028 | 3.2 million | CMS projections |
| Improper Medicare CGM payments (2024) | ~$278.5M | CMS OIG report |
| DMEPOS total Medicare spend | $7B+ annually | OIG |
| Target supplier size | 550 employees | Most common segment |
**TAM math (annual recurring revenue):**
```
1% penetration (75 suppliers) × $3,600 ARR = $270K ARR
3% penetration (225 suppliers) × $3,600 ARR = $810K ARR
5% penetration (375 suppliers) × $3,600 ARR = $1.35M ARR
```
**Key 2026 urgency drivers:**
- CMS expanded prior authorization requirements effective April 13, 2026
- 2028 Competitive Bidding expansion to CGM categories → margin compression
- CMS enrollment moratoria tightening the supplier pool → consolidation pressure
- 2026 HIPAA Security Rule updates adding mandatory compliance costs
---
## 2. Model A — Asset Sale
### Overview
A one-time sale of the full Signal asset package to a qualified buyer.
No ongoing operational obligations for STTIL Solutions after the knowledge
transfer period.
**Price range:** $25,000 $60,000 (one-time)
### What the Buyer Inherits
| Asset | Description |
|-------|-------------|
| Full source code | Python/FastAPI backend, coverage_calculator.py, audit_logger.py, db_models.py, payer_rules.json |
| Research library | dmepos-research-v3.md, compliance roadmap, CB/PA regulatory analysis |
| BAA templates | Hostinger VPS BAA request template; operator BAA framework for customer agreements |
| Newsletter strategy | Subscriber acquisition strategy for DMEPOS supplier outreach |
| n8n workflows | Self-hosted batch trigger workflow exports |
| CLAUDE.md handoff | Full AI-assisted development context — new owner continues building without ramp-up loss |
| 30-day knowledge transfer | Live sessions covering architecture, payer rule updates, compliance posture, go-to-market |
### IP Transfer Implications
- **Full IP assignment:** All copyright, trade secrets, and documentation
transfer to buyer on payment. STTIL Solutions retains no license unless
negotiated.
- **PHI exposure ends:** STTIL's Business Associate obligations to any
future buyer-operated system are governed by the buyer's BAAs, not STTIL's.
- **No residual royalty** in the standard asset sale structure — buyer owns it
outright. This is the simplest exit but permanently caps STTIL's upside.
- **Confidentiality:** Buyer likely requires an NDA covering the research
library and market analysis. Build this into the sale agreement.
### Cost Structure (STTIL Side)
| Cost Item | Estimate |
|-----------|----------|
| Legal: IP assignment agreement + NDA | $1,500 $3,000 |
| Knowledge transfer labor (30 days) | 4080 hours founder time |
| Opportunity cost of not operating | Forgone SaaS ARR (see Model B) |
| **Net proceeds at $35K sale** | ~$31,500$33,500 after legal |
### When Asset Sale Makes Sense
- Founder needs immediate liquidity
- No bandwidth to manage compliance, support, or customer success
- Buyer is a DMEPOS operator who can deploy immediately (direct ROI case)
- Regulatory risk (HIPAA compliance overhead) is not worth the SaaS upside
### When Asset Sale Does NOT Make Sense
- **Pre-proof-of-concept sale undervalues the asset.** Without a single
paying customer or pilot result, the buyer is pricing in maximum risk.
Even one supplier testimonial — "Signal prevented X denials in 30 days"
— can move the negotiating floor from $25K to $45K or higher.
- When a billing system deal (Model C) is realistically achievable. A
$100K$200K licensing fee + royalties makes a $35K asset sale look
like a distress sale in hindsight.
- When the founder has SaaS operational capacity and wants recurring income.
**Validated assumption:** The $25K$60K range is consistent with early-stage
healthcare IT tools at pre-revenue stage. Post-pilot with documented denial
reduction data, a $60K$100K range is defensible. The upper end ($200K+)
requires a billing system acquirer or consortium structure.
---
## 3. Model B — Direct SaaS Licensing to DMEPOS Suppliers
### Overview
STTIL Solutions operates Signal as a hosted SaaS and licenses access
to individual DMEPOS suppliers on a monthly subscription basis.
> **HIPAA compliance note:** Operating as a SaaS with supplier ePHI contact
> makes STTIL Solutions a Business Associate under HIPAA. This triggers
> mandatory compliance obligations. See
> [hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md)
> for the full technical and legal analysis, including the minimum viable
> compliance stack, hosting cost comparison, and realistic launch timeline.
> The cost and timeline estimates in this section are derived from that analysis.
### Pricing Model
| Tier | Monthly Price | Annual ARR per Supplier | Assumed Supplier Size |
|------|--------------|------------------------|----------------------|
| Starter | $200/mo | $2,400 | 1200 CGM patients |
| Growth | $350/mo | $4,200 | 2001,000 CGM patients |
| Pro | $500/mo | $6,000 | 1,000+ CGM patients |
**Blended assumption:** $300/mo average across the mix = $3,600 ARR/supplier.
This is conservative; denial prevention ROI at even $300/mo is compelling
for a supplier losing $500$2,000/month on avoidable denials.
**Assumption validation:** DMEPOS back-office software (Brightree, WellSky)
runs $200$600/mo per module. Signal at $200$500/mo is within the
established price tolerance for this buyer. The ROI case is direct:
one prevented denial per month at ~$150$400 average CGM claim value
pays for the tool. This pricing is supportable.
### Revenue Projections
```
TAM: ~7,500 Medicare-enrolled DMEPOS suppliers billing CGM
Penetration | Suppliers | MRR | ARR
────────────┼───────────┼───────────┼──────────
1% │ 75 │ $22,500 │ $270K
3% │ 225 │ $67,500 │ $810K
5% │ 375 │ $112,500 │ $1.35M
```
Realistic Year 1 ceiling (solo founder, no sales team): 1025 suppliers = $36K$90K ARR.
### HIPAA SaaS Compliance Requirements and Costs
Operating as a SaaS means STTIL touches supplier ePHI (patient_id mapped
against shipment records), making STTIL a Business Associate. The 2026
HIPAA Security Rule updates add mandatory requirements previously listed
as "addressable." Full detail in
[hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md).
**Estimated minimum compliance stack cost (Year 1):**
| Item | Annual Cost |
|------|-------------|
| HIPAA-eligible hosting with BAA (Atlantic.Net or AWS) | $1,200 $3,600 |
| Compliance platform (Accountable HQ or similar) | $1,200 $2,400 |
| FIDO2 MFA implementation (Duo or Authelia) | $0 $600 |
| Legal: BAA templates per customer + policy docs | $2,000 $4,000 |
| Annual risk assessment (internal or consultant) | $500 $2,000 |
| Incident response planning | $500 $1,000 |
| **Total Year 1 compliance overhead** | **$5,400 $13,600** |
**Break-even analysis:** At $300/mo average, compliance overhead is
covered by 24 paying suppliers. This is achievable in Year 1 if
the pilot strategy (see Section 5 of the HIPAA analysis) generates
even one paying customer.
### BAA Obligations Per Customer
Every DMEPOS supplier customer requires:
1. A signed **Business Associate Agreement** before any ePHI is processed
2. A customer-specific **data processing addendum** covering scope
3. Documented security review in STTIL's risk assessment
The existing BAA template in the asset package is a starting point. A
healthcare attorney review ($500$1,500) is recommended before first
customer signature.
### Minimum Viable Compliance Stack Before First Customer
1. HIPAA-eligible hosting provider with signed BAA
2. FIDO2/WebAuthn MFA on all admin and staff access paths
3. AES-256 encryption at rest; TLS 1.3 in transit
4. WORM audit logging tied to existing `audit_logger.py` (6-year retention)
5. Documented annual risk assessment
6. Signed incident response plan (72-hour ePHI restoration target)
7. BAA executed with each customer before onboarding
**The existing `audit_logger.py` already satisfies the audit log
architecture requirement.** The gap is WORM storage enforcement — PostgreSQL
must be configured with append-only log tables or exported to immutable
object storage (S3 with Object Lock, or equivalent).
### Timeline to Compliant Launch
| Milestone | Estimated Duration |
|-----------|--------------------|
| Hosting selection + BAA execution | 12 weeks |
| FIDO2 MFA integration | 12 weeks |
| Encryption audit + TLS hardening | 1 week |
| WORM audit log storage implementation | 12 weeks |
| Risk assessment documentation | 1 week |
| BAA template legal review | 12 weeks |
| **Total: compliant to first customer** | **611 weeks** |
**> Consult WIPA before Phase 2** (see Section 7)
---
## 4. Model C — Distribution Licensing to Billing System
### Overview
License Signal to an existing DMEPOS billing system or software
platform (Brightree, WellSky, Niko Health, or similar) as a white-label
module or integrated feature. STTIL Solutions receives an upfront license
fee plus ongoing royalties.
### Target Companies
| Company | Why They're a Fit |
|---------|------------------|
| **Brightree** (ResMed subsidiary) | Largest DMEPOS billing platform; CGM is a growth category in their customer base |
| **WellSky** | Major post-acute and home health platform; DMEPOS billing module customers need this |
| **Niko Health** | CGM-focused billing platform — most directly aligned with Signal's use case |
| **Bonafide DME** | Regional but CGM-specialized; potential pilot-to-license path |
| **Intermedix / R1 RCM** | Revenue cycle management at scale; denial prevention is core to their value prop |
### White-Label / Integration Licensing Structure
**Option 1 — White-label OEM**
- Billing system rebrands Signal as their own module
- STTIL provides code + documentation + update cadence
- Billing system handles all HIPAA compliance, BAAs, customer support
- STTIL's obligations: deliver working software, maintain payer rules, provide updates
**Option 2 — API integration**
- Signal runs as a STTIL-operated microservice
- Billing system calls STTIL's API per worklist calculation
- Billing system owns the customer relationship; STTIL is a BA to the billing system
- Requires STTIL to maintain HIPAA compliance posture (similar to Model B)
**Recommendation:** White-label OEM (Option 1) is cleaner for a solo
founder. STTIL delivers IP and updates; compliance burden passes to
the buyer entity.
### Fee Structure
| Component | Range |
|-----------|-------|
| Upfront license fee | $50,000 $200,000 |
| Per-supplier royalty (ongoing) | $10 $30/mo per supplier on platform |
| Annual maintenance fee | 1520% of upfront fee |
**Royalty projection:**
```
Brightree has 10,000+ DMEPOS customers.
If 20% use CGM billing: 2,000 suppliers.
At $15/mo royalty: $30,000/mo = $360K ARR (royalty only)
Plus $100K upfront = strong deal economics.
```
**Assumption validation:** $50K$200K is consistent with healthcare software
module licensing at pre-scale stage. Niko Health or a regional platform
might start at $50K$75K. Brightree would likely start at $100K+ but
requires more proof of concept. These numbers are negotiable; the royalty
stream is the long-term value.
### IP Protection — What Transfers vs. What Stays
| What Transfers (License) | What Stays with STTIL |
|--------------------------|----------------------|
| Right to use, embed, and white-label the software | Copyright and ownership |
| Access to payer rules config updates | Right to license to other platforms |
| Integration documentation | Future research and improvements |
| 1224 month update cadence | Right to terminate for non-payment |
**Key contract terms to require:**
- Field-of-use restriction (DMEPOS billing only — no resale to competitors)
- Source code escrow for business continuity
- Audit rights on royalty reporting
- Termination-for-cause with reversion of deployed copies
### Why This Is Strategically Superior to Individual SaaS
1. **Customer acquisition cost near zero.** Billing system already has 2,000+
supplier relationships. STTIL acquires those customers through one deal.
2. **No per-customer BAA management.** White-label shifts compliance to the
licensee. STTIL's HIPAA obligations are contained in the licensing agreement.
3. **Revenue concentration risk is real** (single large customer dependency),
but the upfront fee de-risks the first 1218 months.
4. **Faster to scale** than signing 200 individual SaaS customers.
### What Proof-of-Concept Data Makes This Deal Easier to Close
A billing system will not pay $100K+ on a concept alone. The most useful
proof points:
| Proof Point | Impact on Deal |
|-------------|---------------|
| 13 pilot supplier testimonials with denial reduction data | Moves floor from concept to validated tool |
| Worklist accuracy rate (coverage flags vs. actual claim outcomes) | Demonstrates technical reliability |
| Payer rule accuracy across Medicare + 12 MACs | Shows maintenance commitment |
| Prior authorization flag performance (post-April 2026) | Directly relevant to 2026 urgency narrative |
**The zero-PHI pilot strategy** (see hipaa-deployment-analysis-v1.md,
Section 5) is specifically designed to generate this proof-of-concept
data before STTIL is fully HIPAA compliant — enabling early deal conversations
with billing system partners.
### Initial Approach Strategy
1. **Niko Health first** — smallest and most CGM-aligned; most likely to move quickly
2. **Request a product demo slot** at NHIA 2026 or AAHomecare meeting
3. **Lead with the denial prevention ROI story** + the April 2026 PA expansion urgency
4. **Offer a structured pilot:** 30-day free integration, shared denial data results
5. **Brightree / WellSky:** Approach through their partner/integration program after
Niko validation. These require a more established proof base.
---
## 5. Phased Roadmap
```
PHASE 0 — FOUNDATION (Now → Month 2)
─────────────────────────────────────────────────────────────
Goal: Zero-PHI pilot ready; compliance posture documented
□ Finalize synthetic dataset for demo/pilot
□ HIPAA compliance stack selection (hosting + BAA)
□ BAA template legal review
□ Letter of Intent template for free pilots
□ Niko Health outreach initiated
─ No ePHI touches at this phase ─
Revenue: $0
PHASE 1 — PILOT (Month 2 → Month 5)
─────────────────────────────────────────────────────────────
Goal: 13 supplier pilots running; proof-of-concept data collected
□ 13 DMEPOS suppliers on free pilot (synthetic or anonymized data)
□ Denial flag accuracy validated against real claim outcomes
□ Testimonials / case study data collected
□ Billing system introductory meetings scheduled
□ HIPAA compliance stack operational (if transitioning to live ePHI)
Revenue: $0 (pilots are free)
Key gate: At least 1 supplier can document denial reduction
PHASE 2 — FIRST LICENSE (Month 5 → Month 12)
─────────────────────────────────────────────────────────────
Goal: First paying customer(s); billing system deal in pipeline
□ 15 paying SaaS customers (Model B) OR
□ Letter of Intent from billing system partner (Model C)
□ Full HIPAA compliance stack operational with signed BAAs
□ Annual risk assessment documented
□ Revenue begins
⚠️ CONSULT WIPA BEFORE PHASE 2 (see Section 7)
Revenue: $3,600$18,000 ARR (SaaS) or $50K$200K (licensing deal)
PHASE 3 — SCALE (Month 12+)
─────────────────────────────────────────────────────────────
Goal: Distribution licensing executed; recurring revenue stable
□ Billing system white-label deal closed
□ Royalty stream established
□ Signal payer rules updated for 2027 changes
□ Evaluate consortium / buying group strategy (Level 2/3)
Revenue: $100K+ ARR target
```
---
## 6. Revenue Milestone Table
| Phase | Timeline | Model | Revenue Target | Key Milestone |
|-------|----------|-------|---------------|---------------|
| 0 — Foundation | Month 02 | — | $0 | Pilot ready, HIPAA posture documented |
| 1 — Pilot | Month 25 | Free pilot | $0 | Denial reduction data collected |
| 2A — First SaaS | Month 58 | Model B | $3,600$18,000 ARR | 15 paying suppliers |
| 2B — Licensing LOI | Month 612 | Model C | $50K$200K (one-time) | Billing system LOI signed |
| 3 — Distribution | Month 1218 | Model C + B | $100K$400K ARR | Royalty stream active |
| 4 — Scale | Month 1824 | Model C primary | $360K+ ARR | 2,000+ suppliers via platform |
**Note on Model A:** Asset sale remains available at any phase. Post-pilot
(Phase 1 complete), a realistic asset sale price is $45,000$75,000. Post-
first-license (Phase 2 complete), the range is $100,000$200,000. Waiting
for proof of concept before selling is almost always the right decision.
---
## 7. SSDI/SGA Risk Notes by Phase
> **Disclaimer:** This is general context, not legal or benefits advice.
> SSDI/SGA rules are complex and individual. Always consult a WIPA
> (Work Incentive Planning and Assistance) counselor before generating
> business income that could affect benefit status.
| Phase | SSDI/SGA Consideration |
|-------|----------------------|
| **Phase 0 — Foundation** | Research, development, and documentation activity. No earned income generated. Standard Trial Work Period rules may not yet be triggered. Low risk. |
| **Phase 1 — Pilot** | Free pilots generate no revenue. Time invested is not compensated. Monitor if consulting or advisory services emerge from pilot relationships. |
| **Phase 2 — First License** | ⚠️ **Revenue begins here. CONSULT WIPA BEFORE PHASE 2.** SaaS subscription income and one-time licensing fees may count as earned income or Unearned Income depending on structure (see SSDI vs. SSI rules). LLC structure and active vs. passive income classification matter. |
| **Phase 3 — Scale** | Ongoing royalty income classification (earned vs. unearned) depends on the degree of active management. Royalty streams from IP licensing may be treated differently than SaaS subscription income. Requires WIPA guidance. |
**Action item:** Contact a WIPA counselor before signing a first customer
or accepting any payment, regardless of structure. The Social Security
Administration's treatment of self-employment income can be counterintuitive.
WIPA counselors are free; find one at benefitsinfo.ssa.gov.
---
## 8. Founder Recommendation
**For a solo, pre-revenue founder in 2026 who wants to retain IP
and maximize long-term upside:**
**Pursue Model C (Distribution Licensing) as the primary path,
using Model B pilots as the proof-of-concept engine.**
The specific sequence:
1. **Do not sell the asset yet (not Model A).** A $35K asset sale before
proof of concept is a permanent exit at the worst possible valuation
moment. The upside of a billing system deal ($100K+ upfront + royalties)
is an order of magnitude larger. The option to sell always remains open —
take it off the table only when necessary.
2. **Run 13 free pilots using the zero-PHI path** (synthetic data, no
ePHI contact). This costs nothing in compliance overhead and generates
the denial-reduction proof points that make the billing system
conversation credible.
3. **Approach Niko Health first.** They are the most CGM-focused billing
platform and the most likely to move quickly on a licensing conversation
with a validated pilot behind it. Use AAHomecare or NHIA conferences
as access points.
4. **Build the HIPAA compliance stack in parallel** (611 weeks effort)
so you can convert pilot suppliers to paying SaaS customers if the
billing system deal moves slowly. Model B provides cash flow while
Model C deal terms are negotiated.
5. **Retain all IP.** License only. Structure every agreement with
field-of-use restrictions, royalty audit rights, and termination-for-
cause with software reversion. Your ongoing payer rule updates are
the stickiness mechanism — build this into the license structure.
**The single most important action in the next 30 days:** Execute one
free pilot with a real DMEPOS supplier using synthetic or anonymized data.
That pilot is the proof point that unlocks everything else.
---
*Document version: v1 | April 2026 | STTIL Solutions LLC*
*Cross-reference: [hipaa-deployment-analysis-v1.md](../Compliance/hipaa-deployment-analysis-v1.md)*
Reference in a new issue View git blame Copy permalink