22 KiB
Signal — Business Model Analysis v1
STTIL Solutions LLC | Confidential | April 2026
Purpose: Evaluate three monetization paths for Signal, including compliance obligations, delivery and customer acquisition costs, revenue projections, and a recommendation for a solo pre-revenue founder in 2026 who wants to retain IP and maximize long-term upside.
Table of Contents
- Market Baseline
- Model A — Asset Sale
- Model B — Direct SaaS Licensing to DMEPOS Suppliers
- Model C — Distribution Licensing to Billing System
- Phased Roadmap
- Revenue Milestone Table
- SSDI/SGA Risk Notes by Phase
- Founder Recommendation
1. Market Baseline
| Metric | Figure | Basis |
|---|---|---|
| Medicare-enrolled DMEPOS suppliers billing CGM | ~7,500 | CMS data, Signal TAM estimate |
| CMS projected CGM beneficiaries by 2028 | 3.2 million | CMS projections |
| Improper Medicare CGM payments (2024) | ~$278.5M | CMS OIG report |
| DMEPOS total Medicare spend | $7B+ annually | OIG |
| Target supplier size | 5–50 employees | Most common segment |
TAM math (annual recurring revenue):
1% penetration (75 suppliers) × $3,600 ARR = $270K ARR
3% penetration (225 suppliers) × $3,600 ARR = $810K ARR
5% penetration (375 suppliers) × $3,600 ARR = $1.35M ARR
Key 2026 urgency drivers:
- CMS expanded prior authorization requirements effective April 13, 2026
- 2028 Competitive Bidding expansion to CGM categories → margin compression
- CMS enrollment moratoria tightening the supplier pool → consolidation pressure
- 2026 HIPAA Security Rule updates adding mandatory compliance costs
2. Model A — Asset Sale
Overview
A one-time sale of the full Signal asset package to a qualified buyer. No ongoing operational obligations for STTIL Solutions after the knowledge transfer period.
Price range: $25,000 – $60,000 (one-time)
What the Buyer Inherits
| Asset | Description |
|---|---|
| Full source code | Python/FastAPI backend, coverage_calculator.py, audit_logger.py, db_models.py, payer_rules.json |
| Research library | dmepos-research-v3.md, compliance roadmap, CB/PA regulatory analysis |
| BAA templates | Hostinger VPS BAA request template; operator BAA framework for customer agreements |
| Newsletter strategy | Subscriber acquisition strategy for DMEPOS supplier outreach |
| n8n workflows | Self-hosted batch trigger workflow exports |
| CLAUDE.md handoff | Full AI-assisted development context — new owner continues building without ramp-up loss |
| 30-day knowledge transfer | Live sessions covering architecture, payer rule updates, compliance posture, go-to-market |
IP Transfer Implications
- Full IP assignment: All copyright, trade secrets, and documentation transfer to buyer on payment. STTIL Solutions retains no license unless negotiated.
- PHI exposure ends: STTIL's Business Associate obligations to any future buyer-operated system are governed by the buyer's BAAs, not STTIL's.
- No residual royalty in the standard asset sale structure — buyer owns it outright. This is the simplest exit but permanently caps STTIL's upside.
- Confidentiality: Buyer likely requires an NDA covering the research library and market analysis. Build this into the sale agreement.
Cost Structure (STTIL Side)
| Cost Item | Estimate |
|---|---|
| Legal: IP assignment agreement + NDA | $1,500 – $3,000 |
| Knowledge transfer labor (30 days) | 40–80 hours founder time |
| Opportunity cost of not operating | Forgone SaaS ARR (see Model B) |
| Net proceeds at $35K sale | ~$31,500–$33,500 after legal |
When Asset Sale Makes Sense
- Founder needs immediate liquidity
- No bandwidth to manage compliance, support, or customer success
- Buyer is a DMEPOS operator who can deploy immediately (direct ROI case)
- Regulatory risk (HIPAA compliance overhead) is not worth the SaaS upside
When Asset Sale Does NOT Make Sense
- Pre-proof-of-concept sale undervalues the asset. Without a single paying customer or pilot result, the buyer is pricing in maximum risk. Even one supplier testimonial — "Signal prevented X denials in 30 days" — can move the negotiating floor from $25K to $45K or higher.
- When a billing system deal (Model C) is realistically achievable. A $100K–$200K licensing fee + royalties makes a $35K asset sale look like a distress sale in hindsight.
- When the founder has SaaS operational capacity and wants recurring income.
Validated assumption: The $25K–$60K range is consistent with early-stage healthcare IT tools at pre-revenue stage. Post-pilot with documented denial reduction data, a $60K–$100K range is defensible. The upper end ($200K+) requires a billing system acquirer or consortium structure.
3. Model B — Direct SaaS Licensing to DMEPOS Suppliers
Overview
STTIL Solutions operates Signal as a hosted SaaS and licenses access to individual DMEPOS suppliers on a monthly subscription basis.
HIPAA compliance note: Operating as a SaaS with supplier ePHI contact makes STTIL Solutions a Business Associate under HIPAA. This triggers mandatory compliance obligations. See hipaa-deployment-analysis-v1.md for the full technical and legal analysis, including the minimum viable compliance stack, hosting cost comparison, and realistic launch timeline. The cost and timeline estimates in this section are derived from that analysis.
Pricing Model
| Tier | Monthly Price | Annual ARR per Supplier | Assumed Supplier Size |
|---|---|---|---|
| Starter | $200/mo | $2,400 | 1–200 CGM patients |
| Growth | $350/mo | $4,200 | 200–1,000 CGM patients |
| Pro | $500/mo | $6,000 | 1,000+ CGM patients |
Blended assumption: $300/mo average across the mix = $3,600 ARR/supplier. This is conservative; denial prevention ROI at even $300/mo is compelling for a supplier losing $500–$2,000/month on avoidable denials.
Assumption validation: DMEPOS back-office software (Brightree, WellSky) runs $200–$600/mo per module. Signal at $200–$500/mo is within the established price tolerance for this buyer. The ROI case is direct: one prevented denial per month at ~$150–$400 average CGM claim value pays for the tool. This pricing is supportable.
Revenue Projections
TAM: ~7,500 Medicare-enrolled DMEPOS suppliers billing CGM
Penetration | Suppliers | MRR | ARR
────────────┼───────────┼───────────┼──────────
1% │ 75 │ $22,500 │ $270K
3% │ 225 │ $67,500 │ $810K
5% │ 375 │ $112,500 │ $1.35M
Realistic Year 1 ceiling (solo founder, no sales team): 10–25 suppliers = $36K–$90K ARR.
HIPAA SaaS Compliance Requirements and Costs
Operating as a SaaS means STTIL touches supplier ePHI (patient_id mapped against shipment records), making STTIL a Business Associate. The 2026 HIPAA Security Rule updates add mandatory requirements previously listed as "addressable." Full detail in hipaa-deployment-analysis-v1.md.
Estimated minimum compliance stack cost (Year 1):
| Item | Annual Cost |
|---|---|
| HIPAA-eligible hosting with BAA (Atlantic.Net or AWS) | $1,200 – $3,600 |
| Compliance platform (Accountable HQ or similar) | $1,200 – $2,400 |
| FIDO2 MFA implementation (Duo or Authelia) | $0 – $600 |
| Legal: BAA templates per customer + policy docs | $2,000 – $4,000 |
| Annual risk assessment (internal or consultant) | $500 – $2,000 |
| Incident response planning | $500 – $1,000 |
| Total Year 1 compliance overhead | $5,400 – $13,600 |
Break-even analysis: At $300/mo average, compliance overhead is covered by 2–4 paying suppliers. This is achievable in Year 1 if the pilot strategy (see Section 5 of the HIPAA analysis) generates even one paying customer.
BAA Obligations Per Customer
Every DMEPOS supplier customer requires:
- A signed Business Associate Agreement before any ePHI is processed
- A customer-specific data processing addendum covering scope
- Documented security review in STTIL's risk assessment
The existing BAA template in the asset package is a starting point. A healthcare attorney review ($500–$1,500) is recommended before first customer signature.
Minimum Viable Compliance Stack Before First Customer
- HIPAA-eligible hosting provider with signed BAA
- FIDO2/WebAuthn MFA on all admin and staff access paths
- AES-256 encryption at rest; TLS 1.3 in transit
- WORM audit logging tied to existing
audit_logger.py(6-year retention) - Documented annual risk assessment
- Signed incident response plan (72-hour ePHI restoration target)
- BAA executed with each customer before onboarding
The existing audit_logger.py already satisfies the audit log
architecture requirement. The gap is WORM storage enforcement — PostgreSQL
must be configured with append-only log tables or exported to immutable
object storage (S3 with Object Lock, or equivalent).
Timeline to Compliant Launch
| Milestone | Estimated Duration |
|---|---|
| Hosting selection + BAA execution | 1–2 weeks |
| FIDO2 MFA integration | 1–2 weeks |
| Encryption audit + TLS hardening | 1 week |
| WORM audit log storage implementation | 1–2 weeks |
| Risk assessment documentation | 1 week |
| BAA template legal review | 1–2 weeks |
| Total: compliant to first customer | 6–11 weeks |
> Consult WIPA before Phase 2 (see Section 7)
4. Model C — Distribution Licensing to Billing System
Overview
License Signal to an existing DMEPOS billing system or software platform (Brightree, WellSky, Niko Health, or similar) as a white-label module or integrated feature. STTIL Solutions receives an upfront license fee plus ongoing royalties.
Target Companies
| Company | Why They're a Fit |
|---|---|
| Brightree (ResMed subsidiary) | Largest DMEPOS billing platform; CGM is a growth category in their customer base |
| WellSky | Major post-acute and home health platform; DMEPOS billing module customers need this |
| Niko Health | CGM-focused billing platform — most directly aligned with Signal's use case |
| Bonafide DME | Regional but CGM-specialized; potential pilot-to-license path |
| Intermedix / R1 RCM | Revenue cycle management at scale; denial prevention is core to their value prop |
White-Label / Integration Licensing Structure
Option 1 — White-label OEM
- Billing system rebrands Signal as their own module
- STTIL provides code + documentation + update cadence
- Billing system handles all HIPAA compliance, BAAs, customer support
- STTIL's obligations: deliver working software, maintain payer rules, provide updates
Option 2 — API integration
- Signal runs as a STTIL-operated microservice
- Billing system calls STTIL's API per worklist calculation
- Billing system owns the customer relationship; STTIL is a BA to the billing system
- Requires STTIL to maintain HIPAA compliance posture (similar to Model B)
Recommendation: White-label OEM (Option 1) is cleaner for a solo founder. STTIL delivers IP and updates; compliance burden passes to the buyer entity.
Fee Structure
| Component | Range |
|---|---|
| Upfront license fee | $50,000 – $200,000 |
| Per-supplier royalty (ongoing) | $10 – $30/mo per supplier on platform |
| Annual maintenance fee | 15–20% of upfront fee |
Royalty projection:
Brightree has 10,000+ DMEPOS customers.
If 20% use CGM billing: 2,000 suppliers.
At $15/mo royalty: $30,000/mo = $360K ARR (royalty only)
Plus $100K upfront = strong deal economics.
Assumption validation: $50K–$200K is consistent with healthcare software module licensing at pre-scale stage. Niko Health or a regional platform might start at $50K–$75K. Brightree would likely start at $100K+ but requires more proof of concept. These numbers are negotiable; the royalty stream is the long-term value.
IP Protection — What Transfers vs. What Stays
| What Transfers (License) | What Stays with STTIL |
|---|---|
| Right to use, embed, and white-label the software | Copyright and ownership |
| Access to payer rules config updates | Right to license to other platforms |
| Integration documentation | Future research and improvements |
| 12–24 month update cadence | Right to terminate for non-payment |
Key contract terms to require:
- Field-of-use restriction (DMEPOS billing only — no resale to competitors)
- Source code escrow for business continuity
- Audit rights on royalty reporting
- Termination-for-cause with reversion of deployed copies
Why This Is Strategically Superior to Individual SaaS
- Customer acquisition cost near zero. Billing system already has 2,000+ supplier relationships. STTIL acquires those customers through one deal.
- No per-customer BAA management. White-label shifts compliance to the licensee. STTIL's HIPAA obligations are contained in the licensing agreement.
- Revenue concentration risk is real (single large customer dependency), but the upfront fee de-risks the first 12–18 months.
- Faster to scale than signing 200 individual SaaS customers.
What Proof-of-Concept Data Makes This Deal Easier to Close
A billing system will not pay $100K+ on a concept alone. The most useful proof points:
| Proof Point | Impact on Deal |
|---|---|
| 1–3 pilot supplier testimonials with denial reduction data | Moves floor from concept to validated tool |
| Worklist accuracy rate (coverage flags vs. actual claim outcomes) | Demonstrates technical reliability |
| Payer rule accuracy across Medicare + 1–2 MACs | Shows maintenance commitment |
| Prior authorization flag performance (post-April 2026) | Directly relevant to 2026 urgency narrative |
The zero-PHI pilot strategy (see hipaa-deployment-analysis-v1.md, Section 5) is specifically designed to generate this proof-of-concept data before STTIL is fully HIPAA compliant — enabling early deal conversations with billing system partners.
Initial Approach Strategy
- Niko Health first — smallest and most CGM-aligned; most likely to move quickly
- Request a product demo slot at NHIA 2026 or AAHomecare meeting
- Lead with the denial prevention ROI story + the April 2026 PA expansion urgency
- Offer a structured pilot: 30-day free integration, shared denial data results
- Brightree / WellSky: Approach through their partner/integration program after Niko validation. These require a more established proof base.
5. Phased Roadmap
PHASE 0 — FOUNDATION (Now → Month 2)
─────────────────────────────────────────────────────────────
Goal: Zero-PHI pilot ready; compliance posture documented
□ Finalize synthetic dataset for demo/pilot
□ HIPAA compliance stack selection (hosting + BAA)
□ BAA template legal review
□ Letter of Intent template for free pilots
□ Niko Health outreach initiated
─ No ePHI touches at this phase ─
Revenue: $0
PHASE 1 — PILOT (Month 2 → Month 5)
─────────────────────────────────────────────────────────────
Goal: 1–3 supplier pilots running; proof-of-concept data collected
□ 1–3 DMEPOS suppliers on free pilot (synthetic or anonymized data)
□ Denial flag accuracy validated against real claim outcomes
□ Testimonials / case study data collected
□ Billing system introductory meetings scheduled
□ HIPAA compliance stack operational (if transitioning to live ePHI)
Revenue: $0 (pilots are free)
Key gate: At least 1 supplier can document denial reduction
PHASE 2 — FIRST LICENSE (Month 5 → Month 12)
─────────────────────────────────────────────────────────────
Goal: First paying customer(s); billing system deal in pipeline
□ 1–5 paying SaaS customers (Model B) OR
□ Letter of Intent from billing system partner (Model C)
□ Full HIPAA compliance stack operational with signed BAAs
□ Annual risk assessment documented
□ Revenue begins
⚠️ CONSULT WIPA BEFORE PHASE 2 (see Section 7)
Revenue: $3,600–$18,000 ARR (SaaS) or $50K–$200K (licensing deal)
PHASE 3 — SCALE (Month 12+)
─────────────────────────────────────────────────────────────
Goal: Distribution licensing executed; recurring revenue stable
□ Billing system white-label deal closed
□ Royalty stream established
□ Signal payer rules updated for 2027 changes
□ Evaluate consortium / buying group strategy (Level 2/3)
Revenue: $100K+ ARR target
6. Revenue Milestone Table
| Phase | Timeline | Model | Revenue Target | Key Milestone |
|---|---|---|---|---|
| 0 — Foundation | Month 0–2 | — | $0 | Pilot ready, HIPAA posture documented |
| 1 — Pilot | Month 2–5 | Free pilot | $0 | Denial reduction data collected |
| 2A — First SaaS | Month 5–8 | Model B | $3,600–$18,000 ARR | 1–5 paying suppliers |
| 2B — Licensing LOI | Month 6–12 | Model C | $50K–$200K (one-time) | Billing system LOI signed |
| 3 — Distribution | Month 12–18 | Model C + B | $100K–$400K ARR | Royalty stream active |
| 4 — Scale | Month 18–24 | Model C primary | $360K+ ARR | 2,000+ suppliers via platform |
Note on Model A: Asset sale remains available at any phase. Post-pilot (Phase 1 complete), a realistic asset sale price is $45,000–$75,000. Post- first-license (Phase 2 complete), the range is $100,000–$200,000. Waiting for proof of concept before selling is almost always the right decision.
7. SSDI/SGA Risk Notes by Phase
Disclaimer: This is general context, not legal or benefits advice. SSDI/SGA rules are complex and individual. Always consult a WIPA (Work Incentive Planning and Assistance) counselor before generating business income that could affect benefit status.
| Phase | SSDI/SGA Consideration |
|---|---|
| Phase 0 — Foundation | Research, development, and documentation activity. No earned income generated. Standard Trial Work Period rules may not yet be triggered. Low risk. |
| Phase 1 — Pilot | Free pilots generate no revenue. Time invested is not compensated. Monitor if consulting or advisory services emerge from pilot relationships. |
| Phase 2 — First License | ⚠️ Revenue begins here. CONSULT WIPA BEFORE PHASE 2. SaaS subscription income and one-time licensing fees may count as earned income or Unearned Income depending on structure (see SSDI vs. SSI rules). LLC structure and active vs. passive income classification matter. |
| Phase 3 — Scale | Ongoing royalty income classification (earned vs. unearned) depends on the degree of active management. Royalty streams from IP licensing may be treated differently than SaaS subscription income. Requires WIPA guidance. |
Action item: Contact a WIPA counselor before signing a first customer or accepting any payment, regardless of structure. The Social Security Administration's treatment of self-employment income can be counterintuitive. WIPA counselors are free; find one at benefitsinfo.ssa.gov.
8. Founder Recommendation
For a solo, pre-revenue founder in 2026 who wants to retain IP and maximize long-term upside:
Pursue Model C (Distribution Licensing) as the primary path, using Model B pilots as the proof-of-concept engine.
The specific sequence:
-
Do not sell the asset yet (not Model A). A $35K asset sale before proof of concept is a permanent exit at the worst possible valuation moment. The upside of a billing system deal ($100K+ upfront + royalties) is an order of magnitude larger. The option to sell always remains open — take it off the table only when necessary.
-
Run 1–3 free pilots using the zero-PHI path (synthetic data, no ePHI contact). This costs nothing in compliance overhead and generates the denial-reduction proof points that make the billing system conversation credible.
-
Approach Niko Health first. They are the most CGM-focused billing platform and the most likely to move quickly on a licensing conversation with a validated pilot behind it. Use AAHomecare or NHIA conferences as access points.
-
Build the HIPAA compliance stack in parallel (6–11 weeks effort) so you can convert pilot suppliers to paying SaaS customers if the billing system deal moves slowly. Model B provides cash flow while Model C deal terms are negotiated.
-
Retain all IP. License only. Structure every agreement with field-of-use restrictions, royalty audit rights, and termination-for- cause with software reversion. Your ongoing payer rule updates are the stickiness mechanism — build this into the license structure.
The single most important action in the next 30 days: Execute one free pilot with a real DMEPOS supplier using synthetic or anonymized data. That pilot is the proof point that unlocks everything else.
Document version: v1 | April 2026 | STTIL Solutions LLC Cross-reference: hipaa-deployment-analysis-v1.md