Risks & Mitigation
What could go wrong, and how we handle it.
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Atlas.md adds practice management features | Medium | Medium | Atlas.md has been charting-focused for 14 years. Their small bootstrapped team prioritizes clinical features. Even if they start, we have 12+ months head start and 3x the feature set. By then, we're building clinical features to replace them entirely. |
| Hint Health builds similar features | Medium | Medium | Hint's strategy is platform/API billing, not all-in-one. They'd need to build an entirely new product category. Different DNA. |
| Elation adds DPC-native mode | Low | High | Elation's codebase is insurance-centric — retrofitting is harder than building fresh. Our speed advantage: we ship features in hours, they take quarters. |
| HIPAA compliance delays | High | Medium | Use Supabase HIPAA-ready tier (BAA included). Hire healthcare compliance consultant month 1. Phase 1 is non-PHI (practice management only) — clinical data comes in Phase 3. |
| Small practice reluctance to pay | Medium | Medium | Phase 1: we're $149/mo on top of Atlas.md ($300). ROI pitch: saves 10+ hrs/week. Phase 3: we replace Atlas.md, saving $300/mo net. Free 30-day trial removes risk. |
| CMO (Dr. P) availability limited | High | Medium | Dr. P continues practicing — that's the point (she's our power user and proof of concept). Deepak handles product and ops. Erik's B4M team handles engineering. Advisory role structured with clear time expectations. |
| Atlas.md data migration complexity | Medium | Low | Build Atlas.md CSV import as a first-class feature. DPC practices have small panels (200-600 patients). White-glove migration for first 50 practices. |
Regulatory Considerations
Phase 1 (Months 1-6): Platform handles practice management only — pipeline, communications, billing analytics. No Protected Health Information (PHI). No HIPAA requirements. Phase 2 (Months 7-9): HIPAA-compliant infrastructure via Supabase HIPAA tier. Encryption at rest (AES-256) and in transit (TLS 1.3). Audit logging. BAA executed. Required before clinical charting launches. Phase 3 (Month 12+): SOC 2 Type I certification. Annual penetration testing. Employee HIPAA training program.
Exit Scenarios
| Scenario | Timeline | Valuation Range |
|---|---|---|
| Acquisition by Atlas.md — they buy the practice management layer they never built | Year 2–3 | $8–15M (3–5x ARR) |
| Acquisition by Hint Health — complete the DPC stack (billing + practice mgmt) | Year 2–3 | $10–20M |
| Acquisition by Elation/athena — bolt-on DPC module for enterprise EMR | Year 3–4 | $15–30M |
| Series A & continued growth — expand to all membership medicine | Year 2 | $20–40M pre-money |
| Profitable lifestyle SaaS — 500 practices x $299/mo = $1.8M ARR at 92% margin | Year 3+ | Ongoing cash flow |
Starlight.MD isn't an idea — it's a working product managing a real DPC practice. Our CMO runs her practice on it every day alongside Atlas.md, proving exactly what's missing from today's tools. The DPC market is growing, Atlas.md hasn't innovated in years, and we have the clinical founder + product team + working prototype combination that healthcare software demands. We're raising $500K to turn a proven prototype into a scalable platform and capture the fastest-growing segment of American medicine.