How to Build a Digital Health Clinic Platform from Scratch in 2026

The digital health clinic is the defining healthcare business model of the decade. Hims and Hers closed 2025 at roughly $1.5B in revenue, Ro crossed $700M, and a long tail of category specialists like Nurx, Alpha, and Found have carved out nine-figure niches around hormones, mental health, dermatology, and weight management. What all of these companies share is not a breakthrough in medicine. It is a breakthrough in packaging. They took a familiar clinical workflow, wrapped it in consumer software, paired it with a pharmacy, and sold it on a subscription.

If you are reading this in 2026, the opportunity is not to clone Hims. The opportunity is to apply the same operating system to a category where patient experience is still broken. That might be cardiometabolic care, post-menopausal hormone replacement, pediatric ADHD, chronic pain, fertility, or specialty dermatology. In every one of these categories the legacy path is the same: book a visit six weeks out, take a day off work, wait in a lobby, see a provider for nine minutes, get a paper prescription, drive to CVS, and repeat in ninety days. A digital clinic collapses that loop to a fifteen minute asynchronous intake and a package on the doorstep.

The business model has three revenue engines working together. The first is the medical visit itself, billed as a cash pay consultation of anywhere from $25 to $200. The second is the subscription medication, where a ninety day supply of a generic sold for $15 in wholesale cost becomes a $60 to $180 monthly charge. The third, which emerges once you have scale, is ancillary services like labs, device shipments, coaching, or follow up care. The margins compound. A patient acquired for $150 in paid search who stays on a $90 monthly subscription for eleven months produces roughly $990 in revenue against a cost of goods of maybe $220, and the provider consultation is a fixed cost amortized over the full subscription life. That is the math that built Hims, and it is the math you need to internalize before you write a line of code.

A production digital clinic is not a single application. It is an orchestration of five independent domains that each have their own data model, compliance surface, and vendor ecosystem. The patient facing web and mobile experience handles intake, checkout, messaging, and subscription management. The clinician portal handles chart review, visit documentation, and prescribing. The pharmacy integration handles prescription transmission and fulfillment status. The billing layer handles subscription lifecycle and refill cadence. The compliance layer handles identity verification, audit logs, and BAA governed data flows.

For the patient layer, most 2026 teams are shipping a Next.js application deployed on Vercel with a BAA in place, backed by a HIPAA eligible Postgres instance on AWS RDS or Neon. The clinician portal is usually a second Next.js app mounted on a subdomain like clinician.yourbrand.com with its own authentication boundary. We strongly recommend separating these two applications at the network level even though they share a database, because the security posture and release cadence are fundamentally different. Patients get weekly marketing experiments. Clinicians get monthly releases after regression testing.

Underneath sits your core API, typically a Node.js or Python service with domain modules for patients, visits, prescriptions, subscriptions, and shipments. Every outbound integration runs through a dedicated adapter: DrFirst or Surescripts for e-prescribing, Truepill or Honeybee Health for pharmacy fulfillment, Stripe Billing or Recurly for subscriptions, Twilio Video or Doxy.me for synchronous visits, Medallion for provider licensing, and Datavant if you need real world data partnerships later. The rule we follow at Kanopy Labs is that no product code ever calls a vendor SDK directly. Everything goes through an adapter that enforces logging, retry semantics, and the ability to swap vendors when a contract negotiation goes sideways.

Data residency deserves its own paragraph. Every component that touches PHI needs to live inside your BAA perimeter. That means AWS HIPAA BAA coverage for compute and storage, HIPAA Vault or a similar vendor for file storage of intake photos and ID verification, and a careful audit of analytics tooling. Standard Google Analytics and Segment configurations will leak PHI. You need server side tagging, hashed identifiers, and a PHI free event schema for product analytics.

The single most important product decision in a digital clinic build is how you structure the visit itself. There are two modalities and you will almost certainly need both. Async visits, sometimes called store and forward, are the workhorse. A patient completes a structured intake with medical history, current medications, allergies, and category specific questions. They upload a photo ID and sometimes a clinical photo such as a skin lesion or a pill bottle. The entire packet is dropped into a clinician queue, and a licensed provider in the patient's state reviews it on their own schedule. The provider either approves treatment, sends a secure message for clarification, or escalates to a synchronous visit.

Async wins on unit economics. A trained clinician can complete fifteen to twenty async reviews per hour at a fully loaded cost of around $8 to $12 per visit. Synchronous visits cost three to five times more and are rate limited by scheduling. But some states and some clinical categories require synchronous interaction. For a deeper walkthrough of the video specific architecture, our companion piece on how to build a telemedicine app covers WebRTC selection, TURN server strategy, and recording compliance in detail.

For sync, the vendor landscape has consolidated. Twilio Video remains the default for teams that want programmable primitives and are willing to build their own UI. Doxy.me and Whereby are the fastest paths to a BAA covered embedded video experience if you want to launch in weeks rather than quarters. Whichever you choose, budget engineering time for the edge cases: network failure mid visit, clinician connection drop, patient hardware failures, and the requirement to capture a visit note whether or not the video connected. The note is the billable artifact. The video is the container.

The data model we recommend treats a Visit as a state machine with explicit transitions: intake_started, intake_submitted, in_review, clinician_hold, clinician_approved, clinician_denied, prescription_sent, visit_closed. Every transition is logged with the acting user, the timestamp, and an immutable reason code. This single design decision will save you months of pain when you go through HITRUST certification or a state medical board inquiry.

Nothing derails a digital clinic launch faster than provider licensing. In the United States, a physician or nurse practitioner is licensed state by state. A clinician licensed in California cannot treat a patient physically located in Oregon unless they also hold an Oregon license or a valid interstate compact privilege. The Interstate Medical Licensure Compact now covers forty one states for physicians, and the Nurse Licensure Compact covers most states for nurses, but compact privileges still require active tracking and renewal.

The operational reality is that you need a workforce of clinicians whose combined licensure footprint covers every state you want to serve, and you need software that routes each incoming visit to a clinician licensed in the patient's state at the time of the encounter. If you try to manage this in a spreadsheet you will eventually route a New York patient to a clinician licensed only in Texas, and you will have committed the unauthorized practice of medicine. That is a felony in most states.

Medallion has become the default vendor for credentialing and license management. They track primary source verification, DEA registrations, state license expirations, and malpractice coverage, and expose it all through an API that your visit router can query in real time. Wheel is the parallel option if you do not want to employ clinicians directly. Wheel maintains a multi-state clinician network and will absorb the credentialing burden entirely, billing you per completed visit. The tradeoff is margin. Wheel takes a meaningful slice of each consultation fee, but in exchange you get a day one multi-state launch.

For controlled substances the rules tighten further. The Ryan Haight Act and its 2024 successor rules require an in person examination before a controlled substance can be prescribed via telemedicine, with narrow exceptions for buprenorphine and some other Schedule III through V drugs. If your clinical category involves Schedule II stimulants, GLP-1 compounds that DEA has since scheduled, or benzodiazepines, your compliance surface expands substantially and you should budget for outside regulatory counsel before writing a single line of intake code.

The moment a clinician approves treatment, a second system takes over. Your platform needs to transmit the prescription electronically to a pharmacy, confirm receipt, track fulfillment, and surface shipping status back to the patient. This is the e-prescribing and fulfillment stack, and it is where most first time founders underestimate complexity by an order of magnitude.

Electronic prescriptions in the United States travel over the Surescripts network, which is the clearinghouse that connects prescribers to virtually every pharmacy. You do not integrate with Surescripts directly unless you are a very large health system. Instead you integrate with a certified e-prescribing vendor that sits on top of Surescripts. DrFirst is the most common choice for digital clinics because they offer Rcopia, a standalone prescriber application that can be embedded or API integrated, with support for EPCS which is the standard for controlled substance prescribing.

For fulfillment you have three architectural options. The first is to partner with a third party mail order pharmacy such as Truepill, Honeybee Health, or Capsule. These vendors accept prescriptions via Surescripts or a direct API, pick and pack the medication, and ship it to the patient. The second is to build your own pharmacy, which requires a 503A or 503B license, pharmacist in charge, physical facility, and a DEA registration if you handle controlled substances. The third, increasingly popular, is a hybrid where you operate your own compounding pharmacy for differentiated formulations and use Truepill as overflow for generics.

The patient facing surface needs to represent this entire lifecycle honestly. When a prescription is transmitted, the patient should see a status of prescription sent. When the pharmacy confirms receipt, it becomes at pharmacy. When the label prints, it becomes preparing. When the tracking number comes back, the patient sees shipped with a link to the carrier. When delivery confirms, it becomes delivered. Every one of these transitions should trigger a transactional message so the patient never has to wonder where their medication is. This is the single biggest driver of reduced support contacts in a digital clinic, and it is also the thing most early platforms do worst.

The revenue engine of a digital clinic is the subscription. This is not a simple Stripe subscription with a monthly charge. It is a clinically governed subscription where the billing cadence, the shipment cadence, and the prescription refill calendar must remain in sync, and any clinical event, such as a provider pausing treatment, must propagate across all three.

Stripe Billing is the most common substrate because its webhook surface and invoicing primitives are mature. Recurly is a strong alternative for teams that want more out of the box dunning and coupon logic. Whichever you choose, you will be writing meaningful custom code on top. The subscription primitives you need include a clinical state that can override billing, a shipment schedule that is distinct from the billing schedule, a refill counter that decrements with each shipment and triggers a re-evaluation visit at zero, and a pause and resume semantic that preserves the original pricing.

A typical lifecycle looks like this. Patient completes checkout and is charged for the first ninety day supply. Day one, a prescription is written with three refills. Days one through three, pharmacy ships the first bottle. Day eighty, the platform charges the card for the next quarter. Day eighty three, pharmacy ships the second bottle. This continues until the refills are exhausted at roughly day three hundred thirty, at which point the platform routes the patient back into an async re-evaluation visit. If the clinician re-approves, a new prescription is written and the cycle continues. If not, the subscription auto cancels.

We have written more about the specific engineering patterns in how to implement subscription billing, but the digital clinic specific wrinkle is the clinical override. A clinician must be able to pause a subscription, cancel a subscription, or force a re-evaluation before the scheduled interval, and every one of those actions must cleanly roll back any pending shipments and billing events. The worst bug in a digital clinic is billing a patient for medication a clinician has told them to stop taking.

HIPAA compliance is not a feature. It is the ambient condition in which every decision is made. If you treat it as a box to check at the end you will fail, and you will fail expensively. The right mental model is that every architectural decision, every vendor selection, and every employee onboarding process is made through a HIPAA lens from day one.

The technical floor is well documented. You need encryption at rest and in transit, you need role based access control with least privilege, you need audit logging of every read and write to PHI, you need automated backup with documented recovery testing, and you need a breach notification protocol. You need a signed Business Associate Agreement with every vendor that touches PHI, including your cloud provider, your database host, your email vendor, your analytics vendor, and your error tracking vendor. AWS HIPAA BAA, HIPAA Vault, Vercel's enterprise BAA, and Stripe's BAA are all part of a production stack.

The operational floor is less documented and matters more. You need named security roles, documented policies for workstation use, device management for any laptop that can authenticate to production, annual security training, and a formal risk assessment that is updated at least yearly. When a state attorney general or OCR opens an inquiry, they will ask for these documents before they ask for your code.

Beyond HIPAA the regulatory surface includes state medical boards, state pharmacy boards, the FDA for any device or compounded product, the FTC for advertising substantiation, and state telehealth specific laws that continue to evolve. California's AB 3030 and similar state statutes now require explicit disclosure when AI is involved in a clinical interaction. For a deeper budgetary breakdown of what all of this actually costs, see our piece on HIPAA compliance costs. Expect to spend between $80,000 and $250,000 in the first year just on compliance tooling, legal review, and certification work, and do not cut corners here.

The most overbuilt digital clinics in the market are not the ones with the worst clinical product. They are the ones that built beautiful software and then discovered they could not acquire patients profitably. Go-to-market is not downstream of engineering. It is the load bearing wall of the business.

Customer acquisition for a digital clinic in 2026 runs primarily through paid social, paid search, and influencer programs. Meta and TikTok are the volume channels for lifestyle categories like hair loss, sexual wellness, and skincare. Google remains strong for high intent queries where a patient has already decided they want treatment. A fully loaded blended CAC for a mid stage digital clinic typically falls between $120 and $280, and the unit economics only work if your payback period is under six months and your twelve month LTV exceeds $700.

The levers on LTV are medical adherence, formulation differentiation, and cross sell. Adherence is the boring one that matters most. A patient who misses a dose is a patient who churns, so your refill reminders, your shipment cadence, and your clinician messaging are all LTV instruments. Formulation differentiation is how you avoid competing purely on price. If your platform is the only one offering a specific combination therapy or a specific dose titration protocol, you command premium pricing. Cross sell is what compounds. Once a patient trusts you for one category, the CAC on the second category is essentially zero, which is why Hims expanded from hair loss into sexual wellness, mental health, skincare, and weight loss over a six year arc.

Engineering decisions have a direct and measurable impact on all three levers. A checkout that converts at eight percent instead of five percent cuts your effective CAC by nearly forty percent. A refill flow that brings abandoned subscriptions back online raises LTV materially. A cross sell prompt placed at the right moment in the post visit flow can double the second product attach rate. If you want a broader framing of the patient facing surface, our guide on how to build a healthcare app covers the mobile and web patterns that drive conversion without crossing compliance lines.

The teams that win in this decade are the ones that treat the digital clinic as a tightly coupled system of software, clinical operations, pharmacy logistics, and growth marketing. No single layer is enough. The platform you build should make every layer better, and the discipline to get the foundation right is what separates a company that scales cleanly past $100M from a company that hits $10M and stalls. If you are thinking about building in this space and want to pressure test your architecture before you commit, book a free strategy call and we will walk through your category, your unit economics, and the specific build plan that gets you to launch.