Why I Built Recovery Ecosystem This Way
A case study in AI-native development methodology for a HIPAA-ready, multi-tenant SaaS platform built in 68 days.
160K+
Lines of Code
68
Days to MVP
12x
Productivity Multiplier
90%
Less Time
The Problem
80% of people who need addiction treatment don't get it.
Those who do get it go through a brutal cycle: inpatient → discharge → sober living → discharge → relapse → repeat. On average, it takes 5 attempts before they find durable recovery. This is ruinously expensive. While insurance covers treatment for some, the insurance companies are getting wise to giving an addict a vacation. Insurance and costs drive the length of treatment—not clinical reality.
We saw an opportunity to reach people where they were. We wanted to offer a treat-in-place solution that would allow them to keep their families, pets, and jobs. While their job and relationships might survive one round of inpatient treatment, the more they went and the longer they stayed, the less likely that remained true.
The 40-60% relapse rate within the first year isn't a failure of willpower. It's a failure of support systems that disappear the moment someone leaves treatment.
Held Hostage by No-Code
We started with GoHighLevel. It seemed perfect—quick to deploy, reasonable cost, decent automation. For a while, it worked.
Then it didn't. We couldn't control the data model. We couldn't ensure HIPAA compliance the way we needed. Every time we needed something beyond their template, we hit walls. Workarounds stacked on workarounds. The platform that was supposed to accelerate us became the thing slowing us down.
We were held hostage by software we didn't own.
When we couldn't deal anymore, I made the decision: we're going to build it ourselves. I knew it would be a large undertaking. I didn't realize it would be a very large undertaking.
The traditional SaaS development path: 12-18 months, 4-5 person team, $500K-$900K. That cost gets passed to facilities who pass it to patients or insurers who often don't pay.
The question I set out to answer: Can AI-assisted development compress that timeline and cost enough to change the unit economics of healthcare SaaS?
The Approach: AI-Native Development
This wasn't "vibe coding" or prompting ChatGPT for boilerplate. It was a structured methodology I call session-based development with three core components:
1. Architecture Decision Records (ADRs)
Every significant decision gets documented with context, trade-offs, and consequences. Not for compliance theater—because AI needs context to make good decisions across a multi-month project.
42 ADRs covering everything from database choice to HIPAA controls to why we rejected Jira for project tracking.
2. Session-Based Development
Instead of sprints or Kanban, work happens in documented sessions. Each session (typically 2-4 hours) produces:
- Objectives and outcomes
- Files modified
- Decisions made
- Story points completed
174 documented sessions with full context for every piece of work.
3. Signal Dashboard (Custom Project Tracking)
Traditional project tools failed for AI-assisted development:
| Tool | Problem |
|---|---|
| Jira | Manual admin, sprint-focused (we don't run sprints) |
| Notion | Not AI-friendly, no velocity tracking |
| GitHub Projects | No burn-up charts or forecasting |
So I built Signal—a dashboard where the AI edits JSON directly, commits, and the dashboard updates in 2-3 minutes. No clicking through Jira to update story points.
The Decisions: Key ADRs
ADR-0009: Multi-Tenant Architecture with Profile-Based RBAC
The Trade-off: Build complex role hierarchy from day one vs. bolt it on later.
The Decision: Profile-based user hierarchy where staff can have multiple profiles (ClinicianProfile, AdministratorProfile, BillingProfile). A clinical supervisor gets both clinician + admin profiles—they're not mutually exclusive.
Why it matters: Treatment centers have small teams. The front desk person might also do billing. The clinical director supervises and carries a caseload. Forcing "pick one role" doesn't match reality.
ADR-0015: HIPAA Compliance Progress
The Trade-off: Full HIPAA compliance before first customer vs. build iteratively alongside development.
The Result: HIPAA-ready with 90%+ coverage and 2-3 week audit readiness. 21 policies documented (9 active, 12 drafted). Ready to pass audit out of the gate when the time comes.
100%
Technical
100%
Administrative
75%
Physical
Key enhancements: UUID primary keys (prevents enumeration), TLS 1.3, Azure PostgreSQL TDE, comprehensive audit logging, SSO + 2FA enforced.
Remaining gaps are administrative (policy activation), not technical. We track this in an ADR addendum—because we follow up on our decisions.
ADR-0014: The AI Collaboration Contract
The Trade-off: Let AI make decisions vs. constrain AI with explicit rules.
The Decision: A documented "contract" specifying how Claude Code should work in this codebase.
DO
- Read ADRs before making architectural changes
- Commit every 30-60 minutes during active development
- Use TodoWrite for multi-step tasks
DON'T
- Work for 3+ hours without committing
- Start coding without reading existing implementation
- Assume work is safe without git commits
Why it matters: This ADR exists because of a data loss incident. 3 hours of sophisticated dashboard work was lost when Claude Code crashed and nothing was committed. Git is the only recovery mechanism.
ADR-0011: Passwordless Authentication
The Trade-off: Implementation complexity vs. user friction reduction.
The Decision: Different authentication flows for different user types, optimized for their context.
- Patients: SMS magic links with 3-day validity, reusable tokens
- Staff: Microsoft/Google SSO, with magic link fallback
- Family: Email magic links, single-use
Why it matters: Patients in recovery often have unstable lives—new phones, forgotten passwords, shared devices. Traditional authentication creates friction that kills engagement. Patients need convenience (they're in crisis, not managing enterprise security). Staff need audit trails. The system handles both.
ADR-0004: Django Monolith Over Microservices
The Trade-off: Scalability ceilings vs. development velocity.
The Decision: A Django monolith with clear app boundaries instead of microservices.
- Single deployment unit (critical for a small team)
- Shared authentication and authorization
- Database transactions that actually work
- One codebase to understand
Why it matters: The microservices instinct is strong when building "enterprise" software. We resisted. When we need to scale specific components (like SMS sending), we extract them. But we don't pay the coordination tax until we need to.
ADR-0038: Azure OpenAI Over Alternatives
The Trade-off: Vendor lock-in vs. compliance simplicity.
The Decision: Azure OpenAI GPT-4o for clinical intelligence features.
| Requirement | Why Azure OpenAI Won |
|---|---|
| HIPAA compliance | Microsoft BAA covers Azure OpenAI |
| Cost | GPT-4o is 5x cheaper than GPT-4 |
| Latency | Azure region co-location with backend |
| Function calling | Native support for structured tool use |
Why not Claude? I use Claude Code for development, but for production AI features, Azure OpenAI's HIPAA BAA story is clearer. Anthropic's healthcare compliance story was less mature at decision time.
The Evidence
| Metric | Value | Context |
|---|---|---|
| Total Commits | 1,315+ | Comprehensive version history |
| Development Time | 500+ hours | Single developer + AI |
| Traditional Estimate | 5,200 hours | Industry standard 2 hrs/story point |
| Productivity Multiplier | 12x | vs. traditional development |
| Database Models | 78+ | Complex relational schema |
| API Endpoints | 150+ | RESTful + webhook integrations |
Code Distribution
78,000+
Backend (Python/Django)
26,000+
Frontend (Astro/TS)
56,000+
Templates (Django HTML)
Time & Resource Comparison
Traditional Approach
- Team: 4-5 developers
- Timeline: 12-18 months
- Hours: ~5,200 (industry standard)
- Cost: $480,000-$900,000
This Approach
- Team: 1 developer + AI
- Timeline: 68 days to MVP
- Hours: ~500 (documented sessions)
- 12x productivity multiplier
I built this as a founder with sweat equity—cloud hosting and AI tools cost a few hundred dollars a month. Traditional cost range reflects team composition: onshore at the high end, offshore at the low end (but offshore carries significant management overhead that often erases the savings).
Key Takeaways for AI-Native Development
1. ADRs are essential context for AI
Without documented decisions, the AI makes locally optimal choices that conflict with global architecture. ADRs are how you scale AI reasoning across months of work.
2. Commit frequently, document sessions
AI context is ephemeral. Git is permanent. When a session crashes, you lose everything that wasn't committed. Session documentation provides the context to continue work.
3. Build AI-friendly tooling
If your project management requires clicking through a UI, you've created a bottleneck. JSON files that AI can programmatically edit remove that friction.
4. HIPAA readiness is a journey, not a checkbox
We built to 90%+ coverage with 2-3 week audit readiness—ready to pass out of the gate when the time comes. The key: document the gap honestly, track progress in ADR addendums, and close it as you build. Remaining gaps are administrative (policy activation), not technical.
5. 12x productivity is real, but requires methodology
This wasn't just "use Claude to write code faster." It was structured ADRs, session tracking, custom tooling, and learning from failures (like the 3-hour data loss incident that spawned new commit discipline).
Honest Status: What's Working, What's Being Validated
Recovery Ecosystem is in pilot. We have early users, but we're not at scale yet. Here's the honest picture:
What's Working
- • Patients get daily touchpoints that maintain engagement
- • Families get transparency into their loved one's progress
- • Clinicians get objective data instead of guesswork
- • Multi-tenant architecture scaling to test organizations
- • SMS delivery via Twilio with magic link authentication
- • SOBER score calculation and visualization
- • Staff SSO via Microsoft/Google
Still Being Validated
- • Scale economics across different funding models
- • Insurance reimbursement integration (CPT codes)
- • Clinical outcomes correlation with engagement metrics
- • Multi-language adoption (7 languages implemented, not tested)
- • B2C, non-profit, government, and insurance pathways
Initial feedback has been positive. We provide something no one else does: visibility and connection during a very difficult time.
The honest truth about building healthcare software:
- Compliance is a feature, not a bug. The extra work creates a moat.
- AI assistance is real, and the methodology matters. With proper session discipline, ADRs, and context management, 10-12x productivity is achievable. I have the receipts: 160,000+ lines of production code, 174 documented sessions, shipped to paying customers.
- Solo development has limits. The architecture supports a team. Soon we'll need one.
The platform works. The question now is growth—more treatment centers, more patients, more evidence that this approach to recovery support actually improves outcomes.
If you're considering building healthcare software, or wrestling with the build-vs-buy decision, I hope this case study is useful. The answer isn't always "build." But sometimes the alternative is staying hostage to software that doesn't serve your mission.
We chose to build. It was harder than expected. It was worth it.
Bert Carroll
CTO & Co-Founder of Orbiit Recovery and principal at Ask the Human LLC. Building software for 20+ years and healthcare technology for the past 10.
This case study reflects the state of Recovery Ecosystem as of January 2025. The platform is in active pilot with validation ongoing.
Building something complex?
I take a maximum of 2 major platform builds per year. Let's see if your project is a fit.
Book a Napkin Session