What 'production-ready' actually means for healthcare software

Source: Dev.to

In most apps, a small bug is an inconvenience. In healthcare software, the Here’s what that day actually looked like, and the bugs that taught us the most. Early on, our “normal vs abnormal” vital-sign bands were reasonable but not standard. In clinical software, “reasonable” isn’t good enough. We re-aligned every threshold to NEWS2 (National Early Warning Score) — the Lesson: in a regulated domain, don’t invent your own constants. Find the spo2 === 91 should escalate, 92 should not). Several of our “per day” features (bed-day billing accrual, daily reports, UTC. For a We moved everything to roll over at each facility’s local midnight, DST noticing it is. The only reliable way we found Two requests admitting the same patient to the same bed at the same millisecond SELECT then INSERT) lose this race. partial unique index that lets the DB reject the second write: one bed → at most one ACTIVE admission, enforced in Postgres, not in Node. Application guards are for friendly error messages. The database is for truth. Part of the audit was purely adversarial: log in as role X, try to read role Y’s 404, not 403, for exists, which is its own None of this makes a good screenshot. There’s no “we did the security and We’d rather be slow and correct than fast and sorry. Building BioMedixAI in public. More notes as we go.