Residency Advisor
It is 8:45 p.m. You just finished evening clinic, you are three months into your first attending job, and your EMR has just thrown its seventh useless “renal dosing” alert of the day for a patient with a perfectly normal creatinine. You click through. Again. On the drive home you catch yourself thinking: “This is terrible. I could build something better.”
If that is where you are, this is the right conversation: how to take a clinical decision support (CDS) idea, turn it into a real product, and get it living inside an EMR where it actually changes care rather than annoys everyone.
Let me break this down specifically.
1. What “Clinical Decision Support” Really Is (And Is Not)
A lot of people use “CDS” as a vague buzzword. Investors, too. That kills products.
Clinical decision support, in the way EMRs and hospitals care about it, is not “AI that looks cool.” It is a very specific class of tools that:
- Accept structured clinical inputs (patient data, orders, context).
- Apply some logic (rules, algorithms, or models).
- Produce a recommendation or action at the right time and place in the workflow.
You can think in four practical buckets:
Interruptive alerts
Drug–drug interactions, sepsis warnings, VTE prophylaxis prompts. Pop‑ups. Often hated. Often necessary.Passive guidance
Order sets, default choices, care pathways, risk scores on the sidebar, calculators embedded in notes.Automated actions
“If X then auto-order Y” type rules. For example, reflex TSH with free T4, or auto-enroll eligible patients in a care management registry.Documentation and coding assistance
Smart phrases, suggested ICD-10 codes, nudges to complete components of a note for quality measures.
Almost every EMR implementation committee thinks in these categories, whether they say it aloud or not.
What CDS is not: a standalone website with a calculator that expects clinicians to open a browser tab and manually copy-paste data from the EMR. That can be a nice prototype. It is not a product hospitals will pay real money for at scale in 2026.
2. Picking the Right Problem: Use Case Before Technology
Post-residency, your reflex is to start with pathology or a sexy model: “Let’s do AI sepsis prediction” or “Let’s auto-diagnose chest X-rays.” That is how you build something cool that never leaves PowerPoint.
Start with one harsh question:
What exact decision, by which clinician, at what moment in the workflow, do you want to affect?
Real example:
“In the ED, between triage and disposition, we want to reduce missed aortic dissections by flagging high-risk chest pain patients for CT angiography review.”
That sentence defines:
- Care setting: ED.
- Actor: ED attending / advanced practice provider.
- Time in workflow: before disposition.
- Action: consideration of CT angio.
- Outcome: reduce missed dissections.
Now you can interrogate it like an adult:
- How often does this decision occur?
- What is the current miss rate, CT overuse rate, or medico-legal exposure?
- What structured data exists at that time? Vital signs, nurse triage note, EKG, PMH, problem list?
You want problems that are:
- High impact (quality, revenue, liability, or operational pain).
- Frequent enough to matter but not so broad that the alert fires on half the patient list.
- Dependent on data the EMR actually has, in structured form.
- Tightly time-bound in the workflow.
If you cannot describe the “moment in the EMR” when your tool acts, you are still at the napkin-sketch stage.
3. Architecture: Where CDS Logic Actually Lives
Before writing a single line of code, you need to decide: where will your CDS brain live relative to the EMR?
At a high level there are three realistic patterns.
3.1 On-platform (native build)
This is when you build directly inside a given EMR’s rules engine or BPA (Best Practice Advisory) framework.
- Epic: BPA rules, Rule Editor, SmartSets, SmartLinks, SmartForms.
- Cerner: Discern rules.
- Meditech, Allscripts, others: their own logic engines.
Pros:
Fastest, most stable, no HL7/FHIR headaches, tightest workflow integration. Hospitals like it because it is “in Epic / in Cerner”.
Cons:
No scalable startup here unless you are a consulting group. Your IP is configuration, not software. Hard to sell that as a standalone product.
3.2 Sidecar / SMART-on-FHIR app
This is the classic SMART-on-FHIR model: you build a web app that launches inside the EMR frame (often via an icon or activity tab), pulls data via FHIR, runs logic, and shows results in your own UI.
Hospital grants it permissions via OAuth2. The app sees the patient context, reads data via Observation, Condition, MedicationRequest, etc., maybe writes back ServiceRequest, Task, or Communication.
Pros:
- Portable across vendors that support SMART-on-FHIR.
- You control release cycle, logic, UI.
- Real software IP, suitable for a startup.
Cons:
- Launch is usually user-initiated (they click the app). Many clinicians will not click anything.
- To be “interruptive” you typically need additional hooks (CDS Hooks, in-EMR BPA that calls your app, etc.).
- You live and die by the EMR’s FHIR implementation quality.
3.3 External CDS service triggered via APIs / Hooks
This is where it gets serious.
The basic idea:
The EMR or a rules engine sends a standardized request (often via CDS Hooks or custom web service) to your external CDS service when certain events occur: “medication-prescribe”, “order-select”, “patient-view”. Your service evaluates context, runs logic or models, returns cards (recommendations / actions), and the EMR displays them.
This is how most modern third-party CDS startups operate.
Pros:
- Works across institutions.
- Can be partially vendor-agnostic if you embrace standards (CDS Hooks, FHIR).
- Lets you run heavy logic, ML models, and keep data science separate from the EMR.
Cons:
- Requires proper integration work per site.
- You must handle security, uptime, logging, auditability to a healthcare-grade standard.
- Regulatory and contracting overhead is non-trivial.
| Approach | Portability | Workflow Integration | Startup Viability |
|---|---|---|---|
| EMR-native rules | Low | Excellent | Low |
| SMART-on-FHIR app | Moderate | Moderate | High |
| External CDS via Hooks/APIs | High | Excellent with effort | Very High |
If you want a venture-backable product, you will usually end up with a hybrid: external CDS logic + SMART-on-FHIR UI + EMR-native triggers.
4. Data Plumbing: HL7, FHIR, CDS Hooks Without the Buzzword Fog
Here is what you actually need to understand technically, not the entire HL7 standards library.
4.1 FHIR: the data feed
FHIR is your main structured data access point. At minimum you need:
- Patient context:
Patient,Encounter. - Vitals and labs:
Observation. - Diagnoses / problems:
Condition. - Medications:
MedicationRequest,MedicationStatement. - Procedures / imaging orders:
ServiceRequest,Procedure. - Demographics / risk factors: sometimes shoehorned into
ObservationorCondition.
The pattern looks like this:
- EMR or SMART launcher passes patient + encounter ID.
- Your service uses those IDs to call the hospital FHIR server.
- You transform those resources into feature vectors for your rules / model.
Keep a mapping layer. Do not scatter FHIR parsing across your code. Every hospital will have quirks: local codes, different profile extensions, missing fields. If your data layer is clean, you can onboard sites faster.
4.2 CDS Hooks: the trigger and response contract
CDS Hooks is a spec that defines:
- A set of hooks (events) in the EMR (e.g.,
order-sign,order-select,medication-prescribe,patient-view). - A JSON context payload (often with FHIR resources inline or references).
- A response: cards that the EMR renders (alerts, suggestions, informational text, possible actions).
Think of it as: “When the clinician is about to sign orders, the EMR calls my URL with relevant context. I reply with: ‘Show this warning and offer these alternative orders’.”
| Step | Description |
|---|---|
| Step 1 | Clinician orders medication |
| Step 2 | EMR fires order-sign hook |
| Step 3 | CDS Service endpoint |
| Step 4 | Evaluate rules or model |
| Step 5 | Return CDS cards |
| Step 6 | EMR displays alert or suggestion |
| Step 7 | Clinician accepts, modifies, or overrides |
Learn the spec. Then build small. For many use cases, a single hook like order-sign or patient-view is enough.
4.3 The minimal viable integration stack
You do not need ten integration patterns. If you want to ship something, you need:
- One or two CDS Hooks integrations (e.g.,
order-signandpatient-view). - Read-only FHIR for initial versions (write later if you must create orders).
- Authentication via OAuth2 client credentials or similar, with IP allowlisting.
- A health check endpoint, logging, and clear monitoring.
Do those well, and you are ahead of 80% of early-stage “AI for healthcare” companies that never get through an actual security review.
5. Designing CDS That Clinicians Do Not Hate
Most CDS fails not because the model is wrong, but because the UX is awful. You know this from using EMRs yourself.
Let us get concrete.
| Category | Value |
|---|---|
| Too frequent | 85 |
| Low relevance | 72 |
| Bad timing | 60 |
| Too generic | 55 |
| Hard to act on | 40 |
5.1 Relevance and precision
If your alert fires often and is right half the time, it will be ignored.
You must tune:
- Trigger criteria: Use multiple signals, not single-threshold logic. Instead of firing on one abnormal lab, combine vitals, PMH, medication list, and recent orders to narrow to true high-risk scenarios.
- Exclusion criteria: These are gold. Suppress your alert if:
- Specialist already involved.
- Condition has appropriate plan documented.
- The action you recommend is already ordered or recently done.
Example: an AKI nephro-consult suggestion. Do not fire if nephrology is already on the treatment team or eConsult placed. That one suppression rule can halve your noise.
5.2 Timing and location in workflow
Be specific:
- Sepsis risk score? Show it on patient-list and on chart-open, not at order sign when they are trying to disposition.
- Antibiotic stewardship suggestion? Order-select or order-sign, when they are choosing the drug, not eight minutes later.
- High-risk med black-box warning? First time they prescribe that drug, then rarely.
Use CDS Hooks and EMR vendor UX idioms to put your content where the clinician’s eyes already are. If they have to go looking for it, you have already lost.
5.3 Actionability
Every CDS card should answer:
- What is the risk / issue?
- What are you recommending?
- What is the easiest way to do it now?
So design:
- An explicit primary action: “Change to cefepime 2 g q8h (adjusted for CrCl).”
- A “more info” or link to a brief evidence summary, not a 40-page PDF.
- A simple override reason capture that does not require a novel.
If your CDS card does not let the clinician act in one click, it is documentation, not support.
5.4 Alert fatigue management from day one
Sophisticated systems:
- Cap the number of interruptive alerts per encounter.
- Allow role-based suppression (e.g., show intensivists fewer generic warnings).
- Track click-through and override rates by rule.
You should implement, from version 0.1:
- Basic analytics dashboard: for each rule / card, show:
- Firing rate per 100 encounters.
- Acceptance rate.
- Override rate and free-text comments.
- A path to quickly tune or disable underperforming rules per client.
Hospitals will ask for this during pilots. If you show up with raw logs in CSV, you look like an amateur.
6. Regulatory and Safety: When Does CDS Become a Medical Device?
You cannot build CDS in a vacuum. In the U.S., the FDA cares if your tool crosses from “non-device CDS” into “Software as a Medical Device (SaMD).”
The essence of non-device CDS under FDA guidance:
- Clinician can independently review the basis for the recommendation.
- The tool is not replacing the clinician’s decision but helping them.
If:
- You explain the logic (or at least the inputs and general reasoning).
- The clinician can reasonably verify the underlying evidence or rationale.
- The tool is targeted to HCPs, not patients.
…you may fall under non-device CDS, which is lighter on formal regulation.
If, on the other hand:
- Your tool uses a black-box ML model with no explainability.
- You are making autonomous treatment decisions or diagnoses.
- The clinician cannot reasonably understand how the recommendation was reached.
…you are much more likely in SaMD territory, with all the regulatory overhead that implies (classification, QMS, documentation, etc.).
Be explicit with yourself and your investors about where you sit. Do not hand-wave this. I have seen fundraising rounds torpedoed when an investor’s regulatory advisor actually read your slide that said “autonomous AI triage.”
At a minimum, even as non-device CDS, you need:
- Version-controlled logic.
- Change management.
- Validation and test artifacts.
- Post-deployment surveillance for “safety events” tied to your CDS.
If a bad recommendation contributes to patient harm, people will ask what you knew and how you tested it.
7. EMR Integration in Practice: From First Email to Go-Live
This is where most clinicians-turned-founders underestimate the grind.
| Task | Details |
|---|---|
| Setup: NDA and BAA | a1, 2026-01, 1m |
| Setup: Security Review | a2, 2026-02, 2m |
| Build: Technical Integration | b1, 2026-04, 2m |
| Build: Test Environment | b2, after b1, 1m |
| Launch: Pilot Go Live | c1, 2026-07, 1m |
| Launch: Evaluate and Scale | c2, after c1, 3m |
7.1 Stakeholders you must satisfy
You are not just convincing “the hospital.”
You are dealing with:
- CMIO / clinical informatics committee (clinical safety, workflow).
- IT / integration (HL7, FHIR, CDS Hooks, VPNs, SSO).
- Security / compliance (penetration testing, audits, BAA).
- Legal (contract terms, indemnity, PHI usage).
- Finance / purchasing (pricing model, ROI).
- Clinical champions in the relevant department (they get you in the door and defend you).
If your product requires changing order sets, workflows, or policies, you will also face specific subcommittees (pharmacy & therapeutics, critical care, OR, etc.).
You need at least one strong clinician champion on the inside. Preferably two.
7.2 Technical build pattern that actually works
Let me give you the realistic path at a mid-sized Epic site:
- You start in a non-production Epic environment (often called “playground”, “Ply”, or “DEV”).
- IT configures a basic FHIR client and CDS Hooks service in Epic.
- You publish one or two CDS rules as test hooks.
- A couple of informatics fellows or superusers test in the sandbox.
- You tweak context handling, handle weird edge cases (e.g., duplicate MRNs, odd local code systems).
- Security signs off that you are not exfiltrating data to some random S3 bucket in another continent.
- Only then do you move to a limited pilot in production, usually:
- One unit (e.g., MICU).
- One service line (e.g., hospital medicine).
- Specific shifts or providers.
You gather metrics over 60–90 days:
- Alert fire rate.
- Acceptance rate.
- Changes in target outcome (e.g., renal dosing errors, time to antibiotics, CT utilization).
If your tool is good, you show a clear signal even in a small pilot. That gets you the champion’s backing to expand.
7.3 Commercial structure: how hospitals expect to pay
Hospitals will evaluate you against the headache you are creating. That means your pricing must be:
- Predictable (annual license, per-bed, per-member-per-month).
- Justifiable (linked to avoided costs, increased revenue, or quality incentives).
Classic routes:
- Quality-related: reduce CLABSI, AKI, readmissions → shared savings or ROI tied to penalties avoided.
- Revenue-related: better documentation, capture of CC/MCC, appropriate procedures → incremental revenue.
- Operational: shorter LOS, fewer unnecessary tests.
Never forget: your buyer is not the attending at the bedside. It is the administrator who must explain to the CFO why this line item exists.
8. Building as a Post-Residency Founder: How to Actually Start
You are coming out of training. Limited cash, but deep domain knowledge. Use that correctly.
| Category | Value |
|---|---|
| Clinical work | 40 |
| Product design | 20 |
| Technical build | 15 |
| Sales/BD | 15 |
| Regulatory & documentation | 10 |
8.1 Stay part-time clinical initially
That is not romantic advice; it is survival and credibility.
- You need income while your startup pays zero.
- You need fresh exposure to pain points, not nostalgia from residency.
- It is far easier to win a pilot if you can say, “I am on staff here and see these issues weekly.”
Common pattern: 0.5–0.6 FTE clinical, the rest on the company. You will be tired. But you will also have leverage.
8.2 Nail one use case, in one department, at one institution
Resist the temptation to “build a platform” first. Platforms are what successful use cases crystallize into later.
Pick:
- One domain you know deeply (ICU, ED, oncology, anesthesia).
- One decision point with obvious pain and measurable outcomes.
- One hospital where you have relationships, or can build them quickly.
Examples of focused products that could actually fly:
- ICU: real-time AKI prevention assistant that suggests nephrotoxic med changes and fluid management tweaks.
- ED: syncope risk stratification with smart discharge instructions and follow-up tasks.
- Oncology: treatment regimen checker that ensures guideline-concordant orders and growth factor use.
Anything that smells like “we solve everything with AI” will get politely ignored.
8.3 Assemble the right tiny team
At a bare minimum:
- You: clinical domain expert + product owner.
- One strong full-stack engineer who actually likes reading docs and working with healthcare APIs.
- Optionally a data scientist who does not panic when you say “we need to log every prediction and outcome for three years.”
Do not hire a huge team. Do not outsource core logic to a generic dev shop that has never heard of FHIR. That is how you end up paying six figures for a beautiful but un-integratable demo.
9. Metrics That Matter: Proving Your CDS Actually Works
Hospitals are done with “we saved 726 lives in our simulation study.” They will ask for real, pragmatic metrics.
You need three kinds:
Process metrics
- Alert acceptance rate.
- Changes in ordering patterns (e.g., % of orders within guideline).
- Time to key interventions (antibiotics, imaging).
-
- Complication rates (AKI, readmissions, ICU transfers).
- Resource utilization (CTs per 100 chest pain visits, days of broad-spectrum antibiotics).
- Mortality for specific cohorts.
Burden / satisfaction metrics
- Number of alerts per 100 encounters.
- Time added or saved per encounter.
- Basic user feedback (Net Promoter Score is fine, but qualitative comments are often more telling).
Log everything from day one. Set up analysis routines so that after 90 days at a pilot site, you can produce a clean before/after or controlled comparison, adjusted for case mix where possible.
Do not oversell. A 10–20% reduction in a costly error or a small, statistically solid improvement in guideline adherence is far more compelling than inflated “90% reduction” claims that crumble under scrutiny.
FAQ (exactly 6 questions)
1. Do I really need to learn FHIR and CDS Hooks myself as a clinician founder?
You do not need to implement them yourself, but you must understand the concepts well enough to smell nonsense. If a prospective engineer or vendor tells you integration is “just an API call” and cannot explain which FHIR resources or which CDS Hooks they will use, that is a red flag. Spend a weekend with the FHIR and CDS Hooks docs. You will not regret it.
2. How early should I start worrying about FDA regulation for my CDS tool?
Day one. You do not need a regulatory consultant in your first week, but you do need to decide explicitly whether you are aiming for non-device CDS or SaMD. That decision affects your product design, your marketing claims, and your documentation. Retrofitting explainability or audit trails later is painful.
3. Can I build a successful CDS business that only works with one EMR vendor, like Epic?
Yes, but it narrows your market and makes you vulnerable to that vendor’s roadmap. Some companies have done well as “Epic-specialist” vendors, but they usually go very deep on configuration, content, and services. If you want more scalable software margins, you are better off grounding your product in standards (FHIR, CDS Hooks) and then optimizing for each vendor.
4. How long does it typically take from first hospital conversation to a live CDS pilot?
If you have a strong internal champion and a straightforward use case, 6–9 months is realistic. That period covers contracting, security review, technical integration, testing in non-production, and a limited go-live. Without a champion or with a complex regulatory footprint, it can easily stretch beyond a year. Plan your runway accordingly.
5. Do I need machine learning or generative AI to make my CDS product attractive?
No. Many of the most valuable CDS interventions are rules-based, threshold-based, or use simple scoring tools. Hospitals care about impact on outcomes and workflow, not buzzwords. If ML genuinely improves performance and you can validate it rigorously, use it. But a well-designed rules engine that quietly prevents thousands of small errors can be more valuable than a flashy model that nobody trusts.
6. How do I protect my idea from being “copied” by the EMR vendor or local IT team?
You cannot protect a general idea like “AKI alerting” or “sepsis prediction.” Your defensibility comes from execution: superior logic, better tuning, analytics, user experience, cross-site benchmarks, and the trust you build as a vendor. Yes, local teams can create simple rules, but they rarely have the bandwidth to maintain complex, evolving CDS across many pathways. If you consistently outperform what they can build in-house and make integration painless, you stay relevant.
You are leaving training behind and stepping into a healthcare system that is drowning in data but starving for usable intelligence. With a sharp problem definition, a realistic grasp of EMR integration, and a ruthless focus on clinician-centered design, you can turn that annoyance you feel clicking away bad alerts into a real product that actually changes practice.
Once you have that first use case working and live inside an EMR, then you can start thinking about scaling to multiple institutions, building a platform, and raising serious capital. But that is the next chapter—after you get your first CDS alert accepted by a colleague who does not know you built it.
