HeartSciences needed a cloud backend for MyoVista Insights — their vendor-neutral ECG management platform. The system had to process ECG signals in real time, run AI inference from multiple model providers, integrate bidirectionally with a major EHR via HL7 and FHIR, and meet healthcare regulatory requirements across US and UK deployments. ML LABS led the engineering effort — designing the architecture, building the entire cloud-native backend, and owning the technical decisions across infrastructure, AI inference, EHR integration, and security. The platform is now live as HeartSciences' core product, processing clinical ECGs across multiple healthcare organizations.
AIM Consulting built the frontend interface. Running two vendors in parallel gave HeartSciences more throughput and shared risk across workstreams. AIM was a strong collaborator — responsive, well-organized, and easy to coordinate with on a fast-moving project.
Why This Was Hard
Building a medical device backend is not a normal software project. Every design decision carries regulatory weight. The gap between "working prototype" and "production system regulators will accept" is where most teams stall. The compounding factor was interoperability: the platform had to ingest ECGs from multiple device manufacturers, each with their own DICOM encoding conventions, and integrate with hospital EHR systems that expected standards-compliant HL7 messaging.
graph LR
A1["Multi-Vendor<br/>ECG Devices"] --> B1["DICOM<br/>Normalization"]
B1 --> C1["Async AI<br/>Inference"]
C1 --> D1["Clinical Report<br/>Workflow"]
D1 --> E1["Bidirectional<br/>EHR Delivery"]
style A1 fill:#1a1a2e,stroke:#0f3460,color:#fff
style B1 fill:#1a1a2e,stroke:#ffd700,color:#fff
style C1 fill:#1a1a2e,stroke:#ffd700,color:#fff
style D1 fill:#1a1a2e,stroke:#e94560,color:#fff
style E1 fill:#1a1a2e,stroke:#16c79a,color:#fffMaking Any ECG Device Work
The platform had to be genuinely vendor-neutral at the DICOM parsing level. Devices from multiple major manufacturers each encode 12-lead ECG waveforms and measurements differently — amplitude units, lead ordering, and measurement segments all vary by vendor.
We built a normalization layer that extracts waveform data and clinical measurements from each vendor's DICOM format into a unified internal representation. When a clinic uploads the same ECG through multiple pathways, the system recognizes the duplicate and links rather than re-stores.
Every device vendor encodes clinical data differently. Getting this wrong does not produce an error message — it produces a clinically incorrect value that looks right. The platform that handles this correctly becomes the one clinicians trust.
Running Multiple AI Models in Production
The AI layer processes ECGs through multiple model providers — including rhythm analysis and cardiac function models for ejection fraction assessment. Each model has different latency characteristics, availability patterns, and billing implications.
We built an async inference architecture that decouples ECG submission from AI result delivery. The system handles provider unavailability gracefully, prevents duplicate billing when providers fail mid-processing, and supports per-organization model enablement for staged algorithm rollouts. Adding a new AI model provider is a configuration task, not an engineering project.
Participating in Hospital Workflows
EHR integration required bidirectional HL7 messaging — not just reading patient data, but participating in the clinical order workflow. The platform receives order messages when a physician requests an ECG interpretation, processes the study through AI inference, and returns result messages with clinical measurements and billing codes that downstream hospital systems depend on for reimbursement.
On the FHIR side, the platform implements per-organization authentication that prevents cross-tenant data access. This dual-protocol approach (HL7 for clinical workflow, FHIR for data access and launch context) reflects how EHR integrations actually work in production.
Enforcing Clinical Accountability
Clinicians sign, confirm, and lock clinical reports through a lifecycle that carries legal and regulatory weight. We built a report workflow that enforces accountability at every stage — once signed, every subsequent modification is tracked with full audit trail visibility. PDF generation handles the visual complexity of multi-page clinical ECG reports, with mobile support for touch-based clinical measurement tools.
Scaling Across Organizations
The platform operates as a true multi-tenant system with per-organization configuration controlling everything from enabled AI models to HL7 field mappings to invoice pricing. Onboarding a new hospital is a configuration step — no code changes required.
The billing system implements usage-based invoicing that handles partial months, mid-cycle onboarding, per-site minimums, annual caps, and tiered pricing across organization types. Multi-environment deployment across test, US production, and UK production ensures changes are validated before reaching clinical workflows.
Security Built Into Delivery
Security findings were remediated as part of the delivery cadence, not deferred to a separate hardening phase:
- Credential management — rotating secrets, eliminating hardcoded keys, enforcing least-privilege IAM
- Data exposure prevention — ensuring PHI never appears in logs, error responses, or debug outputs
- Injection protection — input validation across every API surface that accepts external data
- Authentication hardening — per-organization session isolation with no fallback auth paths
What HeartSciences Got
MyoVista Insights is now in production as HeartSciences' core platform — connecting ECG hardware from multiple manufacturers, AI-ECG algorithms from multiple providers, and clinical tools into one coherent ecosystem that scales with the business.
- Unified clinical view. Clinicians access ECGs, AI results, and prior studies in a single interface, including directly within the EHR
- Multi-vendor, multi-model. New device manufacturers and AI providers plug in through configuration, not code
- Research SDK. Programmatic access to ECG data across all ingested formats, enabling researchers to query, filter, and export at scale
- Natural language search. Clinicians find studies using clinical language rather than navigating filter interfaces
- US and UK production. Separate regional deployments with data residency compliance built into the infrastructure
First Steps
- Lead with regulatory inputs. Build compliance into the data model and deployment pipeline from the first commit, not as a later retrofit.
- Design for multi-vendor early. Normalizing data formats after the fact introduces subtle clinical accuracy bugs that are expensive to find.
- Treat EHR as first-class. HL7 and FHIR patterns are well-documented in theory but full of per-organization edge cases in practice.
Practical Solution Pattern
Build regulatory compliance and interoperability into the architecture from the start rather than treating them as integration layers bolted on later. Invest in vendor-neutral data normalization, async AI inference with billing safeguards, and bidirectional EHR messaging with per-organization configuration.
The cost structure of regulated systems is fundamentally front-loaded — architectural decisions made in the first months determine whether the system can scale to new sites, new AI models, and new EHR partners without rework. HeartSciences now adds hospitals, device vendors, and AI providers through configuration rather than engineering projects — that leverage is the return on getting the architecture right the first time. If you need to decide whether a regulated workflow is ready for build, a Strategic Scoping Session can pressure-test scope, constraints, and next steps before engineering work starts.