Product Discovery for a Compliant, Multi-Tenant Home-Care Platform

DBB Software ran a Product Discovery engagement to address a UK home-care provider's vision of digitalizing paper-based care delivery into a buildable System Design Document with scoped requirements, an evaluated technology stack, a compliance-by-design architecture, and a clear delivery plan with risks surfaced up front.

Industry

Healthcare & Biotech

Service

Product Discovery

Team

DBB Software Architecture Team

Project State

Completed

Country

United Kingdom

About the Client

The client is a UK provider of domiciliary (home-care) services for elderly and vulnerable people. The client's vision was a cloud-based, multi-tenant platform that small- to medium-sized care agencies could adopt to log visits in real time, give families transparency into care and well-being, support scheduling and compliance, and surface early signs of decline through data.

The Client's Initial Request

The client engaged DBB Software for a Product Discovery to turn a compliance-sensitive vision into a System Design Document that the client could use as a blueprint for executing their idea.

Translate Vision Into Scoped Requirements

Convert the product idea into concrete functional and non-functional requirements, split into a core launch and a post-launch enhancement set, with explicit in-scope / out-of-scope boundaries.

Make Compliance Foundational

Include UK data protection and healthcare data principles, accessibility, and care sector regulatory reporting in the architecture.

Design the AI Wellbeing Capability

Specify how an AI-assisted wellbeing score could be produced safely and reviewably from routine care-visit data.

Resolve Build-vs-Buy

Evaluate and recommend a technology for every major component, with documented rationale and protection against vendor lock-in.

Make It Executable

Provide a phased delivery structure, team composition, and the risks and dependencies that must be managed.

The Deliverables

DBB Software delivered a complete System Design Document that converts the vision into an executable, compliance-ready engineering plan.

Scoped Requirements & Use Cases

Structured the product into 2 versions (core launch + post-launch enhancement) covering 33 functional requirements traced to 32 user stories across 8 epics, 7 detailed use cases, and 12 explicitly out-of-scope items (voice assistants, IoT sensors, NHS/GP integration, multi-language, video calling, payment processing, and others), with recorded scope decisions so the build starts from a stable baseline.

Evaluated Technology Stack

Delivered a per-component evaluation captured in 8 Architecture Decision Records with alternatives evaluated and documented exit criteria: a single-language stack on a managed cloud hosted in a UK/EU data-residency region, with managed specialist services owning the highest-risk capabilities.

Compliance-by-Design Architecture

Specified a compliance-first architecture with 3-layer defence-in-depth multi-tenant isolation (schema-per-tenant + middleware + RBAC), AES-256 field-level encryption for sensitive health data, immutable audit logging retained for 7 years, WCAG 2.1 AA accessibility for elderly and non-technical users, and GDPR + HIPAA principles applied from day one.

AI-Assisted Wellbeing Engine Design

Designed an AI wellbeing capability that scores routine visit observations (mood, mobility, appetite, vitals, each on a 1–5 scale) against the agency's own configurable clinical rules to produce a daily 0–100 wellbeing index and trigger an alert when the index drops >20% below the 14-day baseline. The design uses a ready-made LLM via a managed cloud AI service (no custom model training), keeps humans in the loop on every alert, falls back to a deterministic weighted-average calculation if the LLM is unavailable, and never claims to be a medical diagnosis.

NFRs, Risk Register & Delivery Plan

Defined 45 measurable NFRs across 6 categories (performance, availability, scalability, security & compliance, data retention, observability) tied to industry standards (Google Core Web Vitals, AWS SLA, DORA Elite, OWASP, WCAG 2.1 AA), a 5-risk register with probability, impact, and mitigation, a ~20-week / 5.6-FTE phased delivery plan for Version A (Version B adds ~14 weeks), and 4 customer prerequisites flagged before development can start (clinical rules, push-notification catalogue, event analytics metrics, pilot success KPIs).

Results Achieved

A Buildable Blueprint

A regulation-heavy product idea is now a phased System Design Document the client can build from, with a fixed core-launch vs. post-launch scope and requirements traced to user stories.

Compliance Built In

Data protection, healthcare data, accessibility, and regulatory reporting requirements are built into the architectural design.

A Reviewable AI Capability

The AI wellbeing engine is auditable and clinically cautious: configurable rules, human-in-the-loop alerts, a deterministic fallback, and an explicit "not a medical diagnosis" boundary.

Build vs. Buy and Risks Resolved

Every component has a recommended technology with a rationale, and the clinical-safety, multi-tenant data-isolation, and vendor-cost risks each carry a mitigation and an exit path.

Have a Product Idea but No Technical Plan Yet?

Our Product Discovery turns a vision into a clear plan to build it through scoped requirements, the right technology choices, a sound architecture, and a roadmap that surfaces and de-risks the make-or-break unknowns before they cost you.

Book a call