The hard part of clinical software isn't the code

In twenty-five years of building health technology, I have rarely seen a project fail because the code was wrong. They fail earlier, and quieter, in the decisions made before a line is written.

Most clinical software is not technically hard in the way people assume. The web app, the database, the integrations: these are well understood problems with well understood answers. What is hard is everything wrapped around them.

Before anything touches a patient, you have to be able to answer a long list of unglamorous questions. Who is clinically accountable for the advice this system gives? What happens when an integration drops a message? How do you prove, months later, why a particular decision was made? In the UK, that thinking is formalised in clinical safety standards such as DCB0129 and DCB0160, and in information governance that has to hold up to scrutiny.

The decisions underneath

The real work is the thousands of small decisions that sit beneath the product. Each one is minor on its own. Together they decide whether the thing is safe, defensible and able to scale, or whether it is a liability waiting to surface.

The code is rarely the risk. The risk is everything you decided before you wrote it.

Teams that treat safety and governance as paperwork to be done at the end almost always pay for it later, usually at the worst possible moment. Teams that treat it as part of the design ship slower at first and far faster after that, because nothing has to be unpicked.

None of this is a reason to move slowly. It is a reason to be deliberate about the right things. Get the decisions underneath right, and the code, as ever, is the easy part.