Own Your Stack

What Technology Stack Should a Telehealth Operator Use?

You do not need an all-in-one platform to run a compliant DTC telehealth clinic. You need four layers that each do one job well and that you own. Here is the stack, and why the boundaries between the layers matter more than the tools.

The neolife editorial desk·Published Jul 10, 2026·7 min read

Quick answer

A minimal compliant stack has four layers: a commerce storefront (Shopify works, with PHI kept off it), a HIPAA-compliant intake and clinical record, a provider approval workflow, and a fulfillment layer that routes approved orders to your compounding pharmacy. The principle is separation of duties — keep protected health information off the commerce layer and own the system of record yourself rather than renting it inside one bundled platform.

Key takeaways

  • A compliant DTC telehealth stack is four layers, not one platform: commerce, HIPAA intake/record, provider approval, and fulfillment routing.
  • Shopify is fine for checkout, but it does not sign BAAs and its terms prohibit storing PHI — so PHI must live off it.
  • The clinical record (system of record) should be owned by you, not held inside a platform you rent.
  • Provider approval belongs in the stack as an explicit, auditable step — a licensed provider must authorize every order.
  • The fulfillment layer should overlay the pharmacy you already use, not force a rip-and-replace of your pharmacy relationship.
  • Design the boundaries between layers deliberately; the boundaries, not the individual tools, are what keep you compliant and portable.

A minimal compliant telehealth stack is four layers, not one platform: a commerce storefront (Shopify works, with PHI kept off it), a HIPAA-compliant intake and clinical record, a provider approval workflow, and a fulfillment layer that routes approved orders to your compounding pharmacy. The organizing principle is separation of duties — keep protected health information off the commerce layer, and own the system of record yourself rather than renting it inside a bundled platform.

Founders usually ask "which platform should I use," but that is the wrong altitude. The durable question is which layers you need and where the boundaries between them sit, because those boundaries are what keep you compliant and portable no matter which specific tools you pick. This post walks the four layers and the rules that govern the seams between them. For the head-to-head on bundling versus owning, build vs buy: platform vs owning your stack is the companion piece.


What Technology Stack Should a Telehealth Operator Use?

Four layers: commerce (storefront and checkout), a HIPAA-compliant intake and clinical record, provider approval, and fulfillment routing to your pharmacy. Each layer does one job, and the boundaries between them enforce compliance — PHI stays off commerce, the clinical record stays owned by you, and a licensed provider approves before anything reaches the pharmacy.

The reason to think in layers rather than platforms is that layers can be owned, swapped, and audited independently, while a platform is a single point of control and a single point of failure. When you keep the layers distinct, a bad vendor is a replacement, not a migration; when they are fused inside one system, every change is a rebuild. The sections below define each layer and, more importantly, the rule that governs its boundary with the next.


Layer 1: The Commerce Storefront (and Why PHI Stays Off It)

The storefront is your commerce layer — product pages, cart, checkout, subscriptions — and Shopify handles it well. The hard rule is that no protected health information may live here. Shopify does not sign Business Associate Agreements and its acceptable use policy prohibits storing PHI, so intake answers, diagnoses, and prescriptions cannot sit on it.

This is not a Shopify limitation to work around so much as a boundary to design around. HHS's HIPAA guidance for professionals requires that any vendor handling PHI on your behalf sign a BAA; Shopify does not, so the fix is architectural — the storefront collects the order and the payment, and a separate HIPAA-compliant layer collects the health information. Done right, a patient checks out on Shopify while their clinical intake flows into a covered system behind the scenes. Keeping Shopify HIPAA-compliant by keeping PHI off it covers the exact split, and the Shopify-based telehealth stack shows how the pieces connect.


Layer 2: HIPAA-Compliant Intake and the Clinical Record

The second layer is where health information actually lives: the clinical intake questionnaire and the patient record. This layer must be HIPAA-covered under a signed BAA, and it should be your system of record — owned by you, exportable on demand, not held inside a platform you merely rent access to.

This is the layer founders most often get wrong by letting a platform own it. The clinical record — intake, provider decisions, prescription history — is the asset that is your patient relationship. HHS's guidance on business associate contracts makes the BAA the mechanism that lets a vendor handle this data lawfully, but a BAA does not give you ownership — your contract does. Insist on two things: a signed BAA, and an unconditional right to export your data. If a vendor cannot do both, your patient record does not belong there. Why you should own the system of record makes the strategic case.


Layer 3: Provider Approval

The third layer is the clinical gate: a licensed provider reviews the intake and approves (or declines) every prescription before it can be fulfilled. This is not optional workflow polish — it is the legal and safety backbone of the clinic, and it must be an explicit, auditable step in the stack, not an afterthought bolted onto checkout.

Structurally, provider approval sits between the clinical record and fulfillment: nothing routes to a pharmacy until a licensed provider has authorized it, and the system should record who approved what and when. That record is what defends the clinic on audit and after any complaint. The mistake to avoid is treating approval as friction to engineer away; the correct posture is to make it structurally impossible to skip. How provider approval fits the workflow details what a defensible approval step looks like.


Layer 4: Fulfillment Routing

The fourth layer takes an approved order and routes it to the right compounding pharmacy — by product, patient state, and pharmacy coverage — then tracks it to delivery. The design goal here is to overlay the pharmacy relationship you already have, not to force a new one, so your pharmacy choice stays yours.

The layers and their boundary rules, in one view:

Layer Job Boundary rule
Commerce (Shopify) Storefront, checkout, subscriptions No PHI — ever
HIPAA intake + record Clinical intake, patient record BAA signed; you own and can export it
Provider approval Licensed authorization of each order Nothing routes without an auditable approval
Fulfillment routing Send approved order to pharmacy, track it Overlay your pharmacy; do not replace it

Read the right-hand column as the actual specification. The tools in the left column can change; the boundary rules are what keep you compliant and portable. A stack that honors all four rules is one you own; a stack that violates any of them is one that owns you.


The Boundaries Matter More Than the Tools

The reason to design the stack this way is portability. When each layer is distinct and the boundaries are enforced, you can replace any single vendor without touching the others, and you can prove compliance layer by layer. When a platform fuses all four, you inherit its choices and its leverage — and changing anything means changing everything.

An overlay/rail model is simply this architecture delivered as one coherent fulfillment layer that respects the boundaries by design: PHI stays off your storefront, you keep your clinical record as the system of record, a licensed provider approves every order, and orders route to the compounding pharmacy you already use. You get the convenience of a connected stack without surrendering ownership of any layer — which is the whole point of building on a stack you own rather than a platform you rent.


Key Takeaways

  • A compliant DTC telehealth stack is four layers — commerce, HIPAA intake/record, provider approval, fulfillment routing — not one bundled platform.
  • Shopify is fine for checkout, but it will not sign a BAA and prohibits PHI, so PHI must live off it.
  • The clinical record should be your system of record: owned by you and exportable, not rented inside a platform.
  • Provider approval is an explicit, auditable step — a licensed provider must authorize every order.
  • The fulfillment layer should overlay the pharmacy you already use, not force a rip-and-replace.
  • Design the boundaries between layers deliberately; the boundaries, not the tools, keep you compliant and portable.

Frequently Asked Questions

Can I run my whole telehealth clinic on Shopify?

No — only the commerce layer. Shopify does not sign BAAs and its acceptable use policy prohibits storing PHI, so it cannot hold clinical intake, diagnoses, or prescriptions. The workable pattern is Shopify for storefront and checkout, with a separate HIPAA-compliant system for intake, the clinical record, provider approval, and pharmacy routing. Keeping PHI off Shopify is a compliance requirement, not a preference.

Do I need a full EHR to launch a telehealth clinic?

You need a HIPAA-compliant place to hold clinical intake and prescription history, but not necessarily a heavyweight legacy EHR on day one. Many DTC operators start with a HIPAA-compliant intake and record layer sized to their formulary and add depth as they scale. The non-negotiable is that the record is HIPAA-covered under a signed BAA and that you — not a rented platform — own it.

What is the difference between an all-in-one platform and a stack you own?

An all-in-one bundles storefront, record, providers, and pharmacy into one system it controls — fast to launch but it makes you a tenant. A stack you own uses separate, best-fit layers connected by clear boundaries, so you keep your storefront, your data, and your pharmacy choice. The tradeoff is slightly more setup for durable ownership and portability instead of lock-in.

Where should patient health data actually live in my stack?

In the HIPAA-compliant intake and clinical-record layer, covered by a BAA and owned by you as the system of record — never on the storefront, and ideally not locked inside a platform you cannot export from. Concentrating PHI in one compliant layer makes your obligations clear and your data portable. If a vendor cannot sign a BAA or export your data, PHI does not belong there.


neolife is the fulfillment rail that respects these boundaries by design — PHI stays off your storefront, you keep your patient data as the system of record, a licensed provider approves every order, and orders route to the compounding pharmacy you already use. If you want a connected stack you actually own, talk to us. This post is educational and not legal or medical advice; consult qualified counsel before making compliance or architecture decisions.

Frequently asked questions

Can I run my whole telehealth clinic on Shopify?

No — only the commerce layer. Shopify does not sign Business Associate Agreements and its acceptable use policy prohibits storing protected health information on its servers, so it cannot legally hold clinical intake, diagnoses, or prescriptions. The workable pattern is Shopify for the storefront and checkout, with a separate HIPAA-compliant system for intake, the clinical record, provider approval, and pharmacy routing. Keeping PHI off Shopify is a compliance requirement, not a design preference.

Do I need a full EHR to launch a telehealth clinic?

You need a HIPAA-compliant place to hold clinical intake and prescription history, but that does not have to be a heavyweight legacy EHR on day one. Many DTC operators start with a HIPAA-compliant intake and record layer sized to their formulary and add depth as they scale. The non-negotiable is that the record is HIPAA-covered under a signed BAA and that you — not a rented platform — own it as your system of record.

What is the difference between an all-in-one platform and a stack you own?

An all-in-one bundles storefront, clinical record, provider network, and pharmacy into one system it controls, which is fast to launch but makes you a tenant. A stack you own uses separate, best-fit layers connected by clear boundaries, so you keep your storefront, your patient data, and your pharmacy choice. The tradeoff is a little more setup for durable ownership and portability instead of lock-in.

Where should patient health data actually live in my stack?

In the HIPAA-compliant intake and clinical-record layer, covered by a signed BAA, and owned by you as the system of record — never on the commerce storefront, and ideally not locked inside a platform you cannot export from. Concentrating PHI in one controlled, compliant layer makes your obligations clear and your data portable. If a vendor cannot sign a BAA or cannot export your data on demand, PHI does not belong there.

This article is operator education, not medical, legal, or tax advice. Telehealth and pharmacy regulation vary by state and product and change frequently. Verify the specifics for your business with qualified counsel and your pharmacy partner.

Keep reading

Get early access.

Join the waitlist — referrals move you up the queue.

No spam. One email when your wave opens.