📋 Project Blueprint · Internal Working Document · MediEco × Doc Zam · 26 April 2026
← Hub PROJECT BLUEPRINT v1.0 · 26 Apr 2026

Project Blueprint — MediEco Execution

Charter · stakeholders · RACI · timeline · quality gates · risks · budget · governance · compliance roadmap. Complete PM view untuk track projek tak terlepas 1 pun.

1. 📜 Project Charter

Apa yang kita commit. Kenapa wujud. Bila siap.

Vision

Hospital Agentic AI Eco-System yang patient-first, multi-PA (Patient · Doctor · Pharmacy · Admin), modular, dan Malaysia-native — mengubah pengalaman klinik daripada "patient tunggu giliran" kepada "wait-time = productive triage time, doktor sentiasa siap sedia."

Mission Phase 1 (MVP)

Bina foundation 3 modul (M1 Patient PA + M4 Doctor PA + M9 Audit) yang boleh deploy ke 1 klinik pilot dlm 4-6 minggu, dengan zero-install browser-first PWA, on-prem AI server, dan Doc Zam mock UI sebagai canonical UX pattern.

✅ Success Criteria
  • 3 modul M1+M4+M9 LIVE @ pilot klinik dlm 6 minggu
  • ≥80% pesakit pilot complete intake via Patient PA tanpa drop-off
  • Doktor jimat ≥30% masa dokumentasi (vs baseline)
  • 100% encounter ada audit trail lengkap
  • Zero clinical safety incident dlm 30 hari pilot
  • Doc Zam sign-off MOH-readiness checklist
🚪 Exit Criteria
  • Phase 0 exit: kalau Doc Zam tarik balik approval
  • Phase 1 exit: kalau audit gap critical detected
  • Phase 2 exit: kalau pilot tak hit success metrics dlm 30 hari
  • Phase 3 exit: kalau MOH guidelines berubah significantly
🎯 Key Principles (non-negotiable)
  • 1. Patient-first — UI/UX dikira dari sudut pesakit, bukan klinik admin.
  • 2. Co-pilot bukan auto-pilot — agen propose, doktor approve. Tiada pengganti keputusan klinikal.
  • 3. Modular adoption — klien boleh subscribe 1 modul, tambah bila ready. Tiada all-or-nothing.
  • 4. Browser-first PWA — zero-install, no native app, no IT specialist needed.
  • 5. On-prem AI option — data klinikal Malaysia tinggal di Malaysia. PDPA-by-design.
  • 6. Citation mandatory — setiap dx/dose cadangan WAJIB cite source (NPRA, MOH CPG, hospital SOP).
  • 7. Feature flag default OFF — semua kapasiti AI baru toggle off, owner enable per-modul per-ward.
  • 8. Generic identifier discipline — public docs guna persona generic. Real PII di on-prem only.

2. 🎯 Scope & Out-of-Scope

✅ IN SCOPE
  • • 4 Personal Assistants (Patient · Doctor · Pharmacy · Admin)
  • • 9 Modules M1-M9 dgn modular adoption
  • • Mobile PWA untuk Patient (iOS/Android via browser)
  • • Web PWA untuk Doctor/Pharmacy/Admin (desktop browser)
  • • mcp-medix MCP server (tool registry)
  • • On-prem AI server option (Mid/Hi-End spec)
  • • Cloud burst fallback (peak overflow only)
  • • 5-layer M9 guardrails (PDPA · Clinical Safety · Hallucination · HITL · Audit)
  • • Doc Zam canonical UX (11-section Patient Profile · 6-tab Doctor Quick Access)
  • • BM/EN bilingual UI
  • • MOH CPG library integration · NPRA drug DB · halal pharma filter
  • • MySalam/Socso/private insurance claim workflow
  • • e-Invoice LHDN integration
  • • Photo/Biometric ID (face-api.js leveraging Skool2U existing tech)
  • • Cross-clinic continuity network (M8) — patient data follows patient
❌ OUT OF SCOPE (v1.0)
  • • Inpatient ward management (deferred to v2.0)
  • • Operating Theatre (OT) scheduling (v2.0)
  • • Radiology PACS (DICOM viewer) — integration only, not viewer build
  • • Lab Information System (LIS) full build — interface only
  • • Native mobile apps (iOS/Android packaged) — PWA sahaja v1
  • • In-house custom LLM training — guna Llama/Qwen open-weight
  • • Telemedicine video call platform — link to existing 3rd party
  • • Patient self-service appointment booking by doctor name (v1: by clinic only)
  • • Wearable device integration (smartwatch BP/HR) — v2.0
  • • Genomics / personalised medicine module
  • • AI-generated patient education videos
  • • Multi-language beyond BM/EN (Mandarin/Tamil) — v2.0
  • • MOH e-Mesyuarat integration
  • • Veterinary clinics

3. 👥 Stakeholders

Siapa terlibat, apa kepentingan mereka, bagaimana komunikasi.

StakeholderRoleKepentinganKomunikasi
Doc Zam
(Mohd Shuhaizam Zain)		Domain Lead · Clinical SME · Co-founder client sideValidasi clinical workflow · MOH compliance · UX feedbackWeekly review meeting · feedback dlm WhatsApp · sign-off pada gates
ALESA FounderProject Sponsor · Tech Lead · ArchitectureDelivery on-time · budget control · technical excellence · PDPA complianceDaily standup · incident escalation · final approval major decisions
Klinik PilotEnd-User · UAT SiteDisruption minima · operational benefit · staff trainingOnboarding session · weekly check-in during pilot · NPS survey
Pesakit Pilot (sample)End-User PatientPrivacy · speed · clarity · trust dlm AIIn-app feedback · 30-day satisfaction survey · focus group selepas pilot
MOH / KKMRegulatorPatient safety · PDPA · clinical governance · audit trailQuarterly compliance report · audit-ready documentation · CPG alignment evidence
MMC
(Malaysian Medical Council)		Professional BodyAI tak override doctor judgement · scope of practice maintainedSelf-attestation HITL design · upon request only
JKDM
(LHDN e-Invoice)		Tax Authoritye-Invoice compliance untuk billing moduleAPI integration · auto-submit per encounter
PERKESO / SOCSOInsurance AuthorityClaim format · provider verificationAPI integration · monthly claim batch
Insurance Panels
(MySalam · AIA · Allianz)		PayerClaim processing · panel rate syncAPI integration · monthly reconciliation
NPRA
(National Pharmaceutical)		Drug AuthorityDrug database accuracy · DDI list authorityReference-only · public API/data download
PDP CommissionerPrivacy AuthorityPDPA 2010 compliance · breach notificationQuarterly self-audit · breach <72h escalation
ALESA Engineering TeamBuild TeamClear specs · achievable sprints · learning growthDaily standup · sprint planning bi-weekly · retrospective

4. 🎲 RACI Matrix

R = Responsible (yang buat) · A = Accountable (yang tanggungjawab) · C = Consulted (rujuk) · I = Informed (maklumat).

Activity Doc Zam Founder ALESA Eng Team Klinik Pilot MOH
Clinical workflow approvalARICI
Architecture decisionsCA/RCII
Module spec writingCRAII
UI/UX designCARCI
Code build & testIARII
Clinical safety reviewA/RCICI
PDPA compliance auditCA/RRIC
Pilot deploymentCARRI
Staff trainingCARRI
Incident responseARRCI (if breach)
MOH CPG mappingA/RCIII
Sign-off on Q-gatesAARCI
Budget approvalIA/RIII
Server hardware procurementIA/RCII
Marketing & pitch updateCA/RIII

5. 📅 Timeline & Phases

4 phase approach. Setiap phase ada explicit gate sebelum naik ke phase seterusnya.

PHASE 0 · NOW Foundation · 26 Apr - 10 May 2026
~2 minggu
Foundation Setup
  • • Blueprint hub + Project + Dev pages LIVE (today)
  • • M1-M9 deep specs + Gantt + Risk register + Budget detail (next session)
  • • Repo init · CI/CD pipeline scaffold · staging env up
  • • Doc Zam canonical UX assets ekstrak ke design system
  • • Klinik pilot identification + onboarding agreement draft
Gate: Q1 ALESA Preflight + Doc Zam sign-off blueprint
PHASE 1 MVP Build · 11 May - 21 Jun 2026
~6 minggu · 3 sprints
MVP Build (M1 + M4 + M9)
  • Sprint 1.1 (2 wks): M9 audit foundation + auth/RBAC + Patient data model (Doc Zam 11-section)
  • Sprint 1.2 (2 wks): M1 Patient PA — symptom intake + 3-warna triage + WhatsApp/PWA UI
  • Sprint 1.3 (2 wks): M4 Doctor PA — encounter + 6-tab UI + ambient SOAP scribe + CDSS lite
  • • Internal QA · clinical safety review by Doc Zam · staging deployment
Gate: Q2 internal review + Q3 clinical safety review · Doc Zam sign-off
PHASE 2 Pilot · 22 Jun - 30 Sep 2026
~3 bulan
Pilot Run (1 Klinik) + Tambah M2 + M5 + M7
  • Sprint 2.1: M2 Pre-Consult Briefing + M5 Pharmacy PA
  • Sprint 2.2: M7 Admin PA · queue + appointment + billing
  • Sprint 2.3: Klinik pilot deployment · staff training · UAT (1 minggu)
  • 30-day pilot run: monitor · daily incident review · weekly metrics
  • Iterate: 2 sprints fix bugs/feedback dari pilot
Gate: Q4 pilot success metrics + Q5 PDPA self-audit · Doc Zam sign-off
PHASE 3 Scale · Oct 2026 - Mar 2027
~6 bulan
Multi-Klinik Rollout + M3 + M6 + M8
  • • Tambah M3 (Clinic Locator) · M6 (Adverse Reaction Loop) · M8 (Cross-Clinic Continuity)
  • • Onboard 5-10 klinik dlm rangkaian (Path B)
  • • Network effect activation
  • • Scale infrastructure (Mid-End → Hi-End upgrade if load demands)
  • • MOH compliance audit + MMC self-attestation
Gate: Q6 final compliance audit · Production-ready certification

6. 🎯 Milestones

TarikhMilestoneOwnerPhase
26 Apr 2026Doc Zam approval received · Blueprint hub LIVEFounderP0
3 May 2026Phase 2 detail (M1-M9 specs · Gantt · Risks · Budget) selesaiFounder + EngP0
10 May 2026Repo + CI/CD + staging env LIVE · Q1 gate passedEng LeadP0→P1
24 May 2026Sprint 1.1 demo: M9 audit + auth + Patient data modelEng TeamP1
7 Jun 2026Sprint 1.2 demo: M1 Patient PA UI + triage flowEng TeamP1
21 Jun 2026Sprint 1.3 demo: M4 Doctor PA + ambient SOAP · MVP COMPLETEEng TeamP1
28 Jun 2026Q2/Q3 gates passed · Doc Zam sign-off MVPDoc Zam + FounderP1→P2
5 Jul 2026Sprint 2.1: M2 + M5 readyEng TeamP2
19 Jul 2026Sprint 2.2: M7 + integration doneEng TeamP2
26 Jul 2026Klinik pilot deployment · UAT completeEng + KlinikP2
25 Aug 2026Pilot 30-day mark · interim metrics reviewAllP2
30 Sep 2026Pilot complete · success metrics evaluated · Q4/Q5 gatesDoc Zam + FounderP2→P3
Oct-Dec 2026M3 + M6 + M8 build · onboard 3-5 klinikEng + BDP3
Jan-Mar 2027Network effect activation · MOH audit · Production certAllP3

7. 🚦 Quality Gates Q1-Q6

ALESA framework gates + MOH-equivalent checkpoints. Tiada phase boleh mula tanpa pass gate sebelum.

1Q1 · Foundation Readiness
END OF PHASE 0
  • ✓ Blueprint hub + Project + Dev specs lengkap
  • ✓ M1-M9 module specs done
  • ✓ Repo + CI/CD + staging env up
  • ✓ Doc Zam sign-off blueprint
  • ✓ Klinik pilot agreement signed
  • ✓ Budget approved by Founder
2Q2 · MVP Internal Review
END OF PHASE 1 SPRINT 1.3
  • ✓ M1+M4+M9 demo functional
  • ✓ Unit test coverage ≥75%
  • ✓ Integration test pass rate 100%
  • ✓ E2E test (3 patient scenarios) pass
  • ✓ Performance: p99 latency <5s
  • ✓ Security scan zero high/critical CVE
3Q3 · Clinical Safety Review
BEFORE PILOT DEPLOYMENT
  • ✓ Doc Zam clinical pathway sign-off
  • ✓ HITL gates verified (no auto-execute on high-risk)
  • ✓ Citation mandatory pada semua dx/dose suggestion
  • ✓ Red-flag escalation tested 100% (chest pain, stroke, etc.)
  • ✓ Drug interaction database NPRA-aligned
  • ✓ Allergy alert chain validated
4Q4 · Pilot Success Metrics
END OF 30-DAY PILOT
  • ✓ ≥80% pesakit complete intake
  • ✓ Doktor jimat ≥30% masa dokumentasi
  • ✓ Zero clinical safety incident
  • ✓ Zero PDPA breach
  • ✓ Klinik staff NPS ≥7/10
  • ✓ Patient satisfaction ≥75%
5Q5 · PDPA Self-Audit
QUARTERLY DURING PHASE 2-3
  • ✓ PII strip pre-LLM verified (12 PII types)
  • ✓ Audit log retention ≥7 tahun
  • ✓ Consent capture flow validated
  • ✓ Data subject access rights implemented
  • ✓ Breach notification procedure tested
  • ✓ DPO appointed (Founder default)
6Q6 · Production Certification
END OF PHASE 3
  • ✓ MOH compliance documentation complete
  • ✓ MMC scope-of-practice attestation
  • ✓ Multi-klinik load test passed
  • ✓ Disaster recovery drill completed
  • ✓ 99.5%+ uptime SLA achieved
  • ✓ Insurance/professional indemnity in place

8. ⚠️ Risk Register

Risiko utama dgn likelihood × impact. Detail mitigation dlm /risks/ page (Phase 2 deliverable).

TahapRisikoLikelihoodImpactMitigasi Ringkas
🔴 KRITIKALFalse-positive DiagnosisMediumPatient harmHITL mandatory · citation card · DDx alternatives shown · Doc Zam clinical sign-off Q3
🔴 KRITIKALMedication Error (DDI/dose/allergy miss)Low-MedPatient harm · legalClosed-loop verify · barcode at dispense · NPRA cross-check · pharmacist final approve
🔴 KRITIKALPDPA Breach (PII leak ke cloud LLM)LowRM 500K fine · reputationPII strip pre-LLM · per-tenant key · on-prem option · breach <72h notify · Q5 quarterly audit
🟠 TINGGIDoc Zam Withdraws ApprovalLowProject haltWeekly review · transparent comms · Doc Zam co-sign all major decisions · written agreement Phase 0
🟠 TINGGIKlinik Pilot Pull OutMedPhase 2 delay2 backup klinik identified · pilot agreement dgn exit clause · ALESA bear setup cost
🟠 TINGGISkill Decay (junior klinisin over-rely AI)MedLong-term competency loss"Blind mode" toggle · periodic competency check · agen sembunyi recommendation untuk training mode
🟠 TINGGIAudit Gap (MOH inspection failure)Low-MedLicense riskStructured log per call · 7-tahun retention · queryable timeline · MOH report template Phase 2
🟠 TINGGIGPU Hardware Lead TimeMedPhase 1-2 delayOrder H100 4-week early · L40S as fallback · cloud burst as Plan B during procurement gap
🟢 SEDERHANALLM API Cost OverrunMedBudget pressureTier routing (small first) · cache · per-tenant budget · gpt-4o-mini default · on-prem reduces dependency
🟢 SEDERHANAUI/UX Iteration BurnMedSprint slipDoc Zam mock = canonical from Day 1 · design system locked Phase 0 · UAT feedback timeboxed
🟢 SEDERHANATeam CapacityLow-MedSprint slip2-week sprint · slack capacity 20% · contractor backup pool · clear OOO calendar
🟢 SEDERHANAInsurance Panel API FrictionMedM5/M7 partialManual claim fallback · API integration as v2 nice-to-have not blocker · MySalam first then expand

9. 💰 Budget & Resources

Anggaran summary. Detail per-line dlm /budget/ page (Phase 2 deliverable). Currency: MYR.

PHASE 1 (MVP) · 6 minggu
Eng team (3 × 1.5 bln)RM 75K
Dev infrastructure (cloud staging)RM 5K
Doc Zam consulting (advisory)RM 15K
OpenAI API budget (testing)RM 5K
Phase 1 TotalRM 100K
PHASE 2 (PILOT) · 3 bulan
Eng team (3 × 3 bln)RM 150K
Mid-End server (1× L40S + workstation)RM 80K
Colo + power + internet (3 bln)RM 25K
Klinik pilot setup + trainingRM 10K
OpenAI API + monitoringRM 15K
Phase 2 TotalRM 280K
PHASE 3 (SCALE) · 6 bulan
Eng team scaled (5 × 6 bln)RM 600K
Mid → Hi-End upgrade (4× H100)RM 1.2M
Colo + power + internet (6 bln)RM 60K
Klinik onboarding × 5-10RM 50K
BD + marketing + legalRM 100K
Phase 3 TotalRM 2.01M
CONTINGENCY + INTANGIBLES
Contingency 15%RM 360K
Insurance + indemnity (1 yr)RM 50K
Audit + compliance consultingRM 40K
Domain/SaaS subscriptionsRM 10K
Contingency TotalRM 460K
TOTAL CAPEX + OPEX (P1+P2+P3 + contingency)
RM 2.85M
12-bulan investment ke production scale
Year-2 OpEx steady-state: ~RM 70K/bulan
Break-even @ 100 klinik subscription RM 800/klinik/bulan
(Anggaran kasar, refine dlm /budget/ page)

10. 🏛️ Governance

Project Steering
  • Co-Sponsor: Doc Zam + ALESA Founder
  • Steering Committee: bi-weekly · 60 min · status + decisions
  • Quorum: kedua-dua sponsor + Eng Lead
  • Decision authority: bujet + scope + go/no-go gates
Engineering Cadence
  • Daily standup: 15 min · async dlm Slack/WhatsApp OK
  • Sprint planning: 90 min bi-weekly
  • Sprint review/demo: 60 min · Doc Zam attend
  • Retrospective: 45 min · process improvement
Decision Log
  • Format: ADR (Architecture Decision Record)
  • Location: repo /docs/decisions/ADR-NNN.md
  • Trigger: any decision yang affect >1 modul
  • Review: monthly retrospective
Escalation Path
  • L1 Tech: Eng Lead (within 4h)
  • L2 Architecture: Founder (within 24h)
  • L3 Clinical: Doc Zam (within 24h)
  • L4 Incident (PHI breach): immediate · <72h notify PDP

11. 🛡️ Compliance Roadmap

Regulation/StandardAuthorityPhase AlignedEvidence
PDPA 2010PDP CommissionerP0 baseline · Q5 quarterlyPrivacy Policy · Consent flow · DPO · Breach notify procedure · 7-yr audit log
MOH Clinical Practice GuidelinesKKMP1 (start) → P3 (full)Citation library mapping · Doc Zam clinical sign-off
MMC Scope of PracticeMalaysian Medical CouncilP2 self-attestHITL design doc · "AI proposes, doctor approves" architecture proof
e-Invoice (LHDN)JKDMP2 (M7 build)API integration · per-encounter submit · monthly recon report
MySalam/Socso/PERKESOInsurance authorityP2-P3 (M7 build)API integration · claim format spec · provider verification
NPRA Drug DatabaseNational PharmaceuticalP1 (M5 build)Public DB ingestion · monthly refresh · DDI list source
HL7 FHIR R4HL7 InternationalP2-P3Patient/Encounter/Observation/MedicationRequest resources implemented
DICOMwebNEMAP3 (imaging integration)QIDO-RS + WADO-RS basic support
ISO 27001 (aspirational)ISO/SIRIM-QASP3+ISMS scope · controls · risk assessment · audit (year 2)

12. 📢 Communication Plan

AudienceFrequencyFormatOwner
Doc ZamWeekly1-page status report + WhatsApp · sprint demo bi-weeklyFounder
Engineering TeamDailyStandup async · Sprint planning bi-weeklyEng Lead
Klinik Pilot StaffPre-pilot weekly · pilot daily · post weeklyWhatsApp + onsite visitFounder + Eng
Klinik Pilot PesakitIn-app (always-on) · 30-day surveyPush notif · email · SMSEng Team
MOH/RegulatorQuarterlyCompliance report · audit-ready PDFFounder
Internal ALESAMonthlyAll-hands review · roadmap updateFounder
Investor/Sponsor (future)QuarterlyBoard deck · financials · KPIsFounder

13. 🚪 Exit Criteria (per phase)

Bila kena STOP. Bukan failure mode — checkpoint to reassess sebelum waste resources.

Phase 0 Exit triggers
  • Doc Zam tarik balik approval atau hilang interest sustained
  • Tiada klinik pilot willing setelah 4 minggu BD effort
  • Budget Phase 0 melebihi RM 50K tanpa progress
Phase 1 Exit triggers
  • Critical clinical safety bug yang tak boleh fix <1 minggu
  • Q2/Q3 gate fail twice (after 2× iteration)
  • Doc Zam reject MVP demo >3 round
  • PDPA legal counsel flag major design flaw
Phase 2 Exit triggers
  • Pilot klinik staff NPS <3/10 setelah 30-day
  • Patient safety incident attributable to AI
  • PDPA breach yang affect pilot data
  • Pilot pesakit complete <40% intake (tak engage)
Phase 3 Exit triggers
  • MOH guidelines change yang require >6-bulan rework
  • Customer churn >30% in 90 days post onboarding
  • Server uptime SLA <95% for 2 consecutive months
  • Insurance/indemnity becomes uneconomical