How do saas companies work?

What a SaaS company is (and what it isn’t)

SaaS stands for Software as a Service: customers access your software over the internet (usually a web app), and you charge a recurring fee (monthly or annual). Instead of “shipping” a product once, you run an ongoing service—hosting, updates, security, support, and reliability are part of what the customer pays for.

In plain terms, a SaaS company works like a utility:

• You build software that solves a recurring problem.
• You host it (cloud or on-prem options in healthcare).
• You sell subscriptions (often per user, per site, or per volume).
• You retain customers by delivering continuous value, uptime, and support.

What SaaS is not: a one-time software license with no ongoing relationship. SaaS economics depend on renewals and expansion (customers adding more users/sites/modules).

The SaaS business model: how money flows

Revenue: subscriptions + usage + services

Most SaaS revenue is recurring. Common pricing structures:

• Per seat: e.g., per clinician, per care manager, per analyst.
• Per site: per hospital, per clinic location.
• Usage-based: per message, per patient monitored, per study enrolled, per API call.
• Tiered plans: Basic/Pro/Enterprise with feature gates.
• Implementation fees (often in healthcare): one-time onboarding, integration, training.

In medtech, it’s common to see a hybrid: annual subscription + one-time implementation + optional integration fees (EHR, SSO, data warehouse).

Costs: hosting, people, and compliance

SaaS costs are dominated by:

• R&D: engineering, product, QA.
• Cloud infrastructure: compute, storage, logging, backups.
• Go-to-market: sales, marketing, customer success.
• Security/compliance: HIPAA programs, audits, vendor risk management, incident response.

Two pieces of jargon you’ll hear:

• COGS (Cost of Goods Sold): the marginal cost to deliver the service (hosting, support tied to delivery). Lower is better.
• Gross margin: (Revenue − COGS) / Revenue. SaaS aims for high gross margins; in healthcare, margins can be pressured by heavy support and integration work.

Unit economics: the “math” behind a scalable SaaS

A SaaS company “works” when the lifetime value of a customer exceeds the cost to acquire and serve them.

• CAC (Customer Acquisition Cost): sales + marketing cost to win a customer.
• LTV (Lifetime Value): gross profit you expect from a customer over the relationship.
• Churn: customers leaving (logo churn) or reducing spend (revenue churn).

In hospital-focused medtech SaaS, CAC can be high because sales cycles are long and procurement is complex. That’s okay if annual contract value and retention are strong.

How SaaS companies deliver value: product, onboarding, retention

Product: solve a repeatable workflow problem

The best SaaS products target a repeatable problem that exists across many customers. In medtech, that often means:

• Reducing clinician time (documentation, triage, scheduling, prior auth support).
• Improving throughput (OR scheduling, bed management, imaging workflow).
• Reducing risk (quality reporting, infection surveillance, medication safety).
• Enabling new care models (remote patient monitoring operations, care pathways).

“Repeatable” matters because custom one-off builds turn you into a services company. Services can be profitable, but it’s harder to scale like SaaS.

Onboarding: time-to-value is your hidden growth lever

SaaS companies win by getting customers to value quickly. In healthcare, onboarding often includes:

• Workflow mapping with clinical champions.
• Integrations (EHR, HL7/FHIR, SSO, device feeds).
• Security review and vendor onboarding.
• Training and role-based permissions.

Track time-to-first-value (e.g., “first clinic live” or “first cohort monitored”). Shortening this improves renewals and referrals.

Retention: renewals, expansion, and outcomes

Because revenue is recurring, retention is the engine. In medtech SaaS, retention is usually driven by:

• Clinical adoption: do clinicians actually use it weekly?
• Operational embedding: is it part of standard operating procedures?
• Measured outcomes: fewer no-shows, faster discharge, reduced readmissions (where applicable), better quality metrics.
• Executive reporting: dashboards that prove ROI to leadership.

Customer Success (CS) is a core SaaS function: a team responsible for adoption, renewals, and expansion. In healthcare, CS often needs clinical credibility (nurses, former practice managers) to drive behavior change.

What changes in medtech SaaS: HIPAA, FDA, reimbursement, and hospitals

HIPAA and data handling (non-negotiable)

If you touch protected health information (PHI), you’ll likely need:

• BAA (Business Associate Agreement) with covered entities.
• Security controls: access logging, encryption, least privilege, incident response.
• Vendor risk questionnaires and security reviews.

Even if you’re “just software,” hospitals will treat you like critical infrastructure if you integrate with the EHR or handle PHI.

FDA pathways: when SaaS becomes Software as a Medical Device (SaMD)

Not all healthcare SaaS is regulated by the FDA. But if your software is intended to diagnose, treat, cure, mitigate, or prevent disease—or drives clinical decisions—it may be considered SaMD (Software as a Medical Device).

Common regulatory pathways you may hear:

• 510(k): you show your device is substantially equivalent to a legally marketed predicate.
• De Novo: for novel, low-to-moderate risk devices without a predicate.
• PMA (Premarket Approval): for higher-risk devices; typically more evidence-heavy.

Whether you need one depends on intended use, claims, risk, and how the software influences clinical decisions. If you’re unsure, treat regulatory strategy as a first-class product requirement, not an afterthought.

Reimbursement and CPT codes: who pays and why

Many medtech SaaS products fail not because the tech is bad, but because the economic buyer doesn’t have a budget line. In healthcare, “value” must map to:

• Cost savings (labor, length of stay, avoidable utilization).
• Revenue capture (billing optimization, fewer denials).
• Quality incentives (performance metrics, penalties avoided).

For some digital health models (e.g., remote patient monitoring), reimbursement may involve CPT codes. Whether your product directly enables billable services varies by care setting, payer mix, and clinical operations—so validate early with billing/compliance stakeholders.

Hospital procurement: why sales cycles are long

Enterprise healthcare sales often involve multiple stakeholders:

• Clinical champion (wants the workflow improvement)
• IT/security (wants risk minimized)
• Finance (wants ROI)
• Procurement (wants contract terms and pricing)
• Compliance/legal (wants regulatory and privacy assurances)

Expect pilots, committee reviews, and contract redlines. Build your SaaS company to survive long cycles: tight ICP (ideal customer profile), clear ROI story, and a repeatable implementation plan.

A simple “how SaaS works” map for medtech founders

If you want a mental model, use this loop:

1. Acquire: identify a narrow ICP (e.g., outpatient cardiology groups, mid-size hospitals) and a painful workflow.
2. Activate: implement fast; integrate only what’s necessary; reach first value.
3. Retain: drive adoption with training, clinical workflows, and reporting.
4. Expand: add sites, users, modules, or higher tiers once value is proven.
5. Defend: maintain trust via uptime, security, compliance, and roadmap delivery.

In medtech, “defend” is especially important: trust and risk management are part of the product.

What to do next

1. Write your ICP and buyer map: list the clinical user, economic buyer, IT gatekeeper, and compliance approver for your target customer.
2. Choose a pricing unit that matches value (per site, per patient monitored, per clinician) and draft a simple 3-tier plan.
3. Decide your regulatory posture: are you workflow software, or could you be SaMD? Document intended use and claims before you build marketing.
4. Design a 30–60 day onboarding plan with a measurable “first value” milestone and the minimum integrations required.
5. Build your hospital-ready checklist: BAA readiness, security controls, audit logs, and a standard procurement packet (one-pager, ROI, security overview).