Oleksandr Orlov is the Co-Founder and CTO of Andersen, an international software development company with more than 3,700 engineers across 16 global locations. With more than 20 years of experience in enterprise software systems, Orlov personally led the technical strategy and organizational transformation behind Andersen’s work with ProScan Imaging, one of the largest privately held teleradiology networks in the United States. We spoke with him about what it takes to build reliable, compliant enterprise software in a sector where the consequences of failure are measured in patient outcomes.
For nearly two decades, Andersen has built platforms for clients in fintech, logistics, and aviation. What changes when the client is in U.S. healthcare?
Honestly, everything. In fintech, a system outage costs money and damages reputation. In teleradiology, the system is the diagnostic lifeline. If a radiologist at one of the hundreds of facilities ProScan serves can’t pull up a CT scan because something failed, that delay has a human name attached to it.
Once you internalize that, your tolerance for ambiguity vanishes. You stop thinking about software and start thinking about the clinical environment in which it operates. That shift changes how you structure your teams, how you define acceptable risk, and how you talk to your client. In U.S. healthcare, reliability isn’t a feature. It’s the product.
HIPAA has a reputation for being the factor that slows down healthcare software projects. How did you approach it?
Most companies hand it to a legal team and treat it as paperwork to clear before launch. That approach will find you eventually — usually at the worst possible moment.
HIPAA isn’t slow-moving bureaucracy. It’s a specific set of requirements about how data is encrypted, how access is controlled, what gets logged, and what happens when something goes wrong. The technical safeguards are concrete. The problem is that they have to be woven into every layer of the system from the start — authentication, data storage, inter-service communication, incident response. You cannot add them later without rebuilding.
On ProScan, we embedded a dedicated compliance engineer inside the team. This specialist sat in the same planning sessions as the architects and flagged problems before they became structural. That’s the difference between compliance as a deliverable and compliance as a discipline.
Before Andersen wrote a line of production code for ProScan, you spent two years overhauling your own organizational infrastructure. What drove that decision?
It was the only honest path. To work with American medical data, you have to earn that right, technically and organizationally. A group of talented coders isn’t enough. You have to be a regulated entity yourself.
I drove that process personally. We pursued ISO certification. We restructured how our internal departments operated: decision chains, data flows, incident protocols, escalation paths. I went through the certifications myself and spent considerable time working directly with our teams. We stopped treating security as a final audit checklist and made it the absolute baseline for every engineering sprint.
Two years. That’s what it took to become the kind of company that could stand behind a national-scale healthcare platform with confidence.
And yet, Andersen delivered the ProScan platform in roughly half the time of comparable engagements. How does that level of preparation produce speed rather than slow things down?
Because preparation defines speed. The framework I had built for running fixed-price, fixed-scope projects — how engagements are estimated, how scope disputes get resolved, how delivery milestones are defined so the client and the team are always looking at the same picture — that’s what drove the timeline. When disagreements came up mid-project, and on any engagement this size they will, we resolved them quickly and kept moving.
You lose time to unclear scope, unresolved disputes, compliance surprises, team misalignment. We had systems in place to reduce all of those. From the outside, that looks like speed. From the inside, it was just not losing the time that other teams lose.
When you look back at the ProScan project, what demanded your closest attention as CTO?
The moment that tested everything was when the compliance and certification process threatened to become a delivery blocker. The requirements were dense, the timelines were tight, and the team needed more than documentation to work with. I stepped in directly: went through the certifications personally and worked alongside the teams to translate the client’s standards into operational decisions rather than abstract policy. That’s not something you can delegate at a critical moment.
The other persistent pressure was scope and integration complexity. A platform of this kind — connecting diagnostic devices, clinical workflows, radiology orders, patient records, EHR systems — has hundreds of edge cases that only reveal themselves during build. My job was to make sure that when they surfaced, we had the framework to resolve them without losing the timeline or the client’s trust. And we did.
The ProScan platform processes more than 3,000 imaging orders every day across hundreds of clinics. What does building for that scale require at the CTO level?
It requires making decisions early that most teams want to defer. The ProScan platform runs on a microservice and event-driven architecture. Not because it’s trendy, but because it’s the only way to deliver the availability, performance, and scalability a national teleradiology network demands. That choice has consequences: more complexity, more containers, more surface area to monitor and maintain. You accept that tradeoff because the alternative — a simpler monolithic system — would eventually put a ceiling on the business.
We built a monitoring layer across more than 40 distinct services. If anything lags at any facility, the system flags it before it becomes an incident. That level of observability doesn’t happen by default. Someone has to decide it’s non-negotiable, then staff and fund accordingly. That decision was mine.
The tech stack — AWS, Java, Spring Boot, React, TypeScript — is remarkably standard. Was that a conscious call?
Completely conscious. In a healthcare network that runs around the clock, novelty is a liability. If you build on an unfamiliar stack, you’re creating a future maintenance problem for your client. Maintenance issues turn into clinical issues in this industry.
AWS has healthcare-specific architecture patterns validated at real scale. Java and Spring Boot are maintained by senior engineers anywhere in the world. React and TypeScript hold up under the kind of team turnover any long-running project goes through.
The stack also served a second purpose: every technology choice was an open standard, widely understood, with no proprietary dependency baked in. For an enterprise working with medical data, technological independence is a requirement, not a luxury. By engineering the platform to prevent vendor lock-in, we ensured ProScan retained full ownership and agility over its future.
Your established processes — mandatory code analysis, multi-layered automated testing, manual approval gates for production — set a high bar. How do those practices protect the client from unforeseen disruptions?
They eliminate entire categories of risk before production. Mandatory code analysis runs at every commit — the team catches problems at the moment they appear, not during a late-night incident three sprints later. Autotests cover the full range of UI scenarios and API interactions. Nothing reaches patients automatically: every stage and production deployment requires manual approval. Such a monitoring layer means that when something behaves unexpectedly, it surfaces in minutes.
But underneath all of that is something no process can substitute for: you have to care whether the system works. Not whether it shipped on time, but whether it works for the people using it in the conditions they’re actually in. That is the standard I hold our teams to. It’s also the standard that ProScan held us to.
What does ProScan represent for Andersen’s position in U.S. healthcare going forward?
A proof of concept that became a foundation. The ISO certification, the organizational transformation, the team that built and now supports a live HIPAA-compliant national-scale teleradiology platform — none of that disappears when the project enters maintenance. It compounds. The processes, the institutional knowledge, the track record — you don’t acquire those. You build them by doing the work once, properly, at full commitment.
ProScan demonstrated that a company like Andersen — built in Europe, operating globally — can deliver American enterprise healthcare software at the standard American healthcare demands. That opened a door. The question now is what we build on the other side of it.
