HealthKit & Medical iOS App Consulting

Five years at LivaNova on Epsy, an epilepsy management app built inside an FDA-regulated medical-device company. HealthKit, HIPAA, clinical-grade data pipelines, and the change-management discipline a medical-device QMS expects.

FDA-regulated iOS apps with design controls and change management
HealthKit integration: sample types, observer queries, clinical records
HIPAA and OWASP MASVS posture for apps handling clinical data

Recognition

App Store Best New Apps 2026 Product Hunt Product of the Day 2025 CES Best of Innovation 2021 CES Innovation Award 2021 Webby Honoree 2021 Google Material Design 2020

Credentials

Member of British Computer Society 2024 BEng (Hons) 2017 Apple WWDC Scholarship 2015

Tell me what you're working on. I reply within 48 hours.

work@drobinin.com

What clients say

"Vadim was instrumental to the success Epsy enjoyed on iOS, taking it from an idea on a Miro board to the highest rated and most downloaded app of its kind on the store."

James C. · Mobile Engineering Lead, Epsy

"We had a strict deadline, and Vadim managed to complete the job in time. He gave us meaningful feedback and suggested better approaches, not trying to blindly stick to our specification."

Founder · Pre-seed streaming service

"I can say with confidence that it will be difficult to find a better developer. Vadim is achievement-oriented, highly organized, with very good communication skills."

Alex Z. · Co-Founder, eda.so

Related work

Common engagements

Architecture review before submission

3-5 days. I audit the data model, the HealthKit observer queries running in the background, the Keychain and File Protection posture the auditor will check, and the watchOS sync path if there is one. You get a ranked list of what will come back from a reviewer and what to change before it does.

HealthKit integration from scratch

I design the authorization flow, build the sync model, select the right sample types, and handle re-consent when the user's data scope changes. 2-4 weeks end-to-end.

Diagnose reported data gaps

Usually an observer-query reliability issue or a HealthKit background-delivery regression after an iOS update. I reproduce it against real HealthKit data, patch it, and write the regression test that catches it next time.

Pricing

Advisory

£110

per hour

Architecture reviews, hiring help, second opinions on that thing that's been bugging you.

Available now

Can you handle our 510(k) or CE-mark regulatory submission?

No. That belongs to your regulatory team or a specialist consultancy. My role is the engineering discipline: the code does what the submission says it does, with traceability a reviewer can follow.

Can you work with our QMS?

Yes. I've worked within ISO 13485 and IEC 62304 quality management systems. The commit discipline, traceability, and review process overlays cleanly on the way I prefer to work anyway.

Apple Health vs a bespoke data store?

Use HealthKit if other health apps or the user's doctor need access to the data. Use a bespoke store if the data is app-specific and doesn't need to leave. Most mature health apps end up with both for different data types.

We're building a medical or health app and want HealthKit. Can you ship it?

Yes. Most engagements cover authorization UX, the HealthKit data model, sync between phone and Watch, background delivery, and re-consent when the data scope changes. 2-4 weeks end-to-end for a new integration, longer if there's a regulated component (FDA, HIPAA, CE mark) that needs engineering discipline around change management.

We're pre-510(k) or pre-CE mark. Is it too early to bring you in?

No. Earlier is usually better. Design controls, traceability, and the engineering discipline your regulatory team will audit are cheaper to build in than to retrofit. Five years at LivaNova (FDA-regulated) taught me what the submission process checks for.

Does HIPAA apply to our iOS app itself, or only to the backend?

Both, depending on what data the app handles and stores. The iOS app has its own posture: device-level encryption choices, how tokens and session state are stored, audit logging that traces to specific users, Business Associate Agreement flow-down to any third-party SDK. I cover the iOS side of HIPAA in every medical engagement.

We're a medtech startup with no iOS team yet. Where do we start?

With a half-day call. I'll read your product brief, tell you whether HealthKit is the right starting point or a distraction, sketch the architecture for the first version, and flag what your regulatory team should be doing in parallel. If you want me to build the first version, the fractional or project engagement takes it from there.

Do you take on HIPAA iOS developer work?

Yes. On iOS that means device encryption, token storage that isn't UserDefaults, audit trails that point to specific users, and BAAs for any third-party SDK that sees patient data.

How quickly can you start?

Advisory calls can happen within days. For project work, I typically need 1-2 weeks notice to clear the calendar, though I keep some buffer for urgent firefighting. Check the availability badges above for current openings.

Do you work with early-stage startups?

Yes, from pre-seed to Series C and beyond. For very early teams, the advisory tier often makes more sense than project work: you get architecture guidance without committing to a large engagement before you've validated the product.

What's included in the day rate?

Everything: code, architecture decisions, code review, documentation, async Slack availability during working hours. No surprise add-ons. I bill for time spent working on your project, not for "thinking about it in the shower."

We're in a different timezone. Will that slow things down?

I'm currently in Vancouver (PST), with full overlap for North American teams. For UK and Europe, I'm online by their afternoon. For Gulf or APAC, we'd agree on overlap hours and handle the rest async. I've worked with teams from San Francisco to Dubai.

Areas I cover

HealthKitauthorization UX, where users decide whether to trust you. Sample types (Watch read-only vs round-trip). Anchored vs observer queries. Clinical Records (iOS 11.3+). HealthKit on Vision Pro and the widening device fragmentation.

HIPAA & regulatoryBusiness Associate Agreement flow-downs. Audit logging and the 'who accessed what' question. Data minimisation in practice. Device-level encryption guarantees and when they're insufficient.

FDA-regulated engineeringdesign controls reconciled with how iOS release cycles run. Change-management discipline that doesn't kill velocity. Usability engineering (IEC 62366) applied to iOS UI conventions.

Medical-device connectivityBLE to regulated hardware (glucose meters, inhalers, pumps). MFi when required, direct BLE when allowed. Data reliability: your app loses a sample, the patient loses context.

Where I've worked CV · LinkedIn

Drobinin Limited Founder · 2025 - present 12+ apps from idea to App Store. Featured by Apple in EMEA & Americas.

LivaNova (NASDAQ: LIVN) Senior iOS · 2020-2025 Epsy, an epilepsy management app. Shipped inside an FDA-regulated medical-device company. HIPAA, CES Innovation Award.

Sphere (acquired by Twitter/X) Senior iOS · 2017-2020 Early Employee. $30M funding to acquisition.

VK.com iOS Consultant · 2016-2017 Authored & delivered an onsite course on iOS development.

ToBox Lead iOS · 2015-2016 Built team, MVVM architecture, full Swift rewrite.

Shipping a medical or health iOS app?