Alset Records LLC

Master Checklist
Synced
Done Completed Items
ItemOwnerDate
Form Georgia LLCRiazFeb 10, 2026
Get EIN from IRSRiazFeb 11, 2026
Open Mercury business bank accountRiazIn Progress

⚠️ Cross-Team Dependencies

These are moments where one person's unfinished work stops the other person from continuing.

Abram's paperwork blocking Riaz's code:

Riaz cannot build
T12 — Patient Record Request Workflow
Until Abram finishes
P8 — BAA Template
Can't onboard dental practices without a signed BAA contract
Riaz cannot build
T13 — Open Dental API Integration
Until Abram finishes
P4 — Privacy Policy + P8 — BAA Template
API partnerships require proof of HIPAA compliance policies
Riaz cannot do
T15 — Penetration Test
Until Abram finishes
P9 — Cyber Liability Insurance
Must have insurance coverage before a security firm tests the system
Riaz cannot do
T16 — Deploy to Production 🚀
Until Abram finishes
P10 — Attorney Review + P4–P7 — All HIPAA Policies
Cannot go live with real patient data until every legal document is reviewed and approved

Riaz's code blocking Abram's paperwork:

Abram cannot write
P3 — HIPAA Risk Assessment
Until Riaz finishes
T4 — AWS Infrastructure
Risk assessment must describe the actual system — can't assess what doesn't exist
Abram cannot write
P5 — HIPAA Security Policy
Until Riaz finishes
T4 — AWS Infrastructure
Security policy must document real safeguards (encryption type, access controls, etc.)
Abram cannot finalize
P8 — BAA Template
Until Riaz finishes
T9 — Audit Logging + T10 — Encryption
BAA promises specific security measures — those must actually be built first
⚠️ LAUNCH REQUIRES BOTH: All of Riaz's T1–T11 + T15 AND all of Abram's P3–P10 must be complete before real patient data touches the system.
Riaz — Technical
# Task Done Blocked By
T1 Set up AWS account
T2 Sign AWS BAA (in AWS Artifact console)
T3 Set up GitHub repository
T4 Configure HIPAA-compliant AWS infrastructure
(VPC, encrypted S3, RDS, CloudTrail)		 T2
T5 Build practice image upload portal (drag & drop)
T6 Build patient account system
(registration, login, MFA)
T7 Build browser-based DICOM image viewer
(OHIF / Cornerstone.js)
T8 Build share-via-link functionality
(time-limited, encrypted)
T9 Implement audit logging
(who accessed what, when, from where)
T10 Implement encryption
(AES-256 at rest + TLS 1.3 in transit)		 T4
T11 Implement role-based access controls
(patient, practice, admin)
T12 Build patient record request workflow ⚠ WAITING ON ABRAM: P8
T13 Integrate with Open Dental API ⚠ WAITING ON ABRAM: P4 + P8
T14 Mobile app (React Native) T5–T11
T15 Penetration test (hire security firm) T1–T11 ⚠ ABRAM: P9
T16 Deploy to production 🚀 T15 ⚠ ABRAM: P10 + P4–P7
Abram — Paperwork & Compliance
# Task Done Blocked By
P1 Write Operating Agreement
(single-member LLC template)
P2 Register product domain name — (need product name first)
P3 HIPAA Risk Assessment
(use free HHS Security Risk Assessment Tool)		 ⚠ WAITING ON RIAZ: T4
P4 HIPAA Privacy Policy P3
P5 HIPAA Security Policy P3 ⚠ RIAZ: T4
P6 Breach Notification Plan P3
P7 Incident Response Plan P3
P8 Draft BAA Template
(contract for dental practices)		 P4 + P5 ⚠ RIAZ: T9 + T10
P9 Get cyber liability insurance P3–P7
P10 Attorney review of BAA + all policies
(one-time, ~$500–1,500)		 P4–P8
P11 Register with GA Department of Revenue
P12 Get local business license (city/county)
P13 Customer discovery — interview 10–15 dental offices
P14 Customer discovery — interview 10–15 patients
P15 Customer discovery — interview 2–3 dental specialists
👁 Riaz Review — Founder Sign-Off on Abram's Work

Nothing Abram produces moves forward until Riaz has read and approved it.

Item Document / Deliverable Read Approved
P1Operating Agreement
P3HIPAA Risk Assessment
P4HIPAA Privacy Policy
P5HIPAA Security Policy
P6Breach Notification Plan
P7Incident Response Plan
P8BAA Template
P9Insurance Policy Details
P10Attorney Review Summary
P13Dental Office Interview Notes
P14Patient Interview Notes
P15Specialist Interview Notes
📅 Phase Timeline
Phase 1 — Foundation
Weeks 1–3 • No cross-dependencies — both work freely
Riaz: T1 → T2 → T4 (AWS) • T3 (GitHub)
Abram: P1 (operating agreement) • P11, P12 (registrations) • P13–P15 (customer discovery)
Phase 2 — Build + Compliance
Weeks 3–8
🔗 HANDOFF: Riaz finishes T4 → unlocks Abram's P3 and P5
Riaz: T5–T11 (build MVP)
Abram: P3 → P4, P5, P6, P7 (all policies)
🔗 HANDOFF: Riaz finishes T9 + T10 → unlocks Abram's P8
Abram: P8 (BAA template)
Phase 3 — Pre-Launch
Weeks 8–12
🔗 HANDOFF: Abram finishes P8 → unlocks Riaz's T12 and T13
🔗 HANDOFF: Abram finishes P9 → unlocks Riaz's T15
Abram: P9 (insurance) → P10 (attorney review)
Riaz: T12 • T15 (pen test)
🔗 HANDOFF: P10 done + T15 done → unlocks T16
Riaz: T16 — Deploy 🚀
Phase 4 — Growth
Ongoing
Riaz: T13 (Open Dental) • T14 (mobile app)
Abram: Onboard dental practices with signed BAAs
Legend
Riaz (Technical)
Abram (Paperwork)
⚠ WAITING ON ABRAM Riaz blocked
⚠ WAITING ON RIAZ Abram blocked
T4 Same-person dependency
Pink row = cross-team blocker