Barreling ahead without worrying about the rules is often the Silicon Valley way, but it’s not necessarily the best way — especially if you’re innovating in a more regulated industry.
One high-profile example of how this can go wrong would be 23andMe, the genetic testing company that was reprimanded in 2013 for failing to get adequate government approval for their DNA testing kits (the FDA declared them “unapproved medical devices”). While they were able to revamp their product to work within FDA guidelines, it took them an additional three and a half years (and a lot of lost profits) to get there.
Understanding the challenges that can arise when companies try to disrupt traditional industries, we reached out to leaders working at this intersection to see what they had to say about the specific struggles that they’ve encountered and what to you might want to take into account. Read on for their tips.
As a Clinical IT Pharmacist at hospital corporation Dignity Health, Sabrina Penn works on both developing and building the product, as well as healthcare delivery. She notes that creating accurate time estimates is one of the biggest struggles that companies who have to deal with regulations will encounter: “Restrictions and regulations affect my time estimates, because governing bodies dictate whether or not a particular direction should be pursued. They exist for a reason, but often the evaluation and voting process will make your time estimates take a nosedive.”
Her best tip for managing time estimates throughout this process?
“What I’ve been doing is going by average time that’s been spent on a specific build or direction in the past and then schedule it out accordingly, knowing that it probably won’t be completely accurate. Fortunately, my role doesn’t really require time crunches or time estimates, so it’s just one of those things where sooner is better.”
If you don’t have the data to gauge your own averages, you should always err on the side of adding more padding to the time estimate. You can also chat with other founders and engineers in the space to see where they underestimate or got tripped up by regulations and approval times.
Brett Collinson, Senior VP of Product at healthtech startup Backpack Health, says building infrastructure is important — even if it delays your time to market. “In a health information startup, there’s a lot more infrastructure you need to get out of the gate. It’s a slower build to get this minimum viable product, because what’s minimal when you’re thinking about security or data integrity is a higher bar with our product than it would be with a task list or photo sharing app.”
If you are just starting out, make sure to check out the Startup FDA repository to get a head start on getting your FDA clearance. The co-founders of Shift Labs set it up after struggling with their own FDA approval documents and wishing they’d had templates. You can read more about why they started it and their other tips here.
Security is top of mind for many users, especially those using a medical website or app. With security concerns being raised about the bevy of online therapy apps, other businesses in industries that deal with very personal data need to pay attention to these concerns — or risk losing users. Concerns about how startups are securing user data have even been raised by the FTC, with chairwoman Edith Ramirez echoing Brett’s comments about building a solid infrastructure:
"In the rush to innovate, privacy and security cannot be overlooked, even in the fast-paced startup environment. Think about privacy and security as you design your product. Embed it into the development process."
As Brett puts it, “if we have one data breach, it’s toast.” At Backpack Health, their focus on security around user data and using that secure data in meaningful ways, impacts multiple points on their development process.
“If you ever want to use that data in a meaningful way, if that’s important to your company or the mission or the commercialization plan, there has to be rigor around how that’s collected. So we spend a lot of time thinking about having structured data you can rely on by putting a user-friendly frontend to that. To the user, it just feels like a helpful, intuitive tool, but we’ve collected the data in a way that we can rely on in the future.”
In Backpack Health’s case, they’re always looking to the horizon — “we anticipate a future where, to get value out of the information we’re storing and collecting from users, we’ll need to be more heavily regulated and audited, and rise to certain levels of specification.”
This means that, while they have a fairly agile development process, they have to maintain a certain level of documentation that can be referred to in the future and relied on in case of audits or regulation.
“We’re mindful that we don’t want it to be a big heavy process, but we still have full documentation about what our system does at any time. The discipline around that will be helpful in the future, but it’s also been very helpful in the day to day. Everyone knows what something does — our testers are very, very clear what the system needs to do, for example.”
For more about how they incorporate process without overwhelming the workflow, head to our interview with Brett.
Another facet of regulation to consider is statewide regulations (compared to nationwide ones). There’s not really any way to get around this, so the best that you can do is stay informed about what those regulations are as they affect your product, and adjust your workflow accordingly.
When asked how she handles it, Sabrina says, “As much as you try to make your policies and workflows uniform, state laws and regulations vary, especially within the practice of medicine. But the flow the projects go through is basically the same, so I play a leadership role in managing the workflow, with the individual workflows looking a little bit different depending on where the stakeholders are at. For example, Arizona laws might allow something I’m actively working on, but maybe Nevada doesn’t. This might change the workflow a little bit, but overall the internal process of developing builds will generally be the same.”
Her biggest recommendations for companies in similar situations?
Nothing to see here...