What legal regulations to consider when you're testing your healthtech startup

What legal regulations to consider when you're testing your healthtech startup

. 6 minutes to read

Madalin Margan had found the clinical partners that he would run a pilot project with, tried and tested the MVP and was ready to beta test Oncochain, the blockchain-based oncology database. But before the system could be rolled out in hospitals, there was a critical - and complex - part of the puzzle missing: legal compliance.

The competitive advantage behind legal compliance


For a healthcare startup operating anywhere in the world, complying with local and regional regulations is a consideration best prepared for early. Meeting legal criteria not only affects the viability of your product on the market, but it’s also a massive leg-up when you begin fundraising.


Achieving and keeping up with fast evolving regulatory and security standards is a huge boon to VCs considering investing in a startup.


Pharma companies and other stakeholders and investors appreciate your legal legwork a lot, sometimes even more than the software. Due diligence is important,” explains Madalin.



Still, amongst all of the other challenges and questions facing fledgling healthtech startups, legal compliance tends to fall to the bottom of the list. Building a team, creating an MVP, finding pilot partners and facing off all of the growing pains of an innovative company in a grueling market often means regulation is taken into account only after the MVP or prototype is finished.


The process can seem challenging, but preparing early is worth it:


“If you know how to work through that regulatory process, it’s not that difficult. It can be a competitive advantage,” says Unity Stoakes, co-founder of healthcare startup accelerator Startup Health.


Here are a few frameworks and strategies to consider as you begin your compliance journey.


Carry out a PESTLE analysis


Considering the legal aspect of your startup can begin as early as the business planning stage. Many businesses prepare SWOT and PESTLE analyses, to provide a framework for thinking through the viability of a product.


PESTLE is an anagram, which, in its expanded form denotes P for Political, E for Economic, S for Social, T for Technological, L for Legal and E for Environmental. It gives a bird’s eye view of the whole environment from many different angles that startups can check and keep track of.


In terms of the legal aspects of a business, there are two sides to the coin. There are certain laws that affect the business environment in a certain country while there are certain policies that companies maintain for themselves. 

Legal analysis takes into account both of these angles and then charts out the strategies in light of local and regional legislation, including consumer laws, safety standards and healthcare regulations.


Regional healthcare regulations to understand and apply


Startups operating in Europe or the US have to consider the EU’s GMP, the US Food and Drug Administration’s 21 CFR Part 11 and FDA 21 CFR Part 820, HIPAA and ISO.


If you operate a medical device, Medical Device Regulation (MDR) and in‐vitro diagnostics (IVDR), will take effect at the end of 2019 and ISO 13485: 2016 will be mandatory by March 2019.


If you’re creating a new medical device, research the type and classification of the product to understand what regulation you have to comply with. You can use the FDA webpage search function to find the corresponding classification of your device.

Create a dedicated teammate to handle regulations 


If you can, work to dedicate one of your teammates to regulatory strategy from the get-go, who is in charge of researching and implementing the correct documentation of all processes and activities from day one.


60% of product development is about its documentation, and strong documentation is crucial in meeting compliance and regulatory needs.


Take your product through design validation and verification


These two terms are often used interchangeably.


Design validation is a testing process that proves that the device you’ve built works for the end user as intended.

According to the FDA (21 CFR 820.3) design validation is “establishing by objective evidence that device specifications conform with user needs and intended use(s).”

Examples of design validation include:


  • Comparing with similar equipment performing for similar purposes.
  • Simulating functionality through mathematical modeling.
  • Testing the final design to prove the system operates as defined in the user needs.

Make sure that your dedicated teammate documents and records all of the inputs and outputs of your design validation process.

Design verification is where you test that your design outputs match your design inputs.

The FDA describes it as “confirmation by examination and provision of objective evidence that specified requirements have been fulfilled.”

Verification can be reduced to a simple five-step process:      

Identifying what you will verify and how you will measure it. Planning the test and writing out milestones, updating accordingly. Developing your product. Executing and reporting on test procedures.

Find a great legal team to cover all your bases


Madalin had a few legal landmines to navigate while preparing to roll out the pilot for Oncochain, with separate contracts needed for public and private institutions, informed consent and storing patient data.


They were connected with a legal team through an incubator program in Romania that they took part in who took them on for a budget-friendly price. 


As they were preparing to test Oncochain, the team prepared three contracts. One that met with public hospital’s stipulations that they not spend budget to acquire software without an auction, one that outlined a free testing period for private hospitals, and a document of informed consent that follows GDPR regulations on data storage and usage.


Today Oncochain is being tested in hospitals across Romania.