It may seem counterintuitive, but one of the reasons some entrepreneurs are drawn to healthcare are the regulations. No industry outside of defense is as heavily scrutinized, and for good reason: When you deal with people additional caution is essential.
Rules, requirements and regulatory complexity may be barriers to entry in the world of digital health startups, but they also present opportunities.
Founders often find creative ways to reconcile the additional oversight, like saying that their launch is merely a proof of concept, or that they can’t justify the cost of spending hundreds of thousands of dollars a month on advertising to attract new users.
When venture funding was scarce, there was a compelling need to prioritize speed and maximize the runway provided by smaller seed rounds. The environment, however, has changed — burgeoning investor interest and ample available capital have meant that there’s an even greater need to allocate significant budget to compliance.
Speed and efficiency may be essential for startups, but regulatory compliance need not be a bottleneck or a financial drain.
If compliance isn’t a consideration from the start, founders will sooner or later end up in a situation where they have to scramble to fix things behind the scenes, spending huge amounts of money on legal fees — and that’s the best case scenario. In the worst case, a deal can blow up.
It is understandable how these concerns can be overlooked at the beginning. There’s a certain amount of creativity and dissatisfaction with the status quo necessary for founders to conceive of building something that doesn’t already exist.
But when you’re building a digital health company, the ultimate end user is a person in need of medical care. The stakes are higher than creating the next puzzle game or food delivery app.
“Move fast and break things” is a strategy glorified in startup culture. But entrepreneurs in the healthcare industry have a responsibility — both ethical and legal — to the patients who will use their products and services.
What should you prioritize?
First, companies should involve legal. They must insist the lawyers measure twice and cut once so that the architecture of the business model is built to scale.
Terms of use and privacy policies may seem like boilerplate, but given that for every telemedicine company they form the core contract with customers, there’s a surprising amount of customization required.
That doesn’t mean developing something more specific has to blow up your budget. It does mean that rather than copying and pasting, you should take the time to ensure the main compact between the patient and company actually reflects every business practice the company plans to pursue.
Small precautions, like properly worded customer policies and releases, can help prevent surprises from federal agencies like the Federal Trade Commission or Health and Human Services. Regulatory intervention can mean hefty fines, lingering embarrassment and lasting damage to your public image. For just one of many recent examples, look at the outrage that ensued after Flo, an app that tracks menstrual cycles, sold users’ data without consent.
Undisclosed settlements with regulators are actually not what companies should focus on. No matter how well your company follows the law, eventually someone who knows what they’re doing will get a look under the hood. In fact, it’s entirely possible for a digital health startup to go through its entire life without government intervention — even if it’s not compliant.
Harder to avoid, however, is scrutiny from investors. Investors know what to look for, and with so much money involved these days, due diligence is impossible to dodge.
By thinking ahead and avoiding shortcuts, founders can create a sustainable model for investors and patients alike.