Regulatory requirements aren’t universal
“There’s not one set of regulations across the globe. So any company that wants to expand its offering beyond a single country usually has to really understand the regulatory requirements of the region they want to go into.
“Certain regions are a bit more loose. Certain regions are a bit more strict. There are some certain golden standards that you can use from some countries, and you can always assume this is one way to do things. But then every country you need to adjust to.
“This means deploying to a cloud solution might not always be easy, or feasible, or aligned with certain requirements. For example, there might be data residency requirements. So if you want to build a solution for somewhere, let’s say AWS, or Google Cloud, or Azure, you need to build something more specific to meet the data residency requirement.
“You need to think a bit differently. For instance, accessibility is very important for every website, but it’s even more crucial here because we’re talking about offering healthcare to people.
“So the language, how you phrase things on the UI, is very important. To not mislead the patient, to make sure that you get the trust of the patient.”
Different regions can require different solutions
“There are other interesting concerns that don’t come up as often in other industries.
“For instance, there’s the idea of not wanting to have default values in forms. Because you don’t ever want to assume that the patient actually read that value and chose to submit it. Maybe they just skimmed over and finished the form as quickly as they could before submitting it.
“Where a value is required, you always start with an empty field, forcing the patient to actively choose an answer. The same goes for clinicians.
“There are also data residency regulations that we have to comply with in different countries.
“Some countries say, ‘We will not allow sensitive medical data about our citizens to be hosted outside of the country.’ That means we won’t be able to host a service in AWS, in the United States, then offer that service to patients or clinicians located in a country with a law like that. Because we’re not allowed to actually take that data out of the originating country and store it in the United States.
“That’s also pushed us into looking for solutions to this concern — how can we build a platform, for instance, that can be rolled out in multiple different countries around the world, that takes into account the fact that some of those countries will not allow us to bring medical data outside their border?
“And most cloud providers don’t offer their service in every country on the planet. Some countries will have AWS. Some will have Azure. Some will have Google Cloud or GCP. And some of them may not have any of those services.
“In a project I’ve been working on recently, we’re focusing on building a platform that the customer should be able to roll out into any country.
“We had to consider that as we were designing the architecture and choosing services — how can we build this cloud-based service without tying it down to a single cloud service, so it can be rolled out in any country, regardless of which cloud services are available there?”
Data access and logging is a major factor
“It’s very common for engineers that they need access to logs or metrics, just to be able to maintain their service and fix any problems.
“Even there, you need to be very careful. You cannot log any data from the patient. We need to potentially not log patient data, or obfuscate them, or find ways to not be able to allow developers to tie anything back to any specific person.
“So how do you build the reporting system, or dashboards for the business, that focus specifically on what they need, but don’t give them any more data than what is legal, or is even common sense?”
Balancing a product focus with doing the appropriate things for patients
“We’re very product-focused in Nearform and a lot of our clients try to take this approach as well. But digital health companies must walk a very fine line on product-focus versus being, potentially, a bit annoying for the end user. They also need to make sure they have the right data and the right processes.
“You might need to add an extra step in your registration or to gather more information from the patient.
“In other industries you might hear, ‘Oh, why do we need to do two clicks here, or three clicks here?’ But in healthcare, you might need to have these clicks, just to potentially have a disclaimer that says, ‘Before you answer, to make sure it’s not urgent, please call 911.’”