To achieve the promise but avoid the perils of the healthcare AI revolution, we need to accelerate RegTech innovation
As technology advances in medicine, so too must regulatory processes and tools. AI is exciting, but the world is right to slow down and propose caution in adopting new, unproven technology in healthcare. I love tech, I am not a patient human, and I want a flood of new devices to help me thrive. But the risks of rapidly adopting tech for which we do not have sufficient safety understanding and control could be disastrous (or just very wasteful).
Regulators like the Food and Drug Administration (FDA) and its international counterparts want to keep up with the pace of innovation, too. There is a flood of new device types that would benefit from tech-enabled regulatory review (e.g., medical device software that needs cybersecurity review, learning algorithms that can self-edit). Software-enabled devices now change over time (rather than being static, like a pill), and so we need tech-enabled postmarket management (e.g., cybersecurity surveillance, supply chain monitoring). Algorithms must be tested by algorithms...not humans. We need RegTech for healthcare.
What does RegTech look like?
Here are some examples:
Regulatory intelligence platforms that give new tech developers the guidance they need to pick a great regulatory strategy and satisfy regulatory requirements.
Regulatory authoring programs with GPT-powered Grammerly-like writing support, catching deficiencies before they're submitted.
Cybersecurity and interoperability assurance automation, so patches can be auto-applied based on binary-level automated testing at the point of patch.
Supply chain platforms that automatically identify threats to critical supplies and propose actions to meet specified resilience thresholds.
Decision tooling that help both manufacturers and regulatory reviewers separate scientific uncertainty from benefit-risk value judgments (a primary source of regulatory review disagreement and logjams)
Automated regulatory reliance publishing platforms, providing assessments and rationale to trusted partners
Multi-stakeholder evidence generation, so clinical trial results can be designed and packaged not just for the first gate (usually FDA), but for all gates between innovation and patient (e.g., payers, providers)
This is a short list of realistic opportunities. We don't have these yet because there is wild inefficiency in the marketplace for RegTech.
Why is RegTech slow to develop?
You can't build a tool that helps do something if you don't know what you want it to do. Going from a human-driven workflow to a software-engineered workflow can be a disaster. I often tell colleagues and friends not to try and adopt a tool to automate something if they don't have a process for it in the first place. I have tried at least six different task management platforms in the last year, but none feels fabulous for my needs. It's not the tools, it's me. I don't have a final task flow because I haven't actually developed all the processes I want yet, and I don't want to slow down all my other work to define my new task process and stick to it (long story short, I got back to managing myself via email). The same goes for team workflows. I helped a team at the FDA adopt a laboratory safety platform; initially, it was horrible to use because the system was overengineered to imagined processes that didn't exist yet. It was almost enough to want to trash the platform and go back to paper. We don't want to subject already overworked regulatory affairs and regulatory reviewers to this kind of software fatigue. If regulators bumbled through tool adoption trial-and-error, the industry would be up in arms.
You can't acquire a tool if you don't know to ask for it. I recently had a chat with a brilliant, illuminating woman who told me about a tool for collaboratively planning end-of-life care. I instantly knew I needed the tool. But, I never would have asked for it, and may not have searched for it. And even now that I know the name of it, it isn't coming up in my Google search results. How could regulators adopt tools they don't know about?
You can't acquire a regulatory tool if you don't know EXACTLY what it does and how it works. I imagine a world where the FDA uses a software platform to conduct random virtual inspections of SBOMs and cybersecurity vulnerabilities and starts issuing automated alerts preceding warning letters. This would result in chaos. Technically it is feasible and I believe it's a good idea. But there's no way it would happen without industry participation and assurance in verifying and validating the tool (it's like the reverse of normal: industry reviews regulatory proposals).
The market is perceived to be small. Consumer tech comes first because the potential userbase is so huge. RegTech has many fewer potential users, and regulators aren't known for exorbitant spend. (This is changing! A startup focused on multi-national regulatory solutions with GenAI reached out to me last month!)
What's the solution?
I work with companies that have developed RegTech, but they don't necessarily know it or sell it that way. Software is built to manage cybersecurity, supply chains, regulatory strategy, and decision support; it's just not yet tuned to the regulatory use case. Sometimes it is perfectly tuned, just not yet perfectly marketed to regulators and regulatory groups within medtech. To get the solutions they need, regulators and medtech regulatory groups must:
Stop developing in-house solutions and amassing tech debt
Broadcast the challenges; advertise what has failed and why so innovators don't reinvent the wheel
Co-innovate with startups and technology vendors who are investing time and energy in the space
I'm working on a systemic solution for RegTech Innovation. It is taking shape as an incubator/accelerator. It will require participation from regulators, large medtech, startup medtech, BigTech, and RegTech startups. If you're interested in learning more, subscribe to my newsletter and email me.
~Shannon, the Optimistic Optimizer