A Three-Layer Approach to Software Development in Regulated Environments

In software development, venturing into regulated environments presents a unique set of challenges.

These sectors, such as FinTech and MedTech, operate under strict regulations that influence every stage of a software product’s journey, from its initial concept to its final release.

Regulated industries are inherently complex and demand a deep understanding of their specific frameworks to ensure product compliance without compromising on innovation.

Often, this complexity results in increased costs and higher rates for development projects.

At MOHARA we do a lot of work in regulated industries, which has positioned us to navigate regulatory requirements effectively.

My experience in this landscape has been both challenging and enlightening, and we’ve had to learn how to balance compliance with innovation.

Whether it’s HIPAA in healthcare or navigating financial regulations in FinTech, our approach has been to bring together specialist teams, dynamic and appropriate quality requirements, and a focus on what the users will actually value most.

This tiered approach forms the foundation of our three-layer strategy for software development in regulated industries.

–

1. Understand the Terrain

Regulated industries are a different beast altogether.

At their core, they necessitate a deep understanding of specific regulations such as HIPAA for healthcare in the United States, or various financial regulations governing the FinTech sector.

For instance, we collaborated with a US healthcare startup. This partnership highlighted how important it is to have team members who are not only technically proficient, but also well-versed in reading legal documents—HIPAA compliance, in this case.

Within HIPAA, some of the things you need to consider include:

Personally identifiable information (PII).
Ensuring the confidentiality, integrity, and availability of protected health information (PHI).
Adhering to the Privacy and Security Rules set forth by the regulation.

So, what does it mean to develop software in this environment? It means that part of your team needs to have not only technical prowess, but also a specialist’s knowledge of the regulations.

In this case, we had individuals read and translate complex legal requirements into product requirements for the development team.

Of course, not everyone on your team needs to be legally literate—but it is key that you have individuals who can translate the regulations into product requirements.

We encountered a challenge when some of our partners on the project were not HIPAA-compliant. However, by delving into the regulations ourselves, understanding their intricacies, and applying this knowledge to our technical solution, we managed to achieve compliance

–

2. Adopt a Dynamic Approach to Quality

The insights we gained from our work with the healthcare startup highlighted the importance of regulatory knowledge within our team and led us to emphasise adaptability in our approach to quality.

Adaptability is crucial in the complex landscape of regulated industries, where the balance between compliance and practical product development is key.

Our methodology in these environments centres on a dynamic set of quality standards that prioritise business goals alongside regulatory adherence.

We customise our quality standards to align with each project’s requirements, enabling us to adjust our focus and resources as necessary.

Whether the project demands heightened security measures to comply with standards like ISO 27001 or HIPAA, or can proceed with more agility for faster market delivery, our approach is always dynamic and responsive.

This customisation extends across all our projects and the application of quality standards is modulated based on several factors, including:

The project’s life cycle stage.
The specific business objectives at hand.
The underlying regulatory requirements.

This approach allows us to maintain the integrity of our solutions without over-engineering them for less stringent contexts.

In one project for a FinTech company, we found ourselves drafting a comprehensive 50-page agreement and navigating through a detailed 30-page process for supplier onboarding and vendor due diligence.

This was in contrast to other projects, where a straightforward two-page agreement and direct discussions with the founder were sufficient to kick things off.

This exemplifies our ability to customise our approach, scaling our processes to align with the requirements and scope of each project.

The ability to ramp up or dial back as needed means we can ensure our products meet both regulatory and customer needs without overcomplicating the process.

If you don’t have the flexibility to ramp up your quality assurance, you might not be able to meet the necessary standards to operate in a regulated environment.

And if you’re operating at a lower level of regulation but apply overly stringent quality controls, you risk overcomplicating solutions and unnecessarily increasing costs.

By enshrining adaptability in our quality framework, we can navigate the complexities of compliance without losing sight of our ultimate goal: to deliver user-centric, innovative solutions that meet the optimum quality, security, and regulatory standards.

–

3. Cut Through the Noise and Focus on User Outcomes

When you’re working in regulated industries, it can feel like you’re swimming in jargon. But at the end of the day, it’s all about the user.

That’s the third layer of our strategy—cutting through the noise to maintain focus on user outcomes and business models.

Whether you’re talking about financial services, healthcare, or any other sector laden with regulations, it’s easy to get caught up in the minutiae and forget that there’s a user at the beginning of their journey, trying to navigate to a particular outcome.

Our approach shifts the focus back to these individuals.

Take a savings product or a payment solution, for example. What’s at the heart of these services? It’s a user looking to manage their money better, whether it’s saving a bit more or making payments smoother.

We worked with a FinTech solution in the UK that was initially daunting, given that our team was unfamiliar with the specific financial terminologies.

But instead of letting that become a roadblock, we doubled down on mapping out user journeys and pinpointing exactly what users aim to achieve.

This user-first mindset isn’t just about staying true to our values; it’s also a practical way to build products.

By cutting through the jargon and focusing on user outcomes, we can develop intuitive, impactful products that meet user needs and thrive in both regulated and non-regulated environments.

Ready to Build Success in Regulated Environments?

Developing software in regulated environments is undoubtedly complex—but it’s not insurmountable.

With a balanced team that combines technical skills and regulatory knowledge, a dynamic approach to quality, and a steadfast focus on user outcomes, we can deliver solutions that are both compliant and user-centric.

If you’re looking to bring a regulated product to market, get in touch with us.