Toronto-based healthtech startup MedStack has announced that it is compliant with Europe’s General Data Protection Regulation (GDPR) and able to help customers meet GDPR standards.
To date, MedStack has largely operated in Canada and the United States, where it serves hundreds of companies. GDPR compliance and MedStack’s recent product adjustments now pave the way for it to bring its data-security and privacy-compliance platform to more digital health startups across Europe.
“The healthcare capacity challenge is a global one.”
– Balaji Gopalan, MedStack
“We have introduced new elements to our product that demonstrate how our platform enables our customers to align to GDPR standards,” MedStack co-founder and CEO Balaji Gopalan told BetaKit. “We already were GDPR compliant, but now we’ve made that inheritance even easier.”
First rolled out in 2018, the European Union (EU) GDPR is widely regarded as the most stringent data privacy law in the world. GDPR aims to unify rules for how companies handle European citizens’ data. For firms operating in Europe, GDPR compliance can be costly—and so can non-compliance. Since GDPR’s launch, some other countries outside the EU have rolled out similar legislation.
According to MedStack, these moves enable it to support customers in both the United Kingdom (UK) and the EU, as well as firms operating in countries outside of the UK and EU with compliance regulations based on GDPR, such as Ukraine, Japan, South Korea, Costa Rica, Argentina, and Jamaica.
“We are very excited by the growing ecosystem of digital health in the UK and [Europe, Middle East, and Africa] region,” Gopalan said. “The healthcare capacity challenge is a global one.”
Founded in 2015, MedStack sells a platform designed to help companies reduce the time and costs of developing healthcare apps by helping with data security and privacy compliance. MedStack supports digital health vendors, from startups to projects within healthcare enterprises and academic institutions in North America, the UK, Europe, and Africa.
RELATED: MedStack secures $3.93 million CAD to capitalize on increased demand for healthtech
MedStack is already working with several customers operating in the UK, including London, UK-based Tortus, which is building a next-generation AI assistant for physicians, and Toronto-based precision medicine software startup PhenoTips, which serves the UK. MedStack’s European customer base also includes France-based computer-assisted orthopedic surgery firm Pixee Medical.
As it looks to build its business overseas, MedStack has pursued several UK certifications, including a Data Protection Registration certificate with the UK’s Information Commissioner’s Office (ICO), and its second Data Security and Protection toolkit assessment—a requirement for any organization accessing UK patient data from the UK’s Department of Health and Social Care. Earlier this year, MedStack also announced its Cyber Essentials Plus certification.
To date, MedStack has closed over $6 million CAD in funding from a group that includes Blu Venture Investors, Telus Ventures, Donville Kent Asset Management, York IE, Argonautic Ventures, Archangel Network of Funds, and MFD Investments across an early 2019 seed round and a “pre-Series A” financing in late 2021.
Since that latter round, Gopalan told BetaKit that MedStack has been focused on “running as lean and efficient business as we can,” adding that it hasn’t prioritized raising additional institutional financing.
RELATED: PhenoTips secures $2.5 million CAD to expand reach of medical genetics software
Over the past couple of years, MedStack’s team has expanded from 15 to 22 full-time employees across Canada today. MedStack has also expanded its security platform, MedStack Control, and launched Exos, an administrative compliance workflow for digital health in North America. Since September 2021, Gopalan claims that MedStack’s business has grown more than 80 percent.
Despite the broader economic and venture downturn, Gopalan said that MedStack has seen the awareness of healthcare capacity issues made worse by the COVID-19 pandemic and the rising cost of care, data security and privacy risks in general grow.
“Even as financing and sales cycles in healthcare slowed somewhat over the last year, founders are still motivated to build and commercialize solutions and know they need to prove that they’re protecting patients’ data amidst the most difficult cybersecurity environment we’ve seen in some time,” Gopalan said. “This is why we now have the highest number of long-term customer agreements we’ve ever had.”
Feature image courtesy MedStack.