Launch HN: Enzyme (YC S17) – Automating FDA Compliance and Approval

42 points by seehafer ↗ HN
Hey HN! I’m Jared, the cofounder & CEO of Enzyme (https://www.enzyme.com).

We’re building software that helps life science companies with FDA approval and compliance. Think of something like TurboTax but for companies that are regulated by FDA. Our product reduces both the time and cost of taking a drug or medical device to market.

People often talk about how software is eating the world, but that process has taken longer for heavily regulated industries in part because of their complexity. However, there are now subject matter experts who grew up using and writing software and who have also spent enough time in their industries to be able to write useful software for them. This problem is very personal for my cofounder and me. We’ve both spent 11 years in the med device/biopharma industry and have personally felt the pain of how inefficient this is, having seen products we put our heart and soul into take months (sometimes years) longer than they should to reach patients and change lives.

We’re taking a labor-intensive, paper-based business process and replacing it with software that allows existing teams to perform much of the needed compliance work themselves, reducing the need to engage consultants or full-time compliance officers. Staying compliant is unfortunately very costly: small companies spend $100K+/yr on consulting fees, while larger companies spend $100M+/yr on FTEs and $10M+/yr on software packages that perform only a small part of the compliance workflow!

We’re focused on medical device/diagnostic/digital health companies for now, so if you’re a founder in this space we’d love to talk.

We can answer questions about regulatory/compliance strategy -- in the US, EU, and other geographies -- along with other aspects of medical product development (such as design controls, verification & validation strategies, risk management, user experience, etc).

There's some additional info on our TechCrunch launch announcement, here: https://techcrunch.com/2018/01/18/enzyme-io-wants-to-make-fd...

Thanks for reading and we welcome your feedback!

27 comments

[ 2.1 ms ] story [ 68.6 ms ] thread
Congrats on the launch, Jared - best of luck!
(comment deleted)
Hi all, happy to answer questions!
Will this be self-hosted? Also, why FDA first instead of CE?
Most of our early customers have 510(k) products, which are typically less burdensome to commercialize in the US vs obtaining CE marking.
Enzyme is hosted in a 'private cloud' for each customer to ensure compliance and data isolation.
Curious to know how you conveyed this as a venture scale company?

There is a YC incorporation company that didn’t scale (not meant to be a dig), so curious about what’s different.

There are a couple of things that are distinct about us contra an incorporation company:

1) Compliance is an ongoing activity regardless of how many new products you release. Think something like HIPAA, but more pervasive. So there’s an ongoing need that is ordinarily fulfilled by people - everything from a consultant for a garage startup to 1,000s of FTEs for a Fortune 500 company. This creates an ongoing, sticky customer relationship for anyone who can deliver significant value.

2) Our product and approach is valuable to more than just startups and enterprise life science companies routinely spend $10M+/yr on software systems.

FDA approvals are increasing.

FDA has policy dynamicism which creates a moat.

Many foreign countries co-opt the FDA process as their own. That's how performant our FDA happens to be, despite criticisms from a lot of people in web tech.

Are you building only a QMS or also an automated system to handle registration and listing, CAPA, labeling, submissions, etc? Class 1 all the way to class 3? Alternative submission pathways?

If you are dealing with digital health products, what are your thoughts on the pre-cert pilot that is occurring right now? How significantly do you believe the changes will impact your process and infrastructure given minimal data about FDA timelines?

Our QMS is an all-inclusive electronic QMS, or eQMS. All quality sub-systems including Document Control, Design Control, Risk Management, Complaint Handling, CAPA, etc. will be integrated.
To your other questions:

Registration and listing: harder to automate because information systems on FDA’s side aren’t quite there yet. For GUDID, yes

CAPA, labeling, submissions: yes

Alternative submission pathways: what do you mean by this precisely?

Pre-cert: I think the premise is correct, in that the current quality system regulations aren’t well suited to modern SW development practice. But the devil will be in the details. Regardless it won’t affect us significantly because whatever gets released will have to have a phase-in for existing process that we’ll be able to adapt to.

> Alternative submission pathways: what do you mean by this precisely

De novos, abbreviated 510(k)s, lesser used pathways.

> Pre-cert: I think the premise is correct, in that the current quality system regulations aren’t well suited to modern SW development practice. But the devil will be in the details. Regardless it won’t affect us significantly because whatever gets released will have to have a phase-in for existing process that we’ll be able to adapt to.

My general concern being in digital health is implementation timeline. 1 year timeline is different than 2 year timeline is different than 5 year etc. In my eyes it's really a question of how long FDA will be expecting traditional submissions while they roll out a model geared more around approval of companies vs products.

> De novos, abbreviated 510(k)s, lesser used pathways.

De novo’s definitely, abbreviated 510(k)’s as well (that’s more of a requirements -> standard conformance challenge which a system like ours is particularly suited to demonstrate), but to your point they’re not that common.

> In my eyes it's really a question of how long FDA will be expecting traditional submissions while they roll out a model geared more around approval of companies vs products.

Yes but in a certain sense for many digital health companies this is already true, because they’re 510(k) exempt and FDA’s oversight occurs retroactively via QMS auditing.

The near term challenge for digital health, until precert comes online, is that there are a limited number of software experts at FDA. To the Agency’s credit, they have recognized this and are trying to remedy it. But the big problem we see with software submissions is that things get overlooked, and in such a way that speaks to an overworked reviewers. This of course leads to delays, which is why it’s very important for software submissions to be buttoned up. This is one the things we’re tryijg to make happen with our QMS, which generates more reports that clearly map from requirement->code->test.

(comment deleted)
> Yes but in a certain sense for many digital health companies this is already true, because they’re 510(k) exempt and FDA’s oversight occurs retroactively via QMS auditing

Yeah fair enough; it's true that there has been a large regulatory shift with the appearance of general wellness and enforcement discretion and the resulting erosion of class 1 and somewhat of class 2.

> The near term challenge for digital health, until precert comes online, is that there are a limited number of software experts at FDA. To the Agency’s credit, they have recognized this and are trying to remedy it. But the big problem we see with software submissions is that things get overlooked, and in such a way that speaks to an overworked reviewers. This of course leads to delays, which is why it’s very important for software submissions to be buttoned up. This is one the things we’re tryijg to make happen with our QMS, which generates more reports that clearly map from requirement->code->test.

I totally agree with this. If you could create a software submission which efficiently communicated traceability, verification and validation info, and the other key metrics the FDA wanted to see, that would be pretty huge in terms of submission turnaround time. Best of luck guys.

> I totally agree with this. If you could create a software submission which efficiently communicated traceability, verification and validation info, and the other key metrics the FDA wanted to see, that would be pretty huge in terms of submission turnaround time. Best of luck guys.

Thanks! Sounds like you’re pretty well-versed in this, if there’s some way you can help you with a future product please reach out!

We believe the pre-cert pilot will be transformative for both FDA and digital health companies. FDA is learning from some of the largest software companies how they manage their product life cycles. Apple, Verily and Samsung are aggressively entering the digital health marketplace, so their participation in the pilot alongside large traditional drug and device companies J&J and Roche will be tremendously informative for FDA. Smaller companies on the forefront of digital health approvals such as Pear Therapeutics, Phosphorous and Tidepool will round-out FDA's understanding of how subsequent guidance documents will impact startups in this space. Whether products are SaMD or software-enabled, this industry is on the cusp of exploding with FDA's recent open and progressive approach toward fostering innovation.
Wow! Getting that enzyme.com domain must have been very pricey.
Took quite a bit of negotiating to get to a figure we could afford ;)
I've been researching building the Dollar Shave Club for condoms...I know there has been some recent FDA guidance on relaxing rules around size - would a new condom produced by an OEM be a good candidate for Enzyme?
Yes. This type of innovation — where you can demonstrate evolution on an existing product class — is very much in our wheelhouse.

And, yeah, FDA recently increased the range of condom sizes they would accept, thus enabling the kind of thing you’re proposing.

Do you have any plans to work with or refer to a preferred set of qualified device security professionals?

AFAIU, medical devices tend to require a lot of fuzzing and secured upgrades.

The Update Framework requires multiply-signed releases.

Barnaby Jack would probably respect having his story told as an anecdote about the real costs of medical device security. https://en.wikipedia.org/wiki/Barnaby_Jack

...

FDA > Digital Health > Cyber security: https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.h...

""" Information for Healthcare Organizations about FDA's "Guidance for Industry: Cybersecurity for Networked Medical Devices Containing Off-The-Shelf (OTS) Software" """ https://www.fda.gov/RegulatoryInformation/Guidances/ucm07063...

This is no small deal. Thank you for your work in this space.

It is exceedingly hard to find people w/ a decade's worth of biotech experience looking to move into viable software for the space.

Rooting you on from the sidelines mate!