Lean Entries Blog

Back to Entries Blog

Medical Device Regulatory Journey: Interview with CEO Heikki Pitkänen

17th July 2020

Innovation in the healthcare industry is skyrocketing. There is a massive ongoing effort of adoption of healthcare technology globally. However, entering the healthcare market is still very complicated.

One of the biggest challenges burdening the health tech industry is regulatory compliance. Medical device startups around the world fall into a trap, where they take substantial steps to design a device or software before properly taking regulations into account. The problem with medical device regulatory requirements and standards is that they can be challenging to read and interpret. For example, some startups may determine that their product is not a medical device when, according to the regulation, it is. Sending those health tech projects back to the drawing table to modify their device and procedures accordingly is a tragic, costly and time-consuming endeavour. However, diligence with regulations would have helped them make the right choices from the start.

Heikki Pitkänen, CEO of Lean Entries, has a long experience of working in the medical device industry. Heikki thinks that regulatory challenges that significantly affect startups and innovations go back to the time before their seed funding, to the level of regulatory knowledge among their founders and investors. 

Here is what Heikki has to say about startups, innovators and what they should do for an efficient path to regulatory compliance.

Hi Heikki, what brought you into the medical device industry, and how did you become a regulatory professional?

Hi Taha, I was first drawn to environmental sciences, but they were quite popular in Finland after the mid-’90s so I couldn’t get in. Biomedical sciences, together with industrial management studies, were my second best bets to make the world right. 

I ended up managing biodegradable implant development projects for orthopaedics, one of the strong biomedical areas in my hometown Tampere. Little by little, contrary to my early instinct, I became intrigued by regulations and standards, first, through the Design Control concept in product development, and soon by single-handedly setting up an ISO 13485 compliant Quality Management System (QMS) for a biomedical startup. 

A half-a-year feat that, I then understood, was not the most practical choice for the startup. (When done by an experienced Regulatory Affairs / Quality Assurance professional, a QMS is set up in a matter of weeks rather than months.)

I wasn’t the fastest learner, but all the more often I got to feel how Neo must have felt being one with the Matrix back in 1999. Then, gaining all this know-how, it was a slap in the face to work for another biomedical startup that was in too much hurry to embrace the concepts of quality and compliance. Their product was a promising life-saving technology funded by millions of taxpayers’ euros, but the chances to be CE-marked or FDA approved were spoiled. 

When I was offered the opportunity to run a Notified Body and an IECEE CB scheme test lab for electromedical devices (IEC 60601 series), I didn’t hesitate to take the post. I needed to learn more to make the world right, and the position felt like one to get the right things done. 

I’ve never been on a steeper learning curve in my life. However, as an accredited test lab and certifier, as the right arm (a Notified Body) of the EU Member State’s designating authority, there’s only that far you can go providing advice. Yes, by being tested, audited and certified the manufacturers gain loads of valuable feedback, but mostly in the format of non-conformities, the minors and the majors. And yes, in such a position you get to mingle and co-operate with knowledgeable parties and have a say. But you cannot make life easier for those innovators and startups, that come knocking on your door for a CE-mark, but haven’t grasped regulatory compliance; This is a waste of time and resources for all stakeholders. Some quite promising health tech innovations are struggling or are never reaching the healthcare market. 

The new European medical device regulations, the MDR (2017/745) and the IVDR (2017/746) were coming, and the startups faced an even weaker position to match the challenge. How could this know-how on the medical device regulations and standards, which required a Neo to see, be transferred to those who were only starting up? One thing was sure: The transfer needs to start from point zero, the Qualification and Classification of medical devices, which can be a daunting task in itself and mislead the innovator, who doesn’t know where to look. I took the risk by agreeing on a one year break from SGS, my then-current employer. At nine months into the break, the Minimum Viable Product (MVP) for Qualification and Classification of medical devices was validated with my co-founders, and the baby named Lean Entries Ltd was born: A startup itself, with every bit of uncertainty ahead.

We designed the digital platform, that we named Entries, to re-organize hefty bits of regulatory information into a minute experience for any innovator. Now we’re helping hundreds of health tech innovators, mostly in the Nordics, to save months of their time and get on the right track. With the digital reach, we’re able to help any innovator globally, because the same problem persists wherever you go: Medical device regulations and standards remain most complicated for the newcomers.

Could you describe how the current health tech industry is globally?

Health and biomedical technology, whatever distinctions you want to use, are steadily growing sectors in the global scale. Health, on the Maslow’s hierarchy of needs, comes right after physiological needs. Here’s my free investment advice: Health tech will always grow, but do the regulatory due diligence to bet the right horse.

The current hype is around artificial intelligence (AI) and digital health. We’ve already seen significant advancements brought by digital health solutions. However, now more than ever, regulations and their complexity play a crucial role in getting medical device software on the market. It is all too easy to design a shiny piece of software, but to design it according to the IEC 62304 Software Life Cycle principles under the ISO 13485 compliant QMS is a feat that requires experience and nerves, more than many designers can withstand — given, that you know how to deal with the cybersecurity (ISO/IEC 27001…), personal data protection (GDPR, HIPAA…) and other crucial items.

Nonetheless, digital health and AI are the words of the day and will grow faster than other health tech sectors.

Let’s say you’re a university innovator with a groundbreaking health tech startup idea, how would you go about it?

While working on my tech, I’d find out about the basics of the regulatory requirements in my target markets, like the MDR or the IVDR in Europe. I’d need to do this before deciding to seek funding and falling utterly in love with my early technological solution.

I would come to know that many tech-related standards hold a load of inputs to my design. Like the IEC 60601 series for electromedical devices, the ISO 10993 series for biological safety of medical devices or the many software standards and guidelines.

I would come to understand how important it is to perform early clinical literature reviews on the technology, and its anticipated Intended Purpose in healthcare, to collect another set of inputs vital for my tech and future business. 

I would come to realize that Risk Management, according to ISO 14971, is something one needs to begin early not to miss another imperative set of inputs. And, I would come to face the fact that my critical suppliers, like my subcontractor for software, must know to play by the medical device standards as well.

All of these are topics that I wouldn’t need to know thoroughly. But I should know enough to bear a chance in the safety-focused and conservative healthcare market.

Why do you think many medical device startups and innovators then struggle to get through the initial phases?

The problem is that, traditionally, there are no good sources of information to gain the needed grassroots level of knowledge in a snapshot – like I’d want it if I were the innovator. As a student, I sat in the university classes for regulatory basics on medical devices, but was bored to death and had slim idea on how the requirements revolve in real life. Now that my success as an innovator would be dependent, to a great extent, on those grey pages, I’d be frustrated to find the regulations and guidance so scattered. The stakeholders around me would tell to hire a regulatory consultant, but my startup wouldn’t have the funds nor the time to focus on compliance yet. There would be a high chance that I focused on my tech a while longer, and I’d promise myself to open up the EU medical device regulations, the FDA website and the ISO and IEC standards sometime very soon…

Often health tech companies are started by people who’ve been there before. A good example is MVision AI with the background of the team in GE Healthcare, Varian Medical Systems and hospital environment. These teams already know what it takes and how to utilize regulatory consultants to their advantage, and it’s only their new team members that might need a ramp-up in regulatory knowledge. MVision was CE-marked in record time.

Another good example is Noona Healthcare, which didn’t have much prior knowledge of regulatory compliance. However, they did everything right, hiring an experienced consultant to lay out the basic regulatory requirements for their app and planning well for the hurdles ahead before starting up. Now their app is used by thousands of patients and hundreds of healthcare professionals globally.

What are the most important regulatory requirements that innovators and startups need to focus on?


Figuring out their initial claim on the Intended Purpose of the product or software and finding out if it’s regulated as a medical device (i.e. Qualification) in the target market (e.g. by the EU MDR or IVDR).

If the product is regulated as a medical device, finding the correct Classification for the device to learn the extent of activities needed to reach the market.

Defining the other applicable regulations, standards and guidelines regarding the medical device type and class.

Drafting a regulatory strategy or a plan for reaching the market.


Initial literature search and review, following the Clinical Evaluation guidelines.

Initial risk analysis according to the Risk Management standard (ISO 14971).

Feasibility studies to prepare well for the Design Control phase

Supplier evaluation and contracts with critical subcontractors. If they don’t comply, you as the legal manufacturer won’t comply.

What solutions does Lean Entries provide, and how can you personally help startups and health tech ecosystems?

Startups have their technology and scarce resources to worry about. By making our services free of charge for startups, we get them to pay the needed fraction of attention on the topic early on. By providing the regulatory essentials to startups in our digital Entries format, webinars and efficient one-on-one sessions, we put them on a substantially higher baseline of knowledge regarding compliance and their burning regulatory needs. Innovators and startups come to invest only a few hours of their time and save months in reaching the market.

Free of charge’ means that the incubator or university collaborates with Lean Entries to purchase our services for the health tech innovators and startups in the region. Incubators and universities typically understand the early stage regulatory hurdle startups are facing, but previously there were no efficient solutions to solve those obstacles. With Lean Entries, the incubators can put their startups on a steep learning curve regarding regulatory compliance and allow them to become viable scale-ups. In the process, the region comes to save years of their time.



Posted by Heikki Pitkänen

Heikki Pitkänen
Heikki is backed up with 20 years of experience from the Medical Device industry, most recently from certification bodies, and is active in international standardization. He is passionate with the modern startup, business model and service design concepts and believes in co-operation between knowledgeable parties for reaching great achievements.

Phone: +358 20 773 9510

Follow on Twitter@Leanentries

Follow on LinkedinLean Entries Ltd