If you work in a regulated space like health tech or fin tech, you’ve probably heard something like:
“Moving faster, and more agilely sounds great, but we can’t move that fast because our industry is so regulated.”
We hear this all the time and we get it. When compliance is part of your world, you’re not just building for user delight or to explore how far you can push technology. You’re building within a framework of rules, audits, and a high bar for responsibility. But that doesn’t mean you have to slow down.
In fact, when done right, staying flexible is one of the best approaches for regulated industries. It reduces risk, encourages tight collaboration, and gives your team the flexibility to adapt without starting from scratch.
What do we mean my moving agilely (and why do product teams, like thoughtbot, love it)?
This is an iterative approach to building software, where teams deliver small increments every 1–2 weeks (called sprints). Instead of planning for months and launching all at once, stay agile allows you to test ideas early, collaborate as a cross-functional team, and evolve based on real feedback and business priorities.
The key benefits of operating in the manner include faster time to market, higher user satisfaction because of frequent feedback loops, reduced risk, easier adaptation to changing needs or regulations, and stronger team alignment and collaboration.
We’ve detailed our full approach to product development in the thoughtbot Playbook. But first, what if you’re just getting started?
What if you’re early-stage with no product yet?
Even if you don’t have a product team or working software, you can absolutely work in an agile way. In fact, it’s especially important at this stage. Being flexible and moving quickly at the earliest stage is about making smarter decisions with limited time and resources and setting your product up for long-term success while minimizing risk.
Here’s our take on applying agile thinking in the earliest stages:
- Start by prioritizing learning over building. Run user interviews, experiment with messaging, and test with low-fidelity prototypes before writing a single line of code.
- Test your assumptions. What’s the riskiest part of your product idea? What regulations apply? Get answers early through research with target users or Subject Matter Experts, when it’s still easy to adapt.
- Work in focused sprints. Treat discovery work like a sprint. Set goals, break the work into manageable steps, and reflect on what to do next.
- Design with constraints in mind. Compliance considerations like HIPAA or SOC 2 may not be immediate requirements, but understanding them early helps you make smart foundational choices.
We used this approach with FrontRow Health. This approach helped them prioritize features for their beta based on real user feedback, while planning a tech stack built for future growth. Operating in an agile way doesn’t require a big team or even a finished product. It takes curiosity, structure, and a willingness to learn as you go. Here’s a great blog with more advice for starting a Health Tech startup.
As your product grows, so will compliance
As your product and team mature, so do the expectations around compliance. But that doesn’t mean agility has to suffer. Here are a few principles that help teams move quickly without cutting corners especially in industries where compliance is non-negotiable.
Make compliance part of the team. Flexible and iterative processes help avoid the trap of a massive legal or compliance review at the end of the project. Instead, it encourages integrating requirements early and checking effectiveness often. Consider how regulatory voices or Subject Matter Experts can participate in sprint planning, retrospectives, or regular reviews so feedback comes in earlier in roadmap shaping.
For a primer on thinking about regulation early, Health Tech, HIPAA, and Humans is a helpful starting point.
Document the right things, as you go.
This style of working values working software over excessive documentation but that doesn’t mean skipping it altogether. The trick is to document continuously and introduce the discipline early. Decision logs, user stories with acceptance criteria, and compliance checklists can all be embedded in your process. We suggest breaking documentation into bite-sized pieces, tackled alongside your delivery work. Getting into the habit of doing some form of documentation will make it easier in the long run and tell investors you are preparing for the big leagues.
Use research to prioritize smartly.
Product teams often face long wish lists especially in complex industries where ideas come from users, internal teams, regulators and potential clients (like a healthcare provider you really want to win). The challenge becomes: what needs to be built now?
We recommend ruthless prioritization, grounded in interviews with these audiences. Here are some tips for User Testing specifically in healthcare. The more real-world input you have, the more confidently you can identify what matters most. That clarity helps you break the work into smaller, testable chunks so you can move faster and reduce risk.
Need tips on running interviews? We’ve broken down our approach in Using Patient Interviews to Prioritize Features.
Integrating without losing momentum
Whether you’re maintaining legacy integrations or planning something new and complex, like connecting to an EHR, payment processor, or regulatory database, an iterative approach helps teams move forward. By breaking down integrations, in smaller, flexible pieces of work, you can introduce new capabilities while minimizing risk to the systems already in place.
Rather than committing to a full integration from the start, identify the smallest viable slice you can build and test. This lets your team validate assumptions early, learn quickly, and adjust before investing heavily. Like with user-facing features, integration work benefits from clear goals, prioritization, feedback loops, and collaboration. Treat the integration itself as a mini-product, with its own roadmap, risks, and milestones so you can stay aligned without sacrificing agility. These same principles apply when working to maintain a relationship with legacy systems while adapting your solution.
Final thoughts
Taking an iterative approach to software is about moving intentionally, quickly. When you bring compliance into the conversation early, plan for validation and learning, and stay close to your users, you can deliver faster and with less risk. That’s a big win for both startups and established product teams.
Whether you’re launching an MVP, replatforming an existing system, or balancing innovation with regulation, there’s a way forward and we’d love to help.