top of page

Skeletons in the MedTech Startup Closet : How to avoid them...

Do you have skeletons in your Medtech closet?
Do you have skeletons in your Medtech closet?

So let me preface this post by saying that all startups end up with skeletons in their closet (well that has been my experience.) Most are small and can be corrected - should they ever come out. But for some medtech startups, these skeletons can be very big, and very costly if ever they see the light of day.

To be honest, I think most of the mistakes that lead to this are not made with malicious intention. Instead, they are most often caused by mistakes, misunderstanding and inexperience. But that doesn't make them any less important.

What sort of Skeletons hide in the Medtech startup closet?

Poor product performance

I'm going to start with one that not everyone fully understands - but it's very important. Of course product safety is the number one concern... but that becomes very self evident and very binary. Instead poor product performance (even with a product that is considered safe) is a major issue that never gets enough attention. The warning signs come in via various channels; such as customer complaints, sales team grumbles or just poor sales numbers.

Here the customers complain that "It's not as good as the gold standard in the market." - It's not "really" harming anyone (on the face of it) but it delays procedures, it causes compromise decisions by users, it requires extra steps and causes inconvenience. It just doesn't feel to the customer they are getting the value of what they paid for.

Well this is actually "not okay". It is not a direct safety concern, but if your failure rate is 3X that of the market, and you decide not to act on that... That's a big problem. If it takes you years to fix those problems (and I'm sure there are always great excuses why it takes so long) - the paper trail remains. Poorly handled complaints, dissatisfied customers, product replacements (under the table often) that are well outside of the norms, are breadcrumbs to follow later.

These are all signs of fundamental problems with part of the product - and in most cases you avoided harm by luck rather than by judgement. And no matter if some years later you manage to "fix the issues" the Skelton - the stain - remains and it is all discoverable in the future.

And if those issue were not really "fessed up to" when you then apply for more regulatory clearances - well you are potentially in big trouble in the future.

Besides that - it means people won't buy your product.

Safety issues

This of course sits above just poor performance. But it's amazing how often the "poor performance" was classified that way to cover over what were in fact serious safety issues. But when a product has a serious safety issue - and the company, either through negligence, or misunderstanding the real risk, ignoring internal warnings, or just plain incompetence - fail to record and report it correctly: That is a skeleton that could be terminal for any company. No matter how many years later that issue pops out of the closet, it is pretty much unforgivable. How it pops out will be described below. But eventually, bad corporate decisions on safety will come out. They always do.

Adverse and serious adverse events (and handling of safety boards)

So the impact of both of the items above can lead to patient harm and injury. They can in some instances - such as electric shock, or burns etc - actually harm the users as well. In the event of a patient injury (and that can be even just a prolonged anaesthetic due to poor performance) then you start to need to asses if these were "normal and well predicted problems" and if the patient ended up with adverse event or a serious adverse event.

It can happen to any company - but how they handle that process is the critical part.

How they assess the risk, and understand if it was an issue of the user, an event that can just happen, or if the product was at fault.

This is often where inexperienced management teams get it wrong.

Part of the "conflict" is that they do not always go to an independent board that can assess the injury and decide if it was a fault of the product. Worse is if they go to a "safety" board where there are conflicts of interest. Such as the safety board members own company stock, or get paid lucrative consulting payments. It would be against their interest to see that company valuation take a hit... right?

AEs and SAEs are not a problem if they are handled right. But they become a major skeleton (and that can be literal in a patient death) if the company mishandles it, does not declare to the authorities, misclassifies it (by accident or on purpose) or worse - hides it.

It may not be today - or tomorrow - but for many of the reasons I will list below... even one of these in you cupboard, and you should be very concerned.

Poorly handled CAPAs

So as complaints come in (and normally they should be very rare in a well designed and safe product) they will be assessed by quality, regulatory, and the medical team. (Note: If you are getting a way higher complaint rate, especially in the early days of a product introduction, higher than the industry norm. This is a big red flag!)

The team should decide if they should do a Corrective Action / Preventative Action or CAPA.

This is all very well documented - but naive, young teams may not fully understand the obligations and regulations.

If your company has lots of CAPAs that are opened, that's not necessarily a bad thing. As long as actions are taken and problems fixed - in a timely manner. CAPAs that sit open for months and months, or even worse - years - are a record in your company files that you either have serious product issues that you can't fix, or you don't have a functioning quality system.

Eventually you will get the CAPA situation under control... but that record, that dark stain is a potential time bomb should something come up in the future.

This is a classic skeleton that when something goes horrendously wrong later, comes back to haunt the company. Because this was a clear warning sign that things were wrong - and you didn't deal with it in a timely manner. So close out CAPAs.

Poor documentation / process (compliance)

This may seem an obvious one - but "What is written remains." Too many times start ups have very bad processes and documentation around processes. This can show up in important things like product traceability. The last thing you need is an unreleased part or product being sent out to countries around the world and being used in patients. And then you have no clue where that part is? In what product? And what configuration? Is it safe?

Or if there is a product recall needed - you just don't know where half of your equipment is!

It can show up in hundreds of ways - but at some point poor documentation and processes will catch up with you.

You can actually get through audits with no NCRs and yet still have some really bad processes in your company. The fact that in a sample audit the regulator didn't find them, does not mean that they do not exist. It can be sheer luck that you pass audit and those three of one hundred processes were not picked up.

But there are a few things to keep in mind. A few people in your company will know where they are, what the impact really was, and where to find them should they ever be asked. So don't go and upset those people (read later).

Missed product recalls / mishandled product recalls

Nothing smacks more of either incompetence or wrong doing than a company "deciding" an issue doesn't merit a product recall.

In incompetence it is very easy for one department to send out some replacement product "Because the old stuff has an issue, such as wrong labelling, or expiry date. Just do a quick swap and throw the old stuff in the trash." This happens way more often in startups than you can imagine.

Or a non released service part gets sent out that is just "wrong" and that part ends up in systems around the world; and the paperwork does not cover it. Instead of a recall you just "get the paperwork right," and never tell the regulators in the affected countries... shhhhhh..

Or product performance is 10X below what is expected in the market place - and complaints are through the roof. But the small startup thinks it's okay to just keep tweaking the product in field until complaints go away. No! It is not okay. And all of that documentation, emails, phone logs, teams chats, customer complaints and feedback remains. You may think your emails or teams chats get deleted... they don't. What you don't want are email chains with "Let's test that in field on the patients!!!!!"

You don't get to do that kind of thing just because you're a start up.

If in the future (God forbid) a patient is injured - and an inquiry is started - or even a major lawsuit is filed. A missed product recall is a big smoking gun. The two things may not be directly related, but if you had "irregularities" around product once - then what are you still hiding.

Financial irregularities / Tax issues

In the rush to get to financial success as fast as possible - often companies will expand geographically way faster than they have the capabilities to deal with. If there is a lack of knowledge of how importation works, or misunderstanding of fiscal frameworks, then a company based in one country can end up with importation, taxation and financial irregularities.

Mistakes and misunderstandings happen all the time. But that can lead to huge unpaid tax bills that will bite later on (more later on this).

The problem becomes if this is systematic across several countries, and it starts to look like more than incompetence. Right or wrong it can start to look more like a systematic tax evasion - either on importation taxes or sales taxes (or local company profits).

A very common trap is the "Transfer cost trap." In a startup often there are major tax breaks on losses while you do R&D - and it feels a good strategy to register as much profit in the parent company's country as possible to offset those tax credits. Often a pricing structure is set up between the parent company and the satellite company where profit is trapped in the home country.

Unfortunately this can lead to all kinds of issues in the local countries. If you have commercial activity - and are selling product - "but always making a loss" so pay no local government taxes... and get the tax credits back home... watch out. Not only will you eventually have to pay that tax, but you will undoubtably get fines and interest. And this can be crippling for a company. But the even bigger risk is criminal prosecution and possible imprisonment - even for the corporate officers.

Poorly crafted contracts

More often than not, early on, contracts evolve as a company grows and gets better at creating contracts. But many of those early contracts remain in the document management system of the company. Some of them can be a potential disaster for a company later on. Poorly crafted distribution agreement, supplier agreements, investor agreements are some of the many documents that can lie dormant until many years later.

The funny thing about contracts is that they don't matter until you get into dispute. Then the wording really matters. And the hard part is that early legal advice is often taken by the wrong type of lawyers that don't have expertise in that field. So employment contracts (a classic) get written that can come back to bite companies many years later.

Or there are contracts performed around warrants and guarantees and loans - that were made with good intention - but when they come out years later during due diligence by bigger, more professional investors - they can stop funding rounds dead. (Right when you need money).

So getting good legal advice early on, and trying to do things in a "standard way" as much as possible is critical. Don't use investor money to give preferential loans to founders, don't contract with senior management - and have preferential treatment and clauses without the other signatories being fully aware.

Have transparent and easy to read contracts that you would be very happy to discuss multiple years later in front of a jury, or have them posted all over the front page of a tabloid.

Even very early on - get good legal advice. Because many of these contracts will be long forgotten, or not even known about by legal counsel that gets hired many years later. Don't leave that legacy for them to deal with in the future. It could be quite embarrassing when they have to defend the indefensible.

Illegal / irregular product importation

In the startup world - speed is everything. And often on the fly decisions need to be made - and that can happen before a full understanding or a full process is in place. You may have a clinical trail ongoing - or critical first use of your product and well... things go wrong in those first cases (first months). If a replacement product is needed - or a spare part - the simplest way could be to just get people to pack the product or part in a suitcase - fly them to the country and have them hand carry that part to the hospital. Oops.

It may seem the the right way to do it - but if you do not get the right customs paperwork - importation papers - taxation payments right... it can basically become the smuggling of regulated devices into a country and tax evasion. Besides that it is also way out of the controlled systems of product shipping in many cases.

In an inexperienced team - it may seem the simple thing to do. And you may later understand it was a mistake. But few companies would record that as a mistake - fess up and go back and fix the paperwork or pay the correct taxes. It just sort of gets brushed under the rug. But again these are buried land mines you are leaving for future CFOs or Regulatory and Quality teams. When they come out (and that could happen) there will be a vast amount of explaining - remedial action and corrective action to take place. It is not only painful for the company but can give massive reputational damage with regulators, government authorities and investors. (And imagine if your innovation was being pushed by your governments overseas foreign trade departments. How embarrassing.)

If in doubt - pause and get advice. And I know it is all about speed and "we have a patient needing this..." but the company must protect itself and do it right.

The one piece I will add to the end of this. If this then slips and becomes "systematic" or even worse, acknowledged by the management as a way to "get out of a problem... just do it." Then that creeps into a far more nefarious way of working. It means that the management knew full well that they were evading taxes, importing illegally and condoning it based on desperate "business" needs. This is rare - but a company running low on money and needing to hit milestones can easily make a poor judgement call. But that one call could come to haunt you in the future - so do not do it!

Incorrect product component releases and shipping

If your product is super complex. If your supply chain is complex. If your production is complex... then be super aware of this as a start up, as mistakes can happen very easily.

During those first few years it can become very easy in small facilities with early systems - to get parts mixed up. Builds mixed up. And it is very easy for pickers and packers to accidentally put the wrong thing into the wrong box and ship it.

That in itself is not terrible -- if...

If it is caught - stopped - rectified - systems changed - CAPAs run and the authorities informed in the right way. But occasionally it is caught and the right remedial action is not put in place. And it happens again... and again ... and again. All of this flies under the radar - no patient is harmed and no ill has come of it. Except it is often well documented and recorded. Emails of alarm, shipping documents to swap out the products, teams chats on "what do we do now?". Meeting minutes to assess the risk. And then the repeat - and repeat that builds up a strong body of evidence that these "errors" are systematic.

This can literally have a regulator come and padlock the doors to your facility. And even if you have fixed those issues (finally) after many years - a latent patient injury claim could come up. An employee could see it happen again and blow the whistle. An auditor could dig deeper and find this. And at that point the past catches up and it now becomes a major issue.

It happens - and it is accepted. What is not accepted is to brush it under the rug and hope no one ever finds out. If you have an issue. Fix it straight away.

HCP compliance

Over the next years the issues around Health Care Professional compliance will get more and more spotlight. And this will be about payments, interactions, share ownership and governance.

Some of these things are well known, but the one issue that will raise more problems in the coming years will be the conflict of interest over safety discussions and product recalls.

Some of the watch outs are having HCPs on any of your safety panels that have a direct conflict of interest. And I speak primarily about safety boards as this is very particular - and a massive impact on start ups with new "unproven" technology in early stages of market use.

Patient safety must come first - and a safety board will assess product to see if they are safe to use, and if there is an adverse event, or serious adverse event - they will need to decide if there is a serious risk with the product - if authorities should be informed - and if the product really is safe to continue to be used or should be removed from the market.

Too often the HCPs on a safety board can have a massive conflict of interest - and often because they are shareholders in the company. You cannot have members of a safety board (any members) making decisions that could basically close the company - who have a vested interest for the company to not only survive... but thrive!!

Imagine if a vote on the safety of a device is swayed by two members that own significant shares in the company?!??! That would be scandalous. But it happens way too often. Safety decisions should only be made by independent safety panel members that have no conflict of interest. That also means that the CEO and CMO (Chief Medical Officer) should not try influence the safety board, their job is just to act upon the conclusions of that board. A cardinal sin would be to have the "company" remove people from that safety board if they made decisions that "Would be potentially damaging to the company." If you get my drift...

Independent people and independent operation is critical.

HCP compliance also falls into how HCPs are paid and for "what." There are very strict rules around how companies can and must interact with HCPs - and those rules must be followed - no matter how early stage the company is. Excessive payments, inflated travel payments, luxury accommodation, pay for prescription and a host of other non-compliant practices must be avoided. And should payments be made in say the USA or France (and other countries) the company must comply with governmental transparency acts like the Sunshine act, or the Bertrand act - and ensure that they have fully declared payments against work performed.

Some of these things may come up early on in a companies journey - but "I just wasn't aware" is not a defence when this all comes out in court, or during due diligence , or in a later press scandal. So if you're running a startup - then make sure you get educated early on and put compliance procedures in place as early as possible.

Non-diclosure to investors and boards

If and when some of these problems come to light - and they will. The management team may have a sense of embarrassment or guilt over what has happened. But it's okay. Mistakes do happen, and solutions can be found. But what often compounds these errors to make them become unforgivable is when these things come to light and the management team is not transparent.

Too often a management team will try to bury, or hide these things. Work them out and just hope that "non one ever finds out." But that is a suicidal strategy for the company - because eventually something will come out.

Senior members of the company have a duty of care to the investors and share holders to ensure that there is transparent disclosure of all known issues.

Let me give a theoretical example: A member of the team has brought to light several issues they have seen within the company over a few years: fiscal irregularities, product performance concerns, safety issues, irregularities of importation and other issues. They have filed them in a comprehensive report and sent that to the CEO and CFO. They have also shared those concerns and the report with a member of the board.

Does that team and the other board member have an obligation to inform the rest of the board?

Does that team and the board member have an obligation to inform the investors?

Does that team and the board member have an obligation to disclose that if all of those issues are open during a new funding raise - to new and existing investors?

Does that team have an obligation to fix those issues?

Does that team and board member have a fiduciary responsibility to protect the company and the valuation of the company?


Failure to disclose and failure to act would become a grave issue as I will discuss below.

If something is wrong... if something has happened... then full and open disclosure across the board and investors is critical. And until the company has cleared up the issues and corrected the problems - they must not try and raise more money from new investors without disclosing the ongoing corrective actions.

Misuse of funds raised

This is an interesting area and it becomes grey very fast. When a startup is raising funds, they often have a declaratory statement about what will be the "use of proceeds" of that fund raise. Sometimes this is a very detailed statement of what the money will be used for and the probable milestones that will be reached to create value inflection points.

The question is: Is that list of use of proceeds binding?

Well contractually - if you are funding that company and you expect 40% to be used on R&D and the company spends only 10% and the rest on luxury cars... then I think the investors and the board will definitely have recourse.

But if say, 10% is for starting a clinical trial, and the product development gets delayed and you only manage to spend 5%... well that is just normal business risk. Right?

The grey area comes with the question: "Did the management team purposefully mislead the investors on what they would spend their money on?"

If the team raising the money knew full well that they had "hidden" issues in the product to fix, but didn't declare them, and instead bumped up the clinical budget "to cover the expenses needed in R&D. Without raising a red flag." And then later have a massive overspend and over hiring in R&D to try and fix the hidden issues. The this is a problem. a) the product issues and severity of those issues were not declared b) the team fraudulently raised funds to cover up issues in the product. Diverting from one budget to another. c) sales often take a dip because of product performance compounding the company finances.

This sort of "creative fund raising" is more common than people think. And teams often justify to themselves as a "small white lie" or they actually convince themselves "we just didn't realise." If the company goes well... then the team get away with it. But the minute things go wrong and the company time lines slip... the investors "wake up" and there is an investigation and it starts to come out. At that point the investors should start to realise they were fleeced, and this now strays into the area of fraud.

Simply put: Make best efforts to genuinely use the use of proceeds to hit the milestones declared and don't hide "issues" and think you can divert money to make up deficiencies.

Corruption and known illegal activity

This should almost go without saying. But often with medical devices, the company is selling to governments, and that leaves open a wide possibility for bribes and corruption in order to gain contracts "Quid pro quo." It doesn't matter if the company does this direct, or via third party agents - the company is liable for actions of corruption under various criminal laws both locally and internationally.

And no... it doesn't matter if you're a small early start up or a thirty year in multinational - the same laws apply.

Corruption can come in many forms, and in many levels. From a super nice dinner in a five star setting to envelopes stuffed full of money. But more often than not it comes in the form of the relational interlopers. That means that the government official that signs off the contract has a "cousin" that needs to be the distributor. It may not seem like a direct line of corruption - but the fact that a family member is making "profit" based on the decision of their ministerial cousin approving a government contract - should be a big red flag.

Worse becomes if your company suspects corruption, maybe even "declares internally" they suspect corruption - but then continue to do business with say a distributor or body - because they "desperately need to show sales." So turn a blind eye after the event.

Those "we suspect corruption" emails and teams messages are hard evidence that you had an idea. And if it proves to be true, you can't hide behind "well we just didn't have time or resources to do an investigation."

Now go one further: if you deeply suspected "Corruption was happening.", and then continue with that same channel of business, But actually don't do a formal and full investigation and continue to use the same "suspect" distributor. Then unfortunately you are complicit in the corruption if it happened, or you have failed to act to do a full investigation. You can't hide. You either suspect corruption and investigate - and act - or you don't suspect corruption. It's binary.

Either way this entire chain must be investigated fully by a third party - or better still AVOID IT IN THE FIRST PLACE.

Because corruption can not only be devastating for the company reputation; it can land you in jail.

The same goes for all illegal activity, not just corruption. As exampled above, if senior members of a management team, let's say for the sake of argument: the CFO and Legal council all know that something is technically illegal - such as the hand carry of non-approved product - and they sign that off in an email to conduct that activity. Then it is not only the employee that carried the product that is the one at risk. It is the management team and the whole company. You can't discharge illegal activity to people in the field in another jurisdiction, and then say "if it goes wrong we can blame them." Or blame a distributor, or an agent or other third parties. The buck stops at the company.

Understand what is legal and illegal. Ignorance is not a defence in the eyes of the law. If you suspect that something is not right - get good legal advice. And it doesn't matter if you are a small company or a startup so feel "we are under the radar." The law applies to you. And eventually you will become a big business, and like everything, these skeletons remain in the cupboard and they don't go away.

Stay legal - stay compliant.

What problems can these cause?

So I've covered some of the activity in a medtech startup that could potentially come back to bite you later. The advice that I give on my course - is how to avoid these from day one by always getting the right professional and legal advice. And if in doubt "shout it out."

Let me explain now how these skeletons can become company killers - even many years later.

Problems raising money

All startups will need to raise money. And as the company grows and the investors become more sophisticated they will ask for deeper audits and background checks. You may get through the first few rounds with little to no deep scrutiny - but eventually someone will dig in and do deep diligence.

The absolute disaster for a company is that as the company is running short of money, in desperate need to raise the next round - one of these major skeletons falls from the closet. That could be enough to derail the entire round. And if that is discovered by the round lead - you are dead.

The investor world is both small and well connected. And if they see a major compliance issue, a fraudulent issue, corruption, or any of the above. You can kiss goodbye to ever raising money again.

These skeletons can pop out for a myriad of reasons - and it can happen even as late as a series D round. But at that point the entire company is at risk. So if you have an issue - get it cleaned up early on. Get it transparent - fix it - and move on. Don't wait until you are raising money, or preparing for your IPO for one of these skeletons to pop out.

Tax investigations

If as a company you have played clever with things like inter-company pricing, or profit trapping, or not paying your local taxes to conserve money in tight times... The local tax authorities will absolutely work this out. They have a huge interest in ensuring that you pay your fare share of tax in country, and not use that profit to offset R&D tax credits "back home."

If there are three countries in the world, in my experience, where you do not want to have tax issues - it is India, France and Italy. (you don't want tax issues anywhere - but these three stand out.) These countries will come after you hard - and in some cases it carries severe prison sentences.

Once the door is opened to the tax authorities that "something is not right," then they will dig and keep digging for years to come. And remember that they have up to ten years to come after you... so don't think "we got away with that." because the year after they didn't "get you."

This is one of the problems for when a startup goes multinational - and does not get accurate and appropriate local tax advice. I advise very early on to ensure you expand at the right time - and when you do expand get very strong local financial advice on taxation and inter-company pricing (if you decide to go direct.) This advice includes VAT planning on medical devices which can by very complex at a local level.

Product recalls

Often stated is that labelling (or wrong labelling) is the number one cause of product recalls. It happens to the best companies, so could definitely happen to a startup. Eventually if something is serious, the startup will be forced into a product recall. It is often during that product recall that the wheels fall off. If the competent authorities, or FDA decide that there are way deeper issues - FDA could issue a consent decree - then that is when many of the other prior "non product recalls" will come out. And you would be amazed at how many former regulatory and quality staff will be at the front of the line saying ,"We warned them." "We told them to do a recall but they ignored us."

There will be email chains and teams message chains that will become obvious that the product should have have been recalled several times in the past "but wasn't". The investigation will spiral and a simple product recall will become an utter nightmare - leading often to prosecution.

It will often happen that "warnings" and "whistleblowing" was both ignored and covered up. People were "moved out of the company" or mobbed into silence. It is a pattern that has been seen in small and big companies alike. But eventually it all comes out.

Issues of trust by regulatory authorities

Once a major regulatory blunder has been made. Major issues with a product discovered after being buried. Or any host of regulatory irregularities - even as simple as wrong batches sent. If the regulatory authorities are the ones to discover this... then you are in big trouble. Not just because of the rule breaking - but because forever and a day you will have lost their trust, and they will have their eye on you. The level of scrutiny will be higher than ever.

So what can happen is that a smaller issue that comes to light, can then trigger much deeper audits and like any "authority" the more they dig the more they will find.

Put simply - you do not want to be on the wrong side of any regulatory authority.

That cannot be more true than when you are then applying for a new clearance. You will have just made your barrier to clearance much higher - as much of the relationship with competent authorities and FDA is based upon a mutual trust.

Once you break that trust with the authorities... it is very hard to get it back.

Investor law suits

Should your company have many issues, and potentially many of them have been put in writing to senior management (and even presented to the board in some cases.) You then go out and raise more money, and current investors and new investors place hundred of millions of dollars into you - and you did not declare all of the concerns. (You may do that because you are convinced during the next round "you will fix all the issues.")

But then during the round... product performance is then poor, financial performance is poor, progress is not what was expected. And later, the investors find out that you knew material things: like product issues, safety, financial issues, taxation problems etc etc... but you never declared them.

From that point on you can expect a series of investor lawsuits against the company - and against the individuals that kept this secret.

There could be claims of devaluation of the stock, fraud and breach of fiduciary duty.

The last thing you need as a startup is your own investors suing you to recoup their money before the company crashes as a flaming wreck.

Not only will it be the end of the company, it will be the end of you in the industry.

Don't do it!

If you know there are issues - declare them - say how you will fix them - expect a pricing impact - and live with it. It is way better than a jury trial where all of this dirty washing gets pulled out in public.

Investigative journalists (Especially if you become a Unicorn)

As a small start up there is probably little "public interest" in what you do. But as you grow, get more public interest stories out about you, and become bigger. The interest from investigative journalists happens to go up. And if you hit Unicorn status, then you enter the spotlight.

We only need to look at Elizabeth Holmes and Theranos to understand how dirty secrets, investor fraud and intrigue make for a very juicy story.

The bleeding edge documentary on Netflix, and Bad Surgeon:Love under the knife all show that public interest in "bad companies" in healthcare is a trending topic.

You need to add into this the emotion around healthcare and the fact that companies are working with governmental bodies and tax payers money to understand why an investigative journalist would love to blow up the dirt they find on you.

It just takes one piece of evidence for them to start to pull on the thread - and eventually they will get to the core of the issues.

Part of the problem is that if you've hit Unicorn status - no matter who you are - you will have turned over a lot of staff by that stage. And I can assure you that there are enough disgruntled staff out there that would love nothing more than to see you crash and burn.

There are many positive reasons to treat your staff well - and treat your leavers even better. But a solid defence strategy is to not have one of them suitably motivated to anonymously tip off a journalist.

No matter how smart you think your IT department is - documents, emails, chats and evidence are taken out of companies every minute of every day. It just needs one small pack of information handed over to a journalist and your company is toast.

Locking the doors on the company

It is rare - but not impossible that what you have done as a start up is so heinous that either a financial police, tax authority, regulator or criminal investigation could come and literally padlock the doors to your facility and immediately put you out of business.

This has happened to divisions of big companies - where they have often entered a "consent decree" to get things sorted.

But honestly - if you are a startup - without a big mothership of a company to bankroll you - then this type of facility closure will be a death sentence for the company. Your brand won't survive this kind of incident. As I said - it is rare - but if there are enough product issues latent - laying dormant - avoiding disaster more by luck than judgement - poor paperwork and sub optimal controls... it is a possibility that production will be stopped.

Criminal prosecution (patient death)

There are many reason that underlying skeletons could eventually result in criminal prosecution. Tax evasion - if proven - is an obvious one. And actually a very common one - it often results in suspended sentences. Corruption - bribery and other connected crimes will be punished - and it doesn't matter if the crime took place in a far flung country - the management back home has an obligation to respect laws. Foreign Corrupt Practices Acts ensure that local companies are not protected in distant crimes of corruption.

But the one that you hope never comes to bite you is the utter tragedy of a patient death. Not only is this devastating for the patient and their family, but it can be found to be caused by either negligence or wilful blindness.

If you have had years of product issues that you have failed to fix, but they are well documented - and a patient dies - expect the two facts to be linked. Any inquiry will dig deep - and when employees are brought onto the stand in front of a jury - they will bring out everything under oath.

"The management was warned and warned they had an issue... but they continued to say minimal viable was sufficient."

"Every time there was an adverse event, a group of people that owned a lot of shares always decided it was the clinician's fault."

"They knew there was an issue, but kept saying that no one has been harmed by it yet."

"The teams knew we had a 40X complaint rate but said it was still safe."

Statements like this in front of a jury will not save the company or the management team. You never want to be put into this situation - and you never should be.

When a company claims "patient safety" first they must act as "patient safety first" not "investors money first."

Even if you get away with it on the day of trial - the negative publicity - the stress - the costs and the reputational damage in the market place will linger. And if you are a startup with a major big competitor that you are about to disrupt - they will be rubbing their hands and ensuring every customer knows about this. It just can never end well.

How do the skeletons come out?

Deep dive audits by regulators

Audits do not look at every piece of paperwork in your company. They are samples taken at random - often in the areas where most issues occur. But it just takes one sample to contain one document that is a major red flag - and a deep investigation will start.

Imagine that there was a patient injury - and the management decided that it was "not reportable to the authorities." Or there was a major mixup "in field" of components and it was "decided" not to conduct a product recall - just "fix it quickly and quietly in field."

During audit it becomes clear that these things have happened. That "cover ups" seem to be happening. At that point, any notified body, or FDA will start to dig deep. If this sort of behaviour has been systematic over years - then evidence by evidence will come out.

In rare occasions a disgruntled regulatory employee that is "sick of the cover ups" will go and whistleblow to the authorities. They will feel a bigger sense of duty of patient protection than the company is demonstrating - and the lid will come off. And I assure you - they will know exactly which folders to point the authorities to.

Deep dive audits by tax authorities

Tax authorities are motivated to get as much tax as possible from companies in their local jurisdiction. They can seize equipment such as servers, files, computers and telephones.

So once they get a sniff that "they are not paying all the tax they should" then they will keep digging until they find what they need to find. And if you as a company have been playing smart on profit trapping in the HQ country - they will not take kindly to that.

You do not want to be subject to a very deep dive tax audit. Ensure your own internal auditors find any issues first - and if you have tax issues - then self declare to the tax authorities so you don't get penalties, fines or investigations. Get very strong tax and legal advice if you think there are underlying issues.

The last thing you need is a multimillion tax bill just as you are running out of money and needing to raise more money. Use of proceeds saying "$2million to pay off tax fines and bills for improper taxation affairs" is not a healthy line in a pitch deck.

Investigations into patient harm / patient death

If this happens - then it means you have arrived at a point of serious problems. And I do hope it never happens to you or your company. But healthcare has certain risks - and patients do get harmed and die for many reasons.

The issue becomes serious if during that investigation other things pop up. A continual product issue - related or not - that you just neglected to fix "because it didn't seem that serious," will be a huge red flag and a smoking gun.

Conflicts of interest of safety boards, or firing of safety board members that "didn't give the right answer" - whether related or not to the patient death - will not look good to a jury.

And in a potential criminal investigation - documents will be seized - evidence will be poured over to look for those smoking guns.

So do things right, do things compliantly, and do things ethically.

Lawsuits by injured parties

It won't just require a full blown criminal investigation for the above to come out. A harmed patient and their legal team will dig deep into your company. And no matter how much safety data you have in clinical trials, or number of patients in a registry. Other smoking guns of financial problems, high complaint rates, returned product, open CAPAs will all point to a culture of recklessness in the eyes of the jury. The more skeletons in the closet - the easier it will be to get a judgement against the company... and you as an individual.


This one should be taken very seriously, as the amount of whistleblowers is rising exponentially. The issue with whistleblowers is that they have often planned for a long time to come clean - have signalled to management many times their concerns and have often not been listened to. They are usually loaded with masses of evidence they have downloaded from the company - and they have a determined mission to protect patients.

That combination makes them a serious issue for companies.

Worse still are whistleblowers that have been "silenced" or "forced from the company." Not only are they motivated to protect patients but they are now also motivated to bring down the company and go after the people that ignored them and then silenced them.

A whistleblower can go internally to management or the board. And if they do - then the board has a duty to tell all board members - and investors. Keeping that information "quiet" on what the whistleblower has brought to light would be a stupid strategy. That information is not going away.

But more importantly (and depending what the whistleblower has raised) they could go to regulators, tax authorities, governments, the press and competitors.

It is critical that if you have a whistleblower in your company - their claims are taken seriously - and they are protected above all employees. It seems counter productive - but if they have evidence of wrong doing - and are trying to protect patients and the company - they should be the ones that are hailed as heroes - not treated as villains.

Because one of the worst things you can do when you have skeletons in the closet is make an enemy of a well informed, evidence armed, ex-employee. You will be amazed how many other ex-employees are willing to stand side by side with them and support them with evidence.

Disgruntled employees

Treat employees well. Period.

You don't want to make enemies from within your own company. So if you have a toxic leader that bullies employees, rubs them the wrong way, or just antagonises them; you are asking for trouble. A disgruntled employee that knows that you have product issues, financial irregularities, conflicts of interest etc will be well armed to tip off regulators, tax authorities and the press.

In 2024 it takes nothing to have anonymous tip offs via burner email accounts - and if that is coming from within... beware.

Check your Glassdoor rating - and if you are hovering around a three - and have a lot of one star reviews - then you have a risk of disgruntled employees stacking up.

Treat employees very well - and don't have skeletons.

Investigative journalists

As stated above - there are many strong motivations for journalists to dig in. Patient care is of course public interest. So your company is absolutely fair game. And like Theranos - if you have been splashing the news channels, media and social media with your "feel good news" and crowing about success and devotion to patients etc etc then you better be 100% clean.

No one likes more than a juicy story of an arrogant - proud and successful company that is taken down in a mire of scandal and sleaze. That gets even better if the governments or insurance companies have been supporting you, endorsing you and promoting you as their poster child. Remember healthcare often involves government money and involves strong competition. And in most cases those competitors are way bigger than you - and have very good contacts with the media.

It's a dirty world out there - and sooner or later you will upset someone enough, or threaten someone enough that they will take aim at you. And if you have skeletons in your cupboard - then that will be the one thread a good investigative journalist will need to spin a strong story against you.

You will be amazed how fast governments will turn on you, health systems will distance themselves from you, and investors will blacklist you when a negative story with some real facts behind it comes out.

Your best defence is to be proactive and ensure that there are no lasting problems in the cupboard. If there's nothing to pull out... you are golden.

Competitive intelligence

It doesn't take long for a competitor to start getting concerned or even wounded by the activity of a disruptive startup. As soon as that happens every member of their vast field force, their middle management and senior management are against you.

There are thousands of eyes watching your every move.

It is not unheard of for a competitor to report your product issues to authorities, or have suspicion of unfair financial practices reported to anti-corruption bodies.

You are being watched 24/7 by the competition and if they can find that one chink in your armour... they will go for it.

It may seem very left field that "someone knows something dirty about your company..." but often it is coming from your enemy. So stay clean.

Due diligence by new investors

As rounds progress and investors get more sophisticated - the level of scrutiny and due diligence goes up. And many bigger investors absolutely know where to look for problems that have hit them before.

You won't be the first company to have issues and you won't be the last.

It's no issue to have a problem - it's an issue to try and hide it or ignore it. A problem with a great plan of how you will fix that problem - and a real execution to get it fixed - will go a long way to remove concerns.

What they don't want is surprises. That will spook them and often they will simply break off investment talks - and unfortunately in such a small community... that will be the end of your investment round.

If that happens when you are desperately trying to raise money - then you may have just killed the company.

As a note - I have heard of an investor presentation where the investor asked a lower level regulatory person to come in and answer some questions. The conversation turned embarrassing when they trotted out all the product issues that were stacked up and how they didn't believe they would get FDA based on the amount of unresolved complaints.

That wasn't a good funding round, and that company is now history.

Due diligence by acquiring companies

Very much similar to new investors. Acquiring companies will do very deep diligence into the company. And if there are latent issues that will need to be fixed - or even worse buried - it can be an utter disaster for the acquiring company. Just go Google the Guidant story to understand why companies do such deep due diligence, and will walk away from any irregularities.

The issue with DD by a company is that it is coming in very late in the day - and is often happening with a new management team at the startup. The founders and early management have all gone. But the early skeletons haven't. The new CEO is as shocked as the DD team when certain skeletons pop out.

[But shame on the CEO for taking on their legal responsibilities without conducting their own DD.]

It doesn't matter - the due diligence fails due to ancient skeletons popping up at the last minute and the the valuation drops significantly or, the deal is killed.

I have personally been involved in a company to be acquired that had "literal" Skeltons in the closet - and this caused a potential acquirer to run a mile. (Oh and that information did splash spectacularly over the tabloids.)

One thing to know is it can happen at any stage, and even many years later - even if you think you've cleaned it all up. So pay attention, and avoiding the mistakes is way better than having to do remedial action many years later when you are on the ropes for money - or worse - seeing your sales miss and miss again because the product defects (identified years ago) have just never been fixed. A final note: A sign that there are sure fire skeletons... early users start sending the product back. Watch for that one.

How to avoid these devastating mistakes?

Understand it's a highly regulated industry

Even today I was on a call where it was clear the founder of a company had not understood just how deeply regulated medical devices is. I could see the dawning realisation as I discussed just what kind of environment it was.

My first advice (and I cover this deeply in my course) is that you absolutely, from day one, need to get solid regulatory and quality advice. You need to know the sandbox in which you are playing. It is critical to get the advice early - as this is the foundational time when mistakes made will come back to haunt you years later.

Get strong legal advice

You cannot know everything. Especially at the beginning of the journey - and that means that you need to take expert legal advice by subject, and by jurisdiction. Don't use general purpose lawyers for specific technical areas.

Listen to warnings from inside the company (especially by the experts)

If you have good solid experts from the medtech arena in your company and they start to raise the noise level - tuck your arrogance away and listen to them. They may not have the answer - but if they think that something is wrong, then you need to investigate further. People in the industry have a good nose for issues. You employ the people to give advice. Listen to it.

Get strong professional advice in each area (Regulatory, Quality, Financial)

If you don't have the people on board yet - then get good professional advice. You can't find everything on Google. Some of the areas of regulatory and quality are quite "grey" and require some clever assumptions and lots of experience to interpret the rules. If you are making critical decisions in the life of the product or company - get some professional advice. Especially early on. Early mistakes linger the most.

Create a risk register

Many of the risks are known - so get them down on paper and ensure you have a very good register of all the risks and their criticality and frequency. And then make sure you have a mitigation plan to eliminate each risk (or reduce it).

Example: Corruption = high risk - happens a lot - and can be avoided by having top level distributors that already distribute top level company products - so have probably already been vetted by those companies for anticorruption (or at least trained by them) etc.

Disclose everything to the board (and not just a few of them)

There will be dominant board members. And often boards have investors and non investors, advisors and chairs. If there is a major problem - disclose to them all. Do not rely on one board member to disseminate the information. Their view may not be that of the majority. You are obliged to work in a transparent way and ensure your board is fully informed and part of the decision. You cannot guarantee that a non investor board member will want to "spook" the investors. But this will get you into dangerous territory. Compartmentalised information about risks can lead to terrible legal wrangles.

Disclose everything to investors

Raising money? Then make sure you tell the good, the bad, and the ugly. It is too tempting to want to share rainbows and, unicorns and fairy dust. But disclosing the issues and how you intend to fix them is the most mature way, legally sensible way and morally correct way to raise money. It is better to come out during the raise than after the round is closed and you have their money. They will have no qualms in firing you or suing you. Don't make enemies out of your investors just because you are desperate to close rounds.

And remember you are often obliged (as senior managers) to sign warrants. These declare "we have declared everything." And if you haven't - you can be on the financial hook for years to come - personally. So if you don't want to lose your home? Fess up.

Correct things with urgency

Every single business has issues. That is part and parcel of business. But if you have issues then get them fixed. And fixed with urgency - not as the thing to do when you've "got bandwidth."

Product defects - get them fixed.

CAPAs - get them closed

Tax issues - fix it and pay

Safety issues - recall the product

Regulatory misses - CAPA and fix

Adverse events - independent review (really independent)

Do not have your current product woefully inadequate on the market - thinking "It's minimal viable. It's okay. It's good enough. We'll fix it in the next generation."

Get your current product fixed and safe NOW!

Act with urgency.

Be transparent with regulators / authorities

Made a mistake - then just raise your hand. Be clear and transparent with regulators or tax authorities or government authorities. It is way better that you tell them than they find out you covered it up. Neither result is brilliant - by the way - but you will get way more leniency and cooperation when you go to them.

It happens. So live with it.

Conduct 3rd party audits around these risks

Prevention is always better than cure. There are always areas of risk in your business and the more internal, and 3rd party audits you do the better chance there is of highlighting the risks before they occur and putting things in place to avoid the risk in the first place. Too often we rely on our own self judgement - and that is often the wrong answer.

Many skeletons are create through ignorance, not because people are inherently bad. And sometimes you are too close to it to assess the real risk.

And if you are a massive share holder in your business - the mere fact you could risk your share value can be enough to make you take the wrong decision.

Good strong 3rd party impartial advice goes a long way to avoiding a lot of these common mistakes.

Over at my course...

I've personally seen many of the events above. Some are just not pretty when they happen. But for startups you can avoid a lot of mistakes if you simply know they exist. On my course

I've incorporate a lot of these common mistakes into the modules to highlight some of the risks. I've given strategies on how to avoid them, and some work sheets on how to plan around them. I also give lots of starting points to find professionals that can help you with a ton of this.

If this rings a bell... head over to my course now to find out how to join.

The above are opinions of the author and only for education purposes and do not constitute legal advice.

355 views0 comments



bottom of page