Why regulatory rigour is becoming a competitive edge in clinical AI

AI promises faster workflows, but healthcare orgs want clear answers on privacy, reliability, and accountability.

Silicon Valley taught startups to move fast and break things. But as AI moves deeper into healthcare, tech companies are facing a different set of expectations. Governments and clinicians are asking tougher questions about privacy, reliability, and safety, and increasingly want proof that the tools they are adopting can be trusted when real people are involved.

For Heidi, the response has been a slightly modified mantra: move fast, break nothing.

“It’s like [comparing] a Ferrari to some car someone’s made in their back shed.”
Yass Omar, Heidi

“We can’t afford to make a mistake,” said Yass Omar, Head of Legal, Regulatory and Compliance at the Melbourne-based healthtech whose AI scribe is designed to document patient visits and medical notes. “Even if the AI is one percent off, whether it’s hallucinations or missed words, you’re suddenly affecting hundreds of thousands of consultations, and they involve real clinicians, real patients and, potentially, real clinical safety incidents.”

Heidi is leaning into those tougher expectations as it expands into Canada. The company recently established a Toronto headquarters, added staff in Vancouver and has secured approval for healthcare organizations in Québec to use its product. Last August, it was added to Ontario’s AI Scribe Vendor of Record list, a program that evaluates AI documentation tools on issues including privacy, security, clinical quality and legal compliance in a medical environment.

Those standards aren’t just boxes to check. Omar believes the companies best positioned to grow in highly regulated sectors like healthcare are the ones that treat compliance as part of the product, not an afterthought.

“They want predictability, repeatability, transparency,” he told Betakit. “They don’t want you to build fast and break things. They want to buy what’s on the tin and what you’ve sold them.”

Build fast, break nothing

Heidi’s approach is reflected in how the company staffed itself from the start. Omar, a lawyer by training, joined as one of the company’s first 10 employees, a group that includes physicians and former clinicians. For an early-stage startup, it was an unusual mix; many tend to prioritize engineers or sales teams before regulatory expertise.

But Heidi made an early bet that compliance would matter sooner rather than later, embedding legal and regulatory teams directly into its product development. That created what Omar called a “positive tension” between teams focused on innovation and those responsible for safety and governance.

“You’re both working towards the same goal,” he said.

Many clinical AI tools can look similar—at least on the surface. At Heidi, the view is that the real distinction comes down to transparency. Can vendors clearly explain how their systems work, where patient data is stored and what protections are in place for both patients and clinicians using the product?

“It’s like [comparing] a Ferrari to some car someone’s made in their back shed,” said Omar. “In theory, they both have four wheels and an engine and can move. But you’re operating at a different level of rigour, safety, and professionalism.”

Choose wisely

These days, regulators and healthcare organizations are asking vendors to show, not just tell, how deep those safeguards run through their system. That has pushed some companies to become more transparent about issues like data handling, security certifications, and where patient information is stored.

“They don’t want you to build fast and break things. They want to buy what’s on the tin and what you’ve sold them.”

At Heidi, for example, the company’s Trust Centre lets customers review security documentation and data-handling policies before any procurement conversations begin. It also offers data residency, so that clinicians’ information stays in Canada. Clinical safety staff monitor how the AI performs and flag potential issues, and the product supports clinical documentation in more than 100 languages.

The company says its tools now support more than 2.5 million consultations globally each week and have saved Canadian clinicians over 9 million hours since 2024.

The focus on transparency and safeguards comes at a time of closer scrutiny for AI scribes in Ontario. Ontario’s Auditor General recently flagged shortcomings in how some clinical AI tools have been evaluated during procurement, citing gaps in documentation and testing for some approved vendors. The review also found that, in testing, some tools hallucinated or missed important details in simulated patient encounters. Supply Ontario has since agreed to strengthen parts of the process. An estimated 5,000 physicians across Ontario are currently using AI, but Health Canada said it wasn’t aware of any cases of patient harm stemming from their use.

For Omar, the combination of strong demand and tougher oversight is part of what makes Canada central to Heidi’s North American growth plans.

“We see Canada as that perfect balance,” he said. “The desire for this technology is already there, but so is the interest in doing it safely, in a regulated and structured way. That’s what we want.”