Regulatory, Cybersecurity, and Health Canada Readiness for a Software Medical Device
Sparrow Acoustics is a Canadian health-technology company developing Stethophone, a smartphone-based software medical device that captures and analyzes heart and lung sounds to support clinical assessment and follow-up.
The challenge
Sparrow’s roadmap required navigating multiple regulatory phases over several years, including:
- Software as a Medical Device (SaMD) classification in Canada and the United States
- Preparation for a Health Canada Class II Medical Device Licence (MDL)
- Increasing scrutiny around cybersecurity and health data protection across jurisdictions
The team needed senior regulatory judgment and fast answers, not a full-time external regulatory function.
Design Smith’s role
Design Smith provided senior regulatory judgment from early regulatory planning through Health Canada approval, offering on-demand advisory support while keeping Sparrow’s internal team firmly in control.
“They guided us through what Health Canada expects with clarity and confidence, never layering on unnecessary complexity or stepping on our ownership of the process.”
— Nadia Ivanova, Co-Founder
What Design Smith delivered
Across the engagement, Design Smith:
- Interpreted Canadian regulations and guidance and explained how they are applied in practice
- Pointed Sparrow to the most relevant regulatory sections, including differences by province and between Canada and the United States
- Reviewed existing FDA submission materials to enable reuse and reduce duplication
- Provided just-in-time guidance during Health Canada review to interpret feedback and advise on responses, often the same day
- Coordinated specialized cybersecurity expertise so Sparrow had a single point of contact
This approach emphasized speed, clarity, and decision support—without unnecessary reports or excess hours.
Cybersecurity and privacy support
For specialized cybersecurity and privacy support, Design Smith leveraged its professional network.
Recognizing the growing importance of cybersecurity and patient data protection, Design Smith engaged a specialized cybersecurity partner to complement the regulatory work, providing:
- A consolidated view of Canadian federal and provincial data-protection requirements, alongside U.S. expectations (FDA, HIPAA)
- Guidance on how responsibilities shift between Sparrow and healthcare institutions
- High-level comparison of cybersecurity frameworks and controls across provincial jurisdictions
- Planning support for documenting data flows, access, and storage
This approach allowed Sparrow to address cybersecurity expectations credibly and efficiently, without managing multiple vendors.
Outcome
Sparrow successfully obtained Health Canada licensing for Stethophone, enabling commercial availability in Canada.
Beyond approval, Sparrow gained:
- A clearer understanding of regulatory and cybersecurity expectations
- Reusable documentation and decision frameworks
- Confidence navigating future regulator interactions and product changes
“Design Smith delivered exactly what we needed—sharp regulatory insight and cybersecurity know-how, paired with a refreshingly practical approach. They guided us through what Health Canada expects with clarity and confidence, never layering on unnecessary complexity or stepping on our ownership of the process. When we needed deep, specialized expertise, they brought in the right people at the right time—seamlessly. Design Smith stays ahead of the curve on current regulations, which helps us stay informed and compliant without missing a beat. Thanks to their advisory, we reached approval faster and came out with a stronger foundation for everything we’ll build next.”
— Nadia Ivanova, Co-Founder