Minddistrict
Minddistrict provides an e–health platform for (partial) online treatment in mental healthcare. This brings challenges on a compliance level: regarding information security, privacy and medical devices regulations. Minddistrict has improved and updated all available documentation to get ISO 27001/NEN7510 certified and to start, on time, the project to become Medical Device Regulation compliant.
Client: Minddistrict
Topic: ISO 27001/NEN 7510, GDPR, MDR
Interviewee: Jorien van Vliet, Compliance Officer
Minddistrict
Minddistrict provides an e–health platform for (partial) online treatment in mental healthcare. This brings challenges on a compliance level: regarding information security, privacy and medical device regulations. Minddistrict has improved and updated all available documentation to get ISO 27001/NEN7510 certified and to start, on time, the project to become Medical Device Regulation compliant.
Client: Minddistrict
Topic: ISO 27001/NEN 7510, GDPR, MDR
Interviewee: Jorien van Vliet, Compliance Officer
CHALLENGE
Minddistrict’s challenge: 9 months, 3 major compliance topics
Minddistrict’s ambition was to take compliance to the next level in 2021 by establishing a consistent and high-quality compliance program. NAALA gave Minddistrict a leg up to ensure a sufficiently coherent program was to be established. The compliance program is intended to serve as a good foundation, allowing it to be a matter of maintenance for the Minddistrict in the coming years. During 2021 Minddistrict achieved the desired level of the information security and privacy documentation. The documentation for MDR compliance has been established and is to be implemented during this year.
“We enlisted help because within Minddistrict we are dealing with a lot of standards and legislation that we would like to implement at a high-quality level, but of course to do that properly takes a lot of time and needs high-end expertise.”
– Jorien van Vliet, Compliance Officer
“We enlisted help because within Minddistrict we are dealing with a lot of standards and legislation that we would like to implement at a high-quality level, but of course to do that properly takes a lot of time and needs high-end expertise.”
– Jorien van Vliet, Compliance Officer
THE PROJECT
For nine months, Minddistrict and NAALA worked together intensively to build a working and well-fitting program for information security, privacy and quality standards and legislation.
For nine months, Minddistrict and NAALA worked together intensively to build a working and well-fitting program for information security, privacy and quality standards and legislation. By having a complete framework ready for all three themes, Minddistrict was able to give substance to its ambition to take compliance to the next level and increase the compliance maturity level of the entire organization.
“NAALA offered an incredibly big advantage: bring-in knowledge and experience exactly on the three topics which were most relevant to us (information security, privacy and quality). In that respect the choice was easily made, as some parties are excellent at ISO (27001, ed.) only, they offer a top notch GDPR consultant, or they have lots of experience in the field of MDR. However, we must deal with everything at once. It was very valuable for us that NAALA could offer all that hands-on expertise in-house.”
– Jorien van Vliet, Compliance Officer
“NAALA offered an incredibly big advantage: bring-in knowledge and experience exactly on the three topics which were most relevant to us (information security, privacy and quality). In that respect the choice was easily made, as some parties are excellent at ISO (27001, ed.) only, they offer a top notch GDPR consultant, or they have lots of experience in the field of MDR. However, we must deal with everything at once. It was very valuable for us that NAALA could offer all that hands-on expertise in-house.”
– Jorien van Vliet, Compliance Officer
The projects were addressed in consecutive order. During the first part of the cooperation Minddistrict and NAALA worked on the information security within Minddistrict, followed by data protection and concluded with setting up the basis for a quality management system and technical documentation according to the MDR. The approach to all the projects has been for NAALA to provide a starter so that Minddistrict could implement it in a way that was appropriate for the Minddistrict’s way of working.
“Addressing all three themes in a row makes a huge difference in terms of time. NAALA gets to know the organization well, which helps in finding the right people within the organization to ensure an appropriate design and implementation for the policies.”
“The fact that NAALA laid such a solid foundation for all themes, enabled us to immediately translate the regulatory requirements into the organization. Instead of us just having to write our own policy, we were able to immediately assess what it meant practically for Minddistrict and implement it appropriately, thanks to this intensive cooperation.”
– Jorien van Vliet, Compliance Officer
“Addressing all three themes in a row makes a huge difference in terms of time. NAALA gets to know the organization well, which helps in finding the right people within the organization to ensure an appropriate design and implementation for the policies.”
“The fact that NAALA laid such a solid foundation for all themes, enabled us to immediately translate the regulatory requirements into the organization. Instead of us just having to write our own policy, we were able to immediately assess what it meant practically for Minddistrict and implement it appropriately, thanks to this intensive cooperation.”
– Jorien van Vliet, Compliance Officer
FUTURE
“Our focus is really on expanding further in the Dutch, German and UK market.”
Minddistrict, of course, keeps continuously developing the product and contents. “Our focus is really on expanding further in the Dutch, German and UK market. Many new possibilities exist in Germany with the introduction of the DiGA*, which suddenly creates the possibility of entering the market in a completely different way than before. However, that doesn’t mean that Minddistrict is keeping its eyes shut for other opportunities that may arise!”
Minddistrict will continue to engage NAALA in any compliance questions that may arise.
*DiGA is short for Digitale Gesundheitsanwendungen (Digital Health Applications) and refers to the German Digital Healthcare Act (Digitale-Versorgungen-Gesets, DVG). It is a law that introduced the possibility of specific digital healthcare solutions in the German market being reimbursed by health insurance companies. For more information: https://www.bfarm.de/EN/Medical-devices/Tasks/Digital-Health-Applications/_node.html
“I really enjoyed the collaboration. Amy and Anne Sophie are very accessible and approachable for both strategic thinking and discussing the practical application of the policies for our organization.”
– Jorien van Vliet, Compliance Officer
“I really enjoyed the collaboration. Amy and Anne Sophie are very accessible and approachable for both strategic thinking and discussing the practical application of the policies for our organization.”
– Jorien van Vliet, Compliance Officer
HOW MINDDISTRICT CAME ABOUT
Minddistrict
It has now been thirteen years since Minddistrict was founded by three people in an attic. Mark Willems, one of Minddistrict’s founders, owned the organization.
“After 12 years, the founder Mark Willems left some big shoes to fill. Jeanette (Ploeger, ed.) is our new CEO. This is very good for the identity of the organization, as she has been involved with Minddistrict almost from the word go.”
The company primarily focuses on development of their e-health product. This concerns both technical development of the platform and its treatment content: the Minddistrict interventions. Because both are developed in-house, technology and content increasingly complement each other. Over the years, these broad business activities have borne fruit: Minddistrict’s team has grown from 3 people in an attic to a team over 60 people across the Netherlands, Germany, and the United Kingdom.
“The demand is constantly increasing. As product requirements increase, greater development capacity is required. In addition, in recent years we have seen a huge increase in the demand for data and gaining insights from data. Initially, we didn’t employ anyone at all for this, and currently we have an entire team working on data analysis to improve the Minddistrict platform for the benefit of users. We also see an increasing demand in the area of compliance, which is becoming more and more important. We are thus growing as an organization in that area as well.”
Minddistrict has about 300 customers. This includes mental health institutions, care groups, rehabilitation clinics, hospitals.
Minddistrict has about 1 million users since 2008. This includes both healthcare consumers and professionals.
Minddistrict has about 200 different modules.
That the founders’ original ideas can still be found in both the company and the product is reflected in the purpose of the current product. “The purpose of the platform is to provide an online environment that guides people in recovery or behavioral change and can be combined with meetings with a healthcare professional. This purpose is rooted in the platform from the start.”
“Over time, mental health institutions (in particular) saw the potential to do more with digitization, but not to necessarily offer treatment completely online. They recognize the added value of an online component if clients are undergoing treatment with them, allowing clients to work on parts of their treatment at home in addition to the meetings. This is how the Minddistrict platform came into being.”