Lessons Learned from Failed Blockchain Healthcare App Development Projects

Healthcare leaders have realized the tough way that just saying “blockchain” doesn’t automatically make data easy to share, compliant, or actually valuable. This post breaks down the biggest mistakes we’ve encountered--and highlights the new strategies that are gaining traction in 2025--so decision-makers can steer clear of these pitfalls.

---

Why many blockchain healthcare apps still stall in 2025

In the past two years, the rules and the way different systems talk to each other have changed quite a bit while teams were still in the middle of their projects:

• TEFCA launched back in December 2023, and by mid‑2025, it had already bagged eight designated QHINs with millions of documents zipping through. Honestly, creating a parallel data-exchange network when there's already a national backbone in place is quite the challenge. (rce.sequoiaproject.org)
• The DSCSA package-level tracing hit a point of “stabilization” in 2023‑2024 and rolled into staged enforcement through 2025. But here’s the kicker: many pharma apps that promised “full chain-of-custody on blockchain” often overlooked the actual compliance steps and the EPCIS-driven interoperability that the FDA and PDG are really focusing on. (fda.gov)
• The FTC’s updated Health Breach Notification Rule takes effect on July 29, 2024, tightening the reins on non‑HIPAA apps when it comes to breach and disclosure obligations. A few consumer health pilots learned the hard way that mixing “web3 wallet + wellness data” puts them right under the HBNR umbrella. (ftc.gov)
• Over in the EU, the European Health Data Space (EHDS) kicked off in March 2025. Now, any projects that suggest using on‑chain PHI without proper minimization are really missing the mark, going against what EHDS stands for and the evolving GDPR guidance on blockchain. (health.ec.europa.eu)

The takeaway here is to view blockchain as a piece that needs to fit seamlessly into our existing systems (like TEFCA, FHIR/USCDI, EPCIS, and EHDS) rather than seeing it as some separate world.

---

Failure pattern #1: Putting PHI on‑chain (or too much on‑chain)

• A lot of teams are still trying to store patient data, keys, or detailed metadata right on the ledger. This runs into some serious issues with HIPAA’s right to amend and GDPR’s erasure principles, creating some tricky legal and operational risks. (law.cornell.edu)
• European regulators are really sticking to their guns on this: back in April 2025, the EDPB rolled out blockchain processing guidelines emphasizing the importance of data minimization, off‑chain storage, and conducting DPIAs for blockchain use cases. (edpb.europa.eu)

What Does Work in Production Look Like?

When we talk about "work in production," we're diving into what goes down in the creation and delivery of goods and services. Here's a closer look:

The Basics

In a nutshell, work in production involves transforming raw materials or components into finished products. This process encompasses everything from manufacturing to quality control to packaging and shipping.

Key Components

Here’s a breakdown of the main activities involved:

• Manufacturing: This is where the magic happens. It could be anything from assembling parts to crafting a product from scratch.
• Quality Control: Once things are produced, they need to be checked. Quality control ensures that what’s being made meets the required standards.
• Logistics: After production comes distribution. This involves getting the finished goods to retailers or directly to consumers.
• Maintenance: Keeping machines and equipment in tip-top shape is crucial for smooth production.

Roles in Production

There are several key roles that help things run smoothly in production:

1. Production Manager: Oversees the entire production process, ensuring everything is on schedule and within budget.
2. Machine Operators: These folks handle the equipment that makes the products. They’re the backbone of any production line.
3. Quality Inspectors: They’re the detail-oriented ones who check for any flaws in the products.
4. Logistics Coordinators: They manage the flow of goods, making sure that everything gets where it needs to go on time.

The Technology Side

Today's production work often involves high-tech tools and software. Automation, robotics, and data analytics are super important for improving efficiency and reducing costs.

Conclusion

So there you have it! Work in production is all about taking materials, turning them into something useful, and getting them out the door. It’s a complex but fascinating field that blends creativity with practicality. Whether you're in the factory or part of the management team, there's always something happening in the world of production!

• Integrity anchoring: Estonia’s health system has teamed up with Guardtime to use their KSI tech, which lets them time-stamp and verify record integrity while keeping personal health information (PHI) off the blockchain. This approach fits nicely with GDPR requirements and the needs of clinical operations. Check it out here: (e-estonia.com)
• Pointer registries and verifiable logs: They use hash-only commitments to link to external records, create revocable links, and maintain append-only audit trails. This clever setup helps limit on-chain personal data while still providing evidence against tampering. The CNIL is a big fan of this kind of approach. Learn more about it here: (cnil.fr)

Practical Build Advice:

When diving into a new project, there are a few essential tips that can really help you get the most out of your build. Here’s a handy list to keep in mind:

1. Plan Your Project
   Take some time to sketch out what you're aiming for. Whether it’s a small DIY project or a full-blown construction job, having a solid plan can save you from a world of headaches down the line.
2. Choose Quality Materials
   Don’t skimp on the good stuff! Investing in high-quality materials may cost a bit more upfront, but they’ll pay off in durability and performance.
3. Measure Twice, Cut Once
   This old adage rings true. Always double-check your measurements before making cuts. It’s a simple way to avoid costly mistakes.
4. Stay Organized
   Keep your workspace tidy. Label tools, parts, and materials so you can find what you need quickly. No one likes wasting time hunting for a misplaced wrench!
5. Learn from Others
   Don’t hesitate to reach out for advice or to check out similar projects. Platforms like Instructables or YouTube are treasure troves of inspiration and wisdom.
6. Don’t Rush
   Take your time! Building something can be incredibly rewarding, but hurrying through the process can lead to mistakes that you'll end up regretting.
7. Ask for Help
   If a task feels daunting, don’t hesitate to recruit a friend or family member. Having an extra set of hands can make a huge difference, and it can be a lot of fun to work together.
8. Have Fun!
   Remember, this is your project. Enjoy the process and don’t stress too much about perfection.

Happy building!

• Always avoid writing any PHI or identifiable hashes on a shared ledger; think of on-chain data as just non-personal proofs.
• When making changes, link to off-chain records that can be updated and keep recording fresh integrity proofs with every change (this lines up with HIPAA §164.526). Check it out here: (law.cornell.edu).
• For IoT and imaging stuff, you might want to look into chameleon-hash-based ledgers or audit overlays. They allow for updates or erasures off-chain while still keeping a clear integrity trail that meets regulatory standards. More info here: (arxiv.org).

---

Failure pattern #2: Ignoring the real interoperability stack (FHIR, SMART, USCDI, TEFCA)

A lot of projects went after custom schemas or tokenized “patient graphs,” rather than sticking to the standards that payers, EHRs, and regulators actually use.

• The HTI‑1 has swapped out “CDS” for Decision Support Interventions, pushing for algorithm transparency and laying down some clear deadlines. We’re looking at FHIR endpoints that need to be published by December 31, 2024, and the adoption of USCDI v3/SMART scopes by January 1, 2026. If apps aren’t ready for these requirements (along with necessary API upgrades), they might find themselves losing out on enterprise buyers. (himss.org)
• If you’re not aware, US Core 6.1.0 (that’s USCDI v3) and SMART on FHIR v2.0 are called out in the certification and SVAP. If you decide to skip these, your app could be in for a rough time during procurement. (healthit.gov)
• TEFCA is officially up and running, with billions of documents being exchanged. Trying to layer blockchain transport when TEFCA connectivity is good enough just doesn’t hold up well. (rce.sequoiaproject.org)

What to do instead:

When faced with a challenge or a tough decision, here are some alternatives you might consider:

1. Take a Break
   Sometimes, stepping away for a bit can give you a fresh perspective. Go for a short walk, grab a snack, or just chill for a few minutes.
2. Talk It Out
   Chatting with a friend, family member, or even a colleague can help you see things from a different angle. You never know--sometimes they’ll have the perfect advice or insight.
3. Write It Down
   Jotting down your thoughts can be super helpful. Try making a pros and cons list or just free-write about what's on your mind. It can clear up your thinking.
4. Research Options
   Look up similar situations online or check out forums for advice. You might find that others have faced the same issue and can guide you through it.
5. Set Small Goals
   Instead of tackling everything at once, break it down into smaller, manageable tasks. Focus on one step at a time, and celebrate those little wins along the way!
6. Seek Professional Help
   If the situation is really weighing on you, don’t hesitate to reach out to a professional. Sometimes, getting expert advice is the best way to move forward.

Remember, it’s all about finding what works for you!

• Think of FHIR US Core profiles and SMART v2 granular scopes as your go-to “northbound” interface. When you're building your ledger layer, focus on notarizing FHIR events instead of trying to replace them. (hl7.org)
• Make sure to support Bulk Data (Flat FHIR) exports for those population use cases. Notarize job manifests and checksums, but don’t worry about notarizing the datasets themselves. (projectlifedashboardstage.hl7.org)
• If there are national backbones in place (like TEFCA and MyHealth@EU), integrate with those first. Position blockchain as a way to provide integrity and consent evidence, rather than as the main transport method. (rce.sequoiaproject.org)

---

Failure pattern #3: Consortium economics and governance, not code, killed the project

A bunch of high-profile initiatives ran into trouble, not because the tech didn't work, but because they just couldn't build a solid business network.

• MediLedger’s DSCSA pilots were a big help for the industry in figuring out their game plan, but then things took a turn. In 2024, the Product Verification System got sold to the National Association of Boards of Pharmacy. Meanwhile, Chronicled shifted its focus to contracts and chargebacks, where participants were already seeing returns from day one. Teams that stuck to wanting only DSCSA blockchain apps after this change found that fewer people were interested. (chronicled.com)
• On the flip side, the Synaptic Health Alliance decided to zoom in on a single, tricky issue--making sure provider directory information is accurate. They built their solution on a permissioned chain (Kaleido) and are now operating across multiple states with strong returns for their members, like MultiPlan reporting a huge 500% annual ROI. This level of focus is what draws in members; vague “shared utility” pitches just don’t cut it. (synaptichealthalliance.com)
• Avaneer Health, with backing from big payers and providers, kicked off a private peer-to-peer network and then honed in on revenue-cycle use cases, such as Coverage Direct and real-time adjudication. The lesson here? It’s all about highlighting the cash-flow benefits instead of getting bogged down in ideology. (avaneerhealth.com)

What to do instead:

1. Explore a new hobby: Dive into something you've always wanted to try--be it painting, photography, or even gardening. It’s a fantastic way to express yourself and keep your mind engaged.
2. Catch up with friends: Whether it's a quick text, a video call, or a coffee catch-up, reaching out to friends can really lift your spirits. Connection is key!
3. Get moving: Go for a walk, hit the gym, or try a new workout video at home. Physical activity can boost your mood and energy levels.
4. Read a good book: There's nothing like losing yourself in a great story. Pick up that book you’ve been meaning to read or explore a new genre.
5. Cook or bake something new: Experiment in the kitchen! Trying out a new recipe can be a fun challenge and a delicious reward.
6. Volunteer: Helping others can be incredibly fulfilling. Look for local opportunities where you can give back to your community.
7. Meditate or practice mindfulness: Take some time to relax and center yourself. Even a few minutes of quiet reflection can make a big difference.
8. Plan a mini-adventure: Whether it’s a day trip to a nearby town or a picnic in the park, planning something fun can give you something to look forward to.

• Begin with a single cross-enterprise workflow (like chargebacks, directory sync, or prior-auth evidence) that everyone involved is struggling with right now, and where you can track actual savings every quarter.
• Get your governance plan documented from the very start: outline the rules for data contribution, how to verify identities, who’s responsible for what, how to settle disputes, and what exit strategies look like. Make sure everyone's incentives and penalties are aligned--not just the APIs.

---

Failure pattern #4: Compliance misreads and timing errors

• DSCSA apps were all about promising that sweet “end-to-end chain.” The FDA and PDG guidance really pushed for interoperable electronic tracing, along with some essential sequencing between manufacturers, wholesalers, and dispensers. They also laid out exemptions and a timeline for stabilization. If your roadmap didn’t align with those 2025 phased enforcement dates, your customers just wouldn't be able to roll you out. (fda.gov)
• On the flip side, consumer health apps that weren’t built with HIPAA in mind often overlooked the fact that they had to comply with the FTC’s Health Breach Notification Rule (HBNR). The 2024 updates really shook things up by expanding what qualifies as a “breach” (yep, even unauthorized disclosures to ad tech counted now) and cranking up the requirements for notification content and timing. This has added some serious weight to both product and operations teams. (ftc.gov)
• Over in the EU, things got a little more intense with the European Health Data Space (EHDS) now requiring interoperability for EHRs at the EU level, plus it’s creating structured pathways for reuse. If you’ve got on-chain PHI or those non-compliant “consent NFTs,” you’re looking at regulatory issues right from the start. (consilium.europa.eu)

What to Do Instead:

If you find yourself at a crossroads or facing a challenge, here are some alternative approaches to consider:

1. Take a Breather
   Sometimes, all you need is a little time to step back and gather your thoughts. A short walk, some deep breaths, or even a cup of tea can work wonders.
2. Reach Out to Someone
   Don’t hesitate to connect with a friend, family member, or colleague. Talking things over with someone can provide fresh perspectives and support.
3. Get Creative
   Engaging in a creative activity can be a great outlet. Whether it’s doodling, writing, or picking up a musical instrument, let your imagination flow.
4. Do Some Research
   Look into articles, videos, or podcasts related to your situation. Sometimes, a little extra information can open up new ideas or solutions.
5. Try a Different Approach
   If what you’re doing isn’t working, consider switching gears. Experimenting with different strategies can lead to unexpected insights.
6. Practice Mindfulness
   Taking a moment to focus on the present can help clear your mind. Mindfulness exercises, like meditation or yoga, can help you refocus and reduce stress.

By giving these alternatives a shot, you might just find a new path or solution that feels right for you.

• Make sure your backlog is synced up with the regulator’s calendar instead of just your sprints. Get those DSCSA/EPCIS milestones and TEFCA adoption gates locked into your GTM plan. Check it out here: (dscsagovernance.org).
• Create HBNR playbooks that cover breach classification, including things like “unauthorized disclosures,” FTC notice templates, and in-app messaging. Don’t wait around for the legal team to figure it out after launch. You can read more on this at (ftc.gov).
• If you’re working on deployments in the EU, make sure you’re on the same page with EHDS roles (like digital health authorities and trusted data holders) and check out the GDPR blockchain guidance (like data minimization, DPIAs, and off-chain PHI). You’ll find more info here: (health.ec.europa.eu).

---

Failure pattern #5: Over‑engineering identity and consent

Grand plans for a “self-sovereign identity for all patients” hit a snag because they asked hospitals and payers to completely overhaul their identity systems.

• The update in 2025 is all about making small, standards-based improvements: it's focused on using W3C DIDs and Verifiable Credentials v2.0 to create specific, revocable proofs (like checking a provider's credential status or prior authorization evidence), rather than introducing brand-new universal identities. (w3.org)

Implementation Tips:

Getting started? Here are some handy tips to help you along the way:

1. Define Clear Goals
   Before diving in, take a moment to outline your objectives. What do you want to achieve? Having a clear vision will keep you focused.
2. Create a Step-by-Step Plan
   Break down your project into manageable steps. A detailed roadmap can make the whole process feel a lot less overwhelming.
3. Gather Your Team
   Make sure everyone involved knows their roles and responsibilities. A strong team makes all the difference in execution.
4. Incorporate Feedback
   Be open to suggestions and constructive criticism. Gathering input from your team can lead to improvements you might not have considered.
5. Stay Flexible
   Things don’t always go as planned, and that’s okay! Be ready to adapt and make changes as needed.
6. Monitor Progress
   Regularly check in on how things are going. This helps you catch any potential issues early and stay on track.
7. Celebrate Small Wins
   Don’t forget to acknowledge your progress, no matter how small! Celebrating milestones can boost morale.
8. Document Everything
   Keep track of your processes and decisions. Documentation is key for future reference and can help others understand your work.
9. Use the Right Tools
   Leverage software and tools that can simplify your tasks and improve efficiency.
10. Stay Patient
    Remember that good things take time. Stick with it, and you’ll see the fruits of your labor!

Feel free to reach out for any questions or further guidance. Happy implementing!

• Wallet-optional user experience: this lets organizations keep Verifiable Credentials (VCs) in their current identity systems and add wallets down the line for cross-organization projects.
• We'll have VC status lists for revocation, and there won't be any on-chain Personally Identifiable Information (PII) in the credentials. Plus, audit trails will just be anchored as hashes. (w3.org)

---

What actually works: patterns we recommend in 2025

1. Integrity-anchored records and audit overlays

• Take a page out of Estonia’s playbook: use cryptographic proofs to show integrity and access--rather than relying on PHI--tied to a tamper-evident ledger. This approach allows you to detect breaches and conduct forensic audits while still respecting a person’s right to amend or erase their data. Check it out here: (e-estonia.com)

1. TEFCA-first exchange, blockchain-backed evidence

• You can easily pull and push clinical data using TEFCA or established HIEs. Plus, you can notarize consent, track provenance, and get delivery receipts all recorded on a secure ledger. This way, you have cross-party verification and auditability covered. Check it out here: (rce.sequoiaproject.org)

3) FHIR-native events with notarized checkpoints

• Send out just the essential FHIR events like Claim, CoverageEligibilityResponse, and CarePlan. Make sure to notarize those state changes. For bigger tasks, utilize Bulk Data to handle population jobs and keep track of job manifests. Check it out here: (projectlifedashboardstage.hl7.org)

4) Real Consortium ROI Use Cases

• We're seeing some real success with contracts and chargebacks--think manufacturer-wholesaler-GPO alignment, keeping up with provider directory maintenance, and managing prior-auth evidence trails. These areas are gaining traction because they help to sort out disputes and cut down on rework. Check it out over at chronicled.com.

5) Privacy-Preserving Analytics Without Moving Data

• We can leverage techniques like MPC (Multi-Party Computation) and federated learning among hospitals to analyze shared outcomes while keeping sensitive patient data (PHI) safe. By recording protocol commitments and ensuring results integrity on-chain, we're not just protecting privacy; we’re also optimizing research. Some interesting findings from EU clinical studies in 2024 demonstrated the effectiveness of MPC for multi-center research. Check it out here: (federatedsecure.com).

---

Case snapshots (what we learned)

• MediLedger (pivot): After a few years of running DSCSA pilots and working on VRS routing, the network switched gears to focus on where participants could see a clearer return on investment--specifically, contract and chargeback alignment. They even sold PVS to NABP on January 31, 2024. The takeaway? Always follow the money; just because something’s a compliance pilot doesn’t mean it’ll turn into a lasting product. (chronicled.com)
• Synaptic Health Alliance (focus): They kept things simple and concentrated on provider directories, getting operational in multiple states on a permissioned chain (Kaleido). One member even reported a jaw-dropping 500% ROI! The lesson here? Having deep, specific value is way better than going for broad ambitions. (synaptichealthalliance.com)
• Estonia KSI (architecture): This one’s all about anchoring integrity and access events on a national level rather than just data. The key takeaway is that you can achieve auditability without needing on-chain PHI, making it a sustainable option. (e-estonia.com)
• Avaneer Health (productization): They shifted from trying to be “a network for everything” to providing concrete revenue-cycle solutions, like Coverage Direct and real-time adjudication, all while enabling peer-to-peer connectivity. The lesson? Focus on the operational KPIs that providers and payers are currently willing to fund. (avaneerhealth.com)
• MedRec (prototype): This started out as an academic blueprint that inspired a lot of teams but also pointed out challenges with integration, incentives, and regulatory complexities--so not many actually adopted it in production. The takeaway? Just because something is a prototype doesn’t mean it’s ready to be a product. (media.mit.edu)

---

Technical blueprint: a lean, compliant blockchain stack for healthcare

• Identity and Trust
  • We're diving into W3C DIDs specifically for organizations like hospitals, payers, and manufacturers, along with role-based VCs for things like provider credentials, facility status, and prior authorization approvals. You can check it out more here.
  • Using enterprise wallets is totally optional; we can also back up trust registries that are managed by your own consortium.
• Data flow
  • We're using the TEFCA/HIE rail for clinical exchanges, along with FHIR R4 US Core 6.1.0 and SMART v2 for app access. Plus, we're tapping into Bulk Data for cohorts. You can check out more info here.
  • As for off-chain data, it stays put in EHRs, data warehouses, or data clean rooms. The ledger is only for notarizations, which include hashes, commitments, and VC status.
• Ledger Choice
  • Go for a permissioned ledger, like Fabric-class, EVM-permissioned, or KSI-style anchoring. It’s great because there’s no need for cryptocurrency, plus you get HSM-backed keys and privacy channels. If you want some extra peace of mind, public anchoring is an optional feature for added tamper-evidence.
  • Stick to a “hash-only” policy: keep PHI, keys, and bearer tokens off the chain. This aligns perfectly with the guidance from CNIL/EDPB. Check it out here: (cnil.fr)
• Privacy-Preserving Analytics
  • We’re diving into some cool stuff like MPC and federated learning for those cross-site analytics. Plus, we're keeping it all secure with on-chain commitments for protocol parameters and ensuring the integrity of results. Check it out here: (federatedsecure.com)
• Compliance Automation
  • DSCSA: Keep tabs on those timelines for manufacturers, wholesalers, and dispensers. Don't forget to include EPCIS exchange health checks and exemption windows! Here’s the scoop: manufacturers have until May 27, 2025; wholesalers need to be ready by August 27, 2025; dispensers with 26 or more FTEs have a deadline of November 27, 2025; and for the smaller dispensers, the date to watch is November 27, 2026. (fda.gov)
  • FTC HBNR: It’s time to step up your game with incident response! Make sure to classify “unauthorized disclosure” as a breach and whip up some FTC-compliant notices while you're at it. (ftc.gov)
  • HTI-1: Get ready to publish those FHIR endpoints, embrace DSI transparency, and start planning for USCDI v3, which is on the horizon for 2026. (himss.org)

---

Emerging best practices (from programs that shipped)

• Plan for changes and reversals right from the start
  • Using an append-only audit along with a mutable off-chain source and a verifiable new hash definitely trumps the idea of a “modifiable blockchain.” This setup is in line with HIPAA and friendly towards regulators. (law.cornell.edu)
• Governance before code
  • Make sure to lay out your contribution, reward, and penalty mechanics right from the start. A great example to check out is Synaptic’s allocation and incentive model. You can dive into it here.
• TEFCA-aware roadmaps
  • If your customers are part of TEFCA or QHINs, think about showcasing your product as an add-on for evidence, consent, or audit purposes--rather than as a competing solution. Keep an eye on how QHINs are expanding and the volume of activity as indicators of adoption. (sequoiaproject.org)
• Measure ROI in weeks, not years
  • Choose a metric that helps cut down on rework (like chargeback disputes, directory call-backs, or prior-auth cycle time). Keep track of your baseline and share the changes every quarter.
• Make cryptography seamless for users
  • Stick to familiar UX (like FHIR SMART apps and EHR in-workflow panels). Let the ledgers, proofs, and VCs work their magic in the background.

---

Red flags that predict failure (kill or fix immediately)

• “We keep (even hashed) PHI on-chain.”
• “We’re setting up a whole new national network instead of going with TEFCA/HIEs.” (rce.sequoiaproject.org)
• “Our compliance plan is ‘HIPAA-ready’ but overlooks HBNR/EU EHDS.” (ftc.gov)
• “We’ll roll out FHIR/SMART later on.” Just a heads up--procurement might hold you back. (healthit.gov)
• “Consortium terms to be decided after MVP.” Remember, network effects won’t kick in without some solid incentives and clear rules.

---

A pragmatic path to a green‑light decision

• 30-day feasibility sprint
  • Align use case(s) with TEFCA/FHIR/USCDI and compliance timelines; create a hash-only ledger footprint; pinpoint one ROI-focused workflow.
• 90-day pilot
  • Involves two to three organizations working together on a single workflow. This will include in-workflow user experience, notarized evidence, and a signed governance appendix. Don’t forget to publish those pre/post KPIs!
• 6-month scale-out
  • Bring in two new members every quarter using a streamlined onboarding process (identity verification, VC issuance, and data-sharing agreements). Activate MPC/federated analytics whenever it's suitable.

If you hit a snag where you can't demonstrate weekly operational savings or a reduction in compliance risk, it's a good idea to pause and rethink your problem statement.

---

Bottom line

Failed healthcare apps using blockchain usually stumble on business, compliance, or integration hurdles, rather than the cryptography side of things. The teams that are hitting it big in 2025 are the ones that successfully integrate with TEFCA and FHIR, keep PHI off-chain, master governance and incentives, and show tangible savings in a specific workflow before they think about scaling up.

---

Summary (for description)

A lot of blockchain healthcare apps didn't flop because of tech issues, but rather due to mismatched scope, governance, and compliance. In this post, we break down the tough lessons learned and provide a solid playbook for 2025 that integrates blockchain into TEFCA, FHIR/USCDI, DSCSA, HBNR, and EHDS. This way, you can achieve ROI while steering clear of those regulatory pitfalls.