MedStack Acquires Exos to Further Disrupt Healthcare Compliance Industry


Exos by MedStack colour

TORONTO, October 3, 2023 – MedStack, a Toronto-based data security and privacy compliance solution for digital health startups, has formally announced that it has acquired the assets and brand of Exos, a governance risk and compliance (GRC) product designed exclusively for companies who need to establish compliance programs that meet North American healthcare industry regulations.

The strategic acquisition, completed for an undisclosed amount, bolsters MedStack’s existing platform offering and further establishes MedStack as an emerging leader that is disrupting the traditional healthcare compliance industry. 

Exos, now known as Exos by MedStack, complements MedStack’s existing mission of enabling healthcare innovation by eliminating complex data security and privacy compliance barriers.

According to MedStack Co-Founder and CEO Balaji Gopalan, this is the key to solving the world’s growing healthcare capacity crisis.

“Exos by MedStack marks a massive step forward in the evolution of our company,” says Gopalan. “We know from years of working with digital health startups that they require a single, turnkey compliance solution that is not only easy to use, but allows them to meet the full suite of administrative, technical, and physical compliance requirements that healthcare enterprises demand.

Now, paired with MedStack’s existing platform offering, we are the only solution available on the market that can address all of these needs, offering the fastest path to becoming 100% compliant and accelerating the delivery of trusted, enterprise-ready solutions to market.”

Exos by MedStack includes employee video training, proprietary policy and procedure templates that can be easily customized, and documented workflows, all necessary pieces in order to satisfy the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

For existing MedStack customers, these policies and procedures are fully inheritable and reflect the real-time state of applications built using MedStack’s platform, a distinct advantage over existing GRC systems and enterprise risk management (ERM) solutions.

MedStack is a trusted partner for an impressive roster of digital health companies across the globe building a variety of healthcare solutions, including telemedicine, mental health, insurance, AI, chronic disease management, digital therapeutics, and clinical workflows.

Its customers include Benekiva, a leading US insurtech provider, and Emovi, a Series-C medical device company recognized by the American Academy of Orthopedic Surgeons.

The news regarding MedStack’s Exos acquisition is the latest in a recent string of major company announcements, most notably the company’s expansion into Europe, the Middle East and Africa (EMEA) and the formal addition of GDPR compliance support. 

Earlier this year MedStack also earned the distinction as the #1 HIPAA compliance solution by G2, the world’s largest and most trusted software marketplace, as well as “Best Overall Healthcare Cybersecurity Company” by MedTech Breakthrough, an independent market intelligence organization. 



About MedStack


MedStack is a cloud automation technology company built specifically for the needs of the digital health industry. Its standardized platform allows healthcare innovators to deliver ready-to-buy, compliant applications to market and is emerging as the de facto standard for delivering industry requirements for digital health. MedStack is trusted by hundreds of leading digital health companies across North America and has been accepted in implementation by several notable payers and providers. The company is proudly based in Toronto, Canada.