Good point. Will add this to website now: 419 Fulton Street Suite F San Francisco, CA 94102.
Sidenote: this is the reason why great hackers stay out of healthcare. you're scaring people away with this comment. I understand privacy needs to be taken seriously, but I do not think it should stifle innovation.
At the same time, I'm sure you've looked into the HIPAA regulations, and talked to folks about them...
As another founder of a company working in a healthcare field, having done these two things, I find that much of what's in HIPAA is stuff that a good engineer would do anyway. Stuff like putting passwords on things, using encryption, having backups, not sharing data. Yes, there are some arcane things, but on the whole its a manageable affair.
What I find frustrating (echoing the concerns of the Eligible poster), is that a 5-letter acronym is enough to scare away so many people from touching entire swaths of the healthcare landscape. Yes, there are laws, but it's clear that most people haven't even tried to read them; they wouldn't stop most projects getting off the ground.
Actually, in my case, we wanted to build a healthcare app (yet another medication manager).
The FDA recently passed some guidelines (as you say, they're entirely reasonable, same as the HIPAA stuff), which we want to stay clear of.
As for HIPAA, I live in Uruguay and I couldn't bear the cost of even a single fine or lawsuit (however remote the possibility) before getting critical mass or funding. A funded U.S. startup, OTOH, can do that. It's just not for the lone coder or small bootstrapped team.
I can understand the fear of a lawsuit or fine; these things seem wholly beyond your control. What I don't like is paralysis that comes with that.
Now, some amount of pragmatism is important, and I'm sure you've made your decision in a way that's best for you. I just hope that the entire community doesn't fall into the trap of "there's this [regulatory/bureaucratic] risk, so forget it. I won't even try."
My take on these types of hurdles is that they are surmountable with a good helping of resourcefulness. Example?
In our case, there's actually not FDA approval for primary clinical use of a technique we depend on, so there would be quite a bit of legwork between us and getting to market, not to mention the hospital bureaucracy.
What we figured out, however, is that technicians in the pharmaceutical industry (and biotech) use this same technique, in similarly high volume. The barriers to them adopting new technologies are much lower, and better still, they actively demand and pay for new technologies that boost efficiency. So we're starting with them as a target market, and we'll chip away at the barriers to direct clinical adoption in parallel to revenue generation.
This is only one trick of many we're bringing to bear in fielding our technology, and some patience is required before we can realize the impact we dream of.
Handling the risk associated with being involved in medical or scientific decision-making presents its own set of challenges, as well. Briefly, our take on this is to work hard and validate the scientific merit of what we ship before we ship it. This does take a bunch of time, but having doctors and papers to vouch for what we do means that we've built trust and support in the community. Sometimes this means we ship a smaller set of features than "what is possible", but we're patient and see these products as stepping stones.
Finally, I'll note that we're a small team that's not venture -backed (at present, intentionally so). We're fortunate to have enough grant money to prevent starvation, but that's it. Really, lots of things are possible, even in the healthcare space.
illustrated one of the main problems: the legal framework surrounding malpractice is completely screwed up. In the article, it is claimed that
"As it is now, a doctor or hospital can be sued if the plaintiff can show that “normal standards of care” were not followed, even if those normal standards of care are inappropriate."
Assuming that this is correct (I am neither a physician nor a lawyer), this basically freezes innovation, and makes it nigh impossible for innovation to occur.
You mean that I'm scaring people away and stifling innovation by asking what's your address and company data?
In other words, just in case I don't understand - a random poster on HN can stifle innovation in the healthcare industry by posting a half serious (missing address) half joke (suing anyone) comment ? I'm so happy I live in Europe :)
And there are places other than the US to sell products too. I'm not advocating insecure data, but some systems are different to the US, less litigious etc.
And the systems I'd most like to see improved are not accessible remotely (or rarely are), or are comparatively easy to secure (or seem to be to a layman at least), or are basic and loss of the info wouldn't get anyone anything they couldn't find out already (proper hospital rosters is what I have in mind. Wow hospital rostering systems are crap).
https://www.eligibleapi.com/about-us - nothing https://www.eligibleapi.com/privacy - nothing https://www.eligibleapi.com/security - nothing https://www.eligibleapi.com/faq - yay, there's an email address :)
Seriously, what am I missing?