Hacker News new | ask | show | jobs
by v4dok 1197 days ago
I like the idea, but I would like it even more if it was on-prem. The doctors (at least in EU) will be very wary of having their client meeting essentially recorded by a third party. With this as a cloud SaaS, patient confidentiality is essentially broken since the raw data is available to you while you transcribe it. I understand that you compete with "google speech-to-text" but this is not a feature meant to be used by doctors (even if they "illegally" do).

Obviously the business model is harder with on-prem, but cloud-first for doctor notes is in the long run much harder.
2 comments
agilob 1197 days ago
There are so many regulations and certifications to do that there are no chances anyone will have money and time to do all paperwork to host it on-perm. Because of these regulatory reasons most hospitals use so old systems that it surprises no one to see Windows XP with IE6 there. I had the pleasure myself of fixing a Material Angular bug that wasn't displaying form fields validation correctly in IE6 only 2 years ago, and that was for network of hospitals in Canada, US and Germany. Effort to allow them to use anything newer is too big and there are too many documents to review. It's simply cheaper to keep WinXP and IE6 running for as long as possible.
link
v4dok 1197 days ago
I've read about yesterday someone running LLAMA in a single GPU. Maybe if you optimise the model enough, you can give it to them as a box.
link
actionfromafar 1197 days ago
Off prem is also a rats nest of regulations.
link
agilob 1197 days ago
Yes, but it's done once, on demand for each customer and service-wide certificates don't expire for a few years or releases, so the cost is lower.
link
Spivak 1196 days ago
Yep, I worked at a med-tech company and one of our biggest-value adds was that we were HIPAA compliant and part of Direct Trust — 10k customers one certification.
link
ar7hur 1196 days ago
Thanks for your comment.

We plan to offer an on-prem option eventually.

In the meantime: - we offer a GDPR compliant EU-based hosting option - we don't store anything (no audio, no transcript, no note): it's stateless and all erased at the end of each consultation - data is pseudonomyzed as it flows though our systems

Our first customers (large healthcare orgs) have been OK with this so far!

link
barnd4 1196 days ago
Hi, I have two questions.

First question - you say that you don't store anything (no audio, no transcript, no note), but your legal agreement says that in order to use this service, the doctor asserts to you that they have gotten consent from the patient for you to reuse all data processed through the service for research and development, and to improve the performance, models, and algorithms of this or any other solution you come up with in the future. Why the difference and how do you square A with B?

"Due to the substantial financial, material and human investments made by NABLA within the framework of the Contract for the development and updating of the Solution, NABLA wish to be allowed to reuse the data processed within the framework of the Contract.

The CLIENT, when applicable in the name and on behalf of the DATA CONTROLLER, warrants that the Data Subjects have been informed of their rights and have given their consent for the use of their data within the framework of the Contract when required by applicable laws or the Regulation and authorizes the DATA PROCESSOR to reuse the Data processed within the framework of the Contract, as long as the latter undertakes to comply with the Regulation for all of this Data, for the uses listed below:

- research and development of the Solution,

- improving the performance, models and algorithms developed and trained by NABLA in the context of the Solution or any other solution published by NABLA,"

Second question - you say that you don't store anything (no audio, no transcript, no note) and that it is all erased at the end of each consultation. But do you store any artifacts derived from the audio, transcript, or notes of a consultation, like data processed directly or indirectly from the audio, transcripts, or notes of a consultation that is fed in to an AI model, ML model, or other dataset that you persist after the consultation?

link
v4dok 1189 days ago
I am in this space, dealing with similar problems with similar organizations. Any DPO that is not listing you as a shared controller will be acting illegally. And they might, its still a grey area, but how many of those assesments can you handle before your CAC becomes too much? Don't get me wrong I really think that it can help a lot on HCLS space if you want to chat more shoot me an email contact_vdk@proton.me
link