[gamble]

Sounds a lot like the medical data startup I joined ten years ago. We were so, so painfully naive about the realities of medical software. Medical records are a trivial technical problem, but an almost insurmountable political and regulatory challenge. I knew our company was doomed when we were talking to another medical software company and saw the literal wall of binders that represented a single FDA approval process submission. It is so not a market that's friendly to startups.

[devs1010]

Yes, and hospitals have arcane policies / IT departments, my dad is a doctor and the hospital he works at still has Internet Explorer 6 installed on all computers there and they refuse to upgrade it for fear it might break compatibility with some ancient software program they use they access through it. He wants me to create some little software program to see if he can get them to use it when the main system goes down but it has to work in IE6 so its kind of a nightmare and I've been dragging my feet on it because of this... its things like this that make dealing with healthcare such a pain in the ass.

Thinking about this more, its actually a bit scary if I do create something and he is able to get them to use it as I could be opening myself up to a lot of liability. I figure, as a doctor, he should be aware of all this but not 100% sure how up on this he actually is, maybe I should get him to sign something having him take full ownership and responsibility of the software

[mhurron]

>they refuse to upgrade it for fear it might break compatibility with some ancient software

It will break, in horrible and unknown ways, and even if it didn't if the company supporting it got wind that you used a different version of IE, or heaven forbid Firefox, that's probably enough to deny support. It's probably not even ancient software, they might have purchased it in the last couple of years. Medical software has to be the absolute worst made software on the planet.

[devs1010]

I think it may even go beyond that, where they have even stipulated what other software could be run on the machine. I do know, for example, that they HAVE to run XP, nothing newer, or it would void their support, etc.. its really insane how companies can get away with that, I don't even understand how for a web app (it uses a Java applet, so I guess it goes beyond a regular "web app", but still..) they can demand this sort of control over the end user's system.

[aptwebapps]

It seems like there aught to be some sort of liability for mandating insecure practices for your customers.

[fl3tch]

> the hospital he works at still has Internet Explorer 6 installed on all computers there and they refuse to upgrade it for fear it might break compatibility with some ancient software program

Meanwhile your ability to do everything else breaks through shear attrition.

[dalore]

Why can't you code it for chrome and have the computer have multiple browsers on it?

[devs1010]

its forbidden by their IT department, I don't know the whole picture, as I'm just going by what information my dad was able to pry out of them, but I think they basically have barebones machines with nothing but essential software and something such as a browser other than IE 6 isn't on that list and I guess you would have to move mountains to get them to approve it because apparently they haven't moved into this century with everyone else and are stuck in the past.

[GFischer]

I did some very basic research for an essay on "Healthcare in the Cloud", and yes, the regulatory side sounded very painful.

Among the relevant regulations, the big ones are HIPAA and HITECH:

http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...

http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcem...

A big point that I remember was that a HIPAA breach was up to 1.5 million dollars in fines.

"A maximum penalty amount of $1.5 million for all violations of an identical provision"

This is one of the markets where BigCos can and should make a difference (and loads of cash in the process, but well, that's what regulations get).

On the flip side, HITECH introduced up to 20 billion dollars in incentives for adopting Electronic Health Records (EHRs), so maybe the millions in compliance are worth it for some startup :)

I got some interesting data from here ("Opportunities and Challenges of Cloud Computing to Improve Health Care Services"):

http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3222190/

and some information by CompTIA’s Third Annual Healthcare IT Insights and Opportunities study.

http://www.comptia.org/news/11-11-16/Healthcare_Practices_Em...

[harryf]

Wonder if smartphones open up some new doors here? Assuming doctor and patient both have a smartphone medical notes for a patient are shared but only available for doctors within the physical vicinity of the patient i.e. the patient's phone acts as the gateway to that data.

[justjimmy]

Not sure if it's a viable idea with all those wireless transmissions.

[rokhayakebe]

There is a way of looking at problems from a different angle.

[tibbon]

While Obama and Congress are talking about how to make regulation more business friendly, why don't they focus on day-1 problems like this, instead of IPO problems? I've never heard of a good company unable to IPO just due to paperwork/regulation, but I've heard of many company not be able to get anywhere due to silly regulatory cruft. See the TacoCopter yesterday... FAA would never let it happen. Or your medical data startup. You can fix the problem- if they will let you.

[crusso]

>While Obama and Congress are talking about how to make regulation more business friendly [...]

Talking != doing.

[tibbon]

Very true, but its looking like Crowdfunding bill and the Access to Capital bills are moving through.

[ig1]

Look at the stats post-SOX the number of IPOs in the US collapsed and most international companies started choosing to list in London rather than NY.

[untog]

It happens far too often. Right now I'm looking at a government RFP (request for propsals) that fits what I'm doing very well. But everyone I speak to tells me that it's an entirely doomed process, and that the government will never choose a tiny tech startup over a large corporation. I'm pretty sure they're right.

[ebiester]

The trick is to get an intro to a big boy and be a sub on their contract. It takes some social proof (wins on other RFPs) and you really have to know people. It's an entirely different way of selling.

Government contracting really is a different world.

[idoh]

By law many federal agencies have to give research grants to small businesses. My mom runs a physics research company and that's how they stay in business.

You check out SBIR grants - http://en.wikipedia.org/wiki/Small_Business_Innovation_Resea...

[JabavuAdams]

> My mom runs a physics research company [...]

I'm curious -- how does this work? I.e. what kinds of organizations contract her for what kinds of tasks / duration? I would have thought that research was inherently un-estimatable.

[gautamsivakumar]

Absolutely - there is a lot of regulation which you have to navigate and there are differences between different regions and nations. It's not the most start-up friendly market, but I don't believe that is a reason not to do it :)

[dr_]

Most pure IT projects should not require FDA approval. Such approval is typically required when an actual device is involved, such as a heart monitor that connects to the patient and transmits data to the iPhone. The FDA actually has information on their site about what types of applications of this sort would require approval.

[crusso]

As I read the article, I was thinking much the same thing. This guy can build the best medical mouse trap ever -- but between the government red tape, the litigious cya environment, and the slow-to-move hospital industry, it just ain't going to be adopted.

I wish it were different.

[nradov]

Typical medical records software (EMR / EHR) doesn't require any advance FDA approval.