[duffpkg]

This also makes it infinitely more useful for healthcare. Not healthcare software specifically. Lots of use cases in logistics, irl maintenance, etc. Patient data creates hipaa challenges and tends to overflow into any system.

[mannyv]

Nothing in HIPAA mandates air gaps. In the context of HIPAA that's really overkill.

In fact, self-hosting might even do you wrong when things go bad, because AWS is probably better managed and more secure. And they have all their certs, which is legally important.

[viharkurama]

+1. We already work with a few healthcare teams, and self-hosted is almost always their go-to. Our air-gapped edition has been in beta for a bit, and we’re seeing more use cases pop up—especially in places where HIPAA and data isolation matter a lot.

[tptacek]

Why would a health care org care about air-gapped deployments? Most (really, almost all) health care data is stored on cloud SAAS databases already; for people who care, this vendor already had an on-prem version.

[SMrF]

What you say makes sense, but I think there can be reasons. For our military customers we offer an air-gapped version of our app early on because it was easier for customers than getting an ATO. Also as a bootstrapped company it was a lot cheaper than FedRAMP. I'm guessing I'd lean on a similar strategy if I had a health care startup.

[tptacek]

Most health care companies get along just fine in AWS, just for what it's worth.