| I'm the technical co-founder of a startup[0] that stores patient data, and I know a couple of people who are working on what they call "Heroku for HIPAA-compliant applications" (slightly different from what TrueVault is, though it serves a similar consumer base)[1]. When I first heard about this and started building our application, I was surprised nobody has tackled this space before. Building HIPAA-compliant applications on AWS is a lot easier[2] than most people think, but it's a huge pain. More importantly, it's the same huge pain for almost everyone who goes through the process, and in a way that's rather easy to "factor out". In that regard, it's not that different from HR or payroll services, which startups almost never do in-house (once they are larger than a few employees, and until they get to be fairly large). It looks like we're a bit beyond the stage where TrueVault would make sense for us, but I'm glad that this space is starting to attract attention. Technical founders should spend their limited time on building amazing technology and amazing products, not duplicating the same compliance work that everyone else has had to go through. [0] https://www.boardrounds.com/ [1] The company is Aptible: https://www.aptible.com/ (We aren't customers of these folks, though we like their product) [2] None of it would be too technically difficult for most of the people reading HN - it's more the diligence of checking boxes, writing up policy docs, etc. It's important to do it right, but it's generally a matter of time (and money) more than anything else. |