undefined | Better HN

0 pointstristor3y ago0 comments

> This one is big for product designers.

You're right that there are definitely opportunities for improvement here. As a Product person that has worked in EMR/Healthcare IT systems, I can tell you the biggest challenge is most of the decisions are driven by legally-required compliance. In many cases, you literally cannot make it better because the brokenness is /by design/ to comply with the law.

Nearly across the board, especially in the US, our legal and regulatory climate has not kept up with technology and often actively works to the detriment of technical innovation and improving our systems.

0 comments

artful-hacker3y ago

I'm in this business too, and it's not just the direct features supporting the law, its the law driving out time and talent trying to make things better. We don't have time to improve systems because we are all too concerned with meeting the latest regulatory pipe dream of interoperable systems.

Systems that nobody has ever asked us to use. Entire APIs with full access to key data, that nobody uses.

tristorOP3y ago

Yes, this is probably the bigger impact, to be honest. Teams have limited resources and more and more of it is cannibalized by regulatory compliance work.

giantg23y ago

We've created so much regulation that no one person can know it all - not the legislators, not the agents/bureaucrats, not the judges, and certainly not the workers or patients who would be most affected by them.

1 more reply

jimmydddd3y ago

Steve jobs mentioned this as a reason he never wanted to do enterprise sales. The user and the purchaser are two different people.

m4633y ago

I wonder how this is handled inside apple? Are apple internal tools good or terrible?

javajosh3y ago

It's an interesting question but probably covered by an NDA. I wouldn't be surprised if a lot of their enterprise software is bespoke, however.

primedteam3y ago

HITRUST certification is the most demoralizing thing I've done in my life. You need a policy, a procedure and evidence of things like this:

Shared system resources (e.g., registers, main memory, secondary storage) are released back to the system, protected from disclosure to other systems/applications/users, and users cannot intentionally or unintentionally access information remnants.

tristorOP3y ago

I understand exactly what you mean, but having done HITRUST CSF certification for a system, I will say that it is not as bad as some others, because at least HITRUST is /very/ clear in its requirements, so there's not as much vagaries and back and forth with auditors after the fact, or rushed changes. It's truly a nightmare to meet, but once done you can be assured you will pass the audit fairly.

seanp2k23y ago

Yep, try doing that in an electron context and you quickly learn why a lot of this software still runs on mainframes with UX from the 80s, hard T1 lines (if they’re lucky enough to be off ISDNs), faxing things all around since that’s considered “secure”, etc etc. A lot of startups can’t touch this stuff due to regulatory hurdles. When the first step is “go change the law”, it’s a non-starter.

bawolff3y ago

I mean, if it was really a very high security system, ensuring that confidential info in memory cannot be written unencrypted to a swap file, does seem like a reasonable requirement.

asdff3y ago

There is a reason why these things are like this. Someone with influence is making money hand over fist with the current state of affairs, so it says. Regulation are always penned by those in industry they are set to regulate with government connections. Politicians don't do anything unless there is a push for it by lobbyists or donors because that's where the incentives are.

tristorOP3y ago

For healthcare the regulations mostly entrench the big players in insurance. It’s regulatory capture 101.

asdff3y ago

And what sucks about this entire situation is even if you today fixed healthcare, because you havent fixed regulatory capture it will end up screwed up in some other direction as soon as the grifters finish planning out their graft and ringing personal phone numbers in washington DC and state capitols. Fixing regulatory capture is therefore required to solve the big problems we have, like climate change, housing, and healthcare, otherwise no fix will ever be long term and meaningful. The incentive structures with regulatory capture favor personal profit over public good every time.

JaimeThompson3y ago

Doctors and hospitals control some of the more powerful lobbying groups in the United States making it a bit strange they haven't worked on those issues.

dragonwriter3y ago

> Doctors and hospitals control some of the more powerful lobbying groups in the United States making it a bit strange they haven't worked on those issues.

Doctors and hospitals are not necessarily aligned groups (either with each other or with nurses) on the issues, and private insurers, state governments (as market participants themselves, via operating public insurers such as Medicaid agencies), and other players are also very powerful lobbies.

namelessoracle3y ago

"Doctors and hospitals" are not nurses and do not seem themselves as akin to nurses.

It's like asking why most software devs don't go to bat for technical support people.

lazide3y ago

Why when they get paid/further protected by it?

asdff3y ago

It seems the byzantine regulatory compliance software lobby is even more powerful then

j / k navigate · click thread line to collapse

0 comments

artful-hacker3y ago

Systems that nobody has ever asked us to use. Entire APIs with full access to key data, that nobody uses.

tristorOP3y ago

Yes, this is probably the bigger impact, to be honest. Teams have limited resources and more and more of it is cannibalized by regulatory compliance work.

giantg23y ago

1 more reply

jimmydddd3y ago

Steve jobs mentioned this as a reason he never wanted to do enterprise sales. The user and the purchaser are two different people.

m4633y ago

I wonder how this is handled inside apple? Are apple internal tools good or terrible?

javajosh3y ago

It's an interesting question but probably covered by an NDA. I wouldn't be surprised if a lot of their enterprise software is bespoke, however.

primedteam3y ago

HITRUST certification is the most demoralizing thing I've done in my life. You need a policy, a procedure and evidence of things like this:

tristorOP3y ago

seanp2k23y ago

bawolff3y ago

I mean, if it was really a very high security system, ensuring that confidential info in memory cannot be written unencrypted to a swap file, does seem like a reasonable requirement.

asdff3y ago

tristorOP3y ago

For healthcare the regulations mostly entrench the big players in insurance. It’s regulatory capture 101.

asdff3y ago

JaimeThompson3y ago

Doctors and hospitals control some of the more powerful lobbying groups in the United States making it a bit strange they haven't worked on those issues.

dragonwriter3y ago

> Doctors and hospitals control some of the more powerful lobbying groups in the United States making it a bit strange they haven't worked on those issues.

namelessoracle3y ago

"Doctors and hospitals" are not nurses and do not seem themselves as akin to nurses.

It's like asking why most software devs don't go to bat for technical support people.

lazide3y ago

Why when they get paid/further protected by it?

asdff3y ago

It seems the byzantine regulatory compliance software lobby is even more powerful then

j / k navigate · click thread line to collapse