I'm not in the field yet, but I do have a business plan that deals with US healthcare, and lawsuits and the FDA are pretty scary :)
Edit: example HIPAA fines
http://www.ama-assn.org/ama/pub/physician-resources/solution...
As another founder of a company working in a healthcare field, having done these two things, I find that much of what's in HIPAA is stuff that a good engineer would do anyway. Stuff like putting passwords on things, using encryption, having backups, not sharing data. Yes, there are some arcane things, but on the whole its a manageable affair.
What I find frustrating (echoing the concerns of the Eligible poster), is that a 5-letter acronym is enough to scare away so many people from touching entire swaths of the healthcare landscape. Yes, there are laws, but it's clear that most people haven't even tried to read them; they wouldn't stop most projects getting off the ground.
The FDA recently passed some guidelines (as you say, they're entirely reasonable, same as the HIPAA stuff), which we want to stay clear of.
As for HIPAA, I live in Uruguay and I couldn't bear the cost of even a single fine or lawsuit (however remote the possibility) before getting critical mass or funding. A funded U.S. startup, OTOH, can do that. It's just not for the lone coder or small bootstrapped team.
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidanc...
Now, some amount of pragmatism is important, and I'm sure you've made your decision in a way that's best for you. I just hope that the entire community doesn't fall into the trap of "there's this [regulatory/bureaucratic] risk, so forget it. I won't even try."
My take on these types of hurdles is that they are surmountable with a good helping of resourcefulness. Example?
In our case, there's actually not FDA approval for primary clinical use of a technique we depend on, so there would be quite a bit of legwork between us and getting to market, not to mention the hospital bureaucracy.
What we figured out, however, is that technicians in the pharmaceutical industry (and biotech) use this same technique, in similarly high volume. The barriers to them adopting new technologies are much lower, and better still, they actively demand and pay for new technologies that boost efficiency. So we're starting with them as a target market, and we'll chip away at the barriers to direct clinical adoption in parallel to revenue generation.
This is only one trick of many we're bringing to bear in fielding our technology, and some patience is required before we can realize the impact we dream of.
Handling the risk associated with being involved in medical or scientific decision-making presents its own set of challenges, as well. Briefly, our take on this is to work hard and validate the scientific merit of what we ship before we ship it. This does take a bunch of time, but having doctors and papers to vouch for what we do means that we've built trust and support in the community. Sometimes this means we ship a smaller set of features than "what is possible", but we're patient and see these products as stepping stones.
Finally, I'll note that we're a small team that's not venture -backed (at present, intentionally so). We're fortunate to have enough grant money to prevent starvation, but that's it. Really, lots of things are possible, even in the healthcare space.
