IANAL and this advice is only applicable to US/HIPAA rules based on my experience building and consulting in this space.
HIPAA rules apply to covered entities, and the developer of this app does not appear to be a covered entity. If a covered entity used this service, THEY would be required to enter into a Business Associate Agreement (BAA) with the developer, at which point the developer is on the hook and HIPAA applies.
If a covered entity engages with a platform like this, without a BAA, the liability under HIPAA is borne by the Covered Entity whom the rules apply to.
That said - if you want to engage with covered entities (and I think that should be a goal) you'll need to have all your ducks in a row before they'll be interested. It's all doable though, dont let the gatekeepers push you out.
One thing I've got my eye on right now is Palantir's HealthStart initiative that seeks to streamline the compliance requirements needed to operate in this space legally. Might be worth following if you plan to take this anywhere beyond a hobby.
Last note - my statement here is only about HIPAA. There are any number of state and federal level privacy rules where liability may or may not come into play here. Have a privacy policy, follow it, protect other people's data.If you're not confident you know how to do that, find someone who is. We do have a responsibility to our users that goes well beyond our desire to learn and experiment.
This has made a huge difference in the way we extract structured data from images. Previously we had to perform a number of steps to ensure the JSON result was what we were looking for. Now we just get the function call exactly where we expect it.
As someone in a similar boat, my advice would be to start working on just driving attention/traffic to each one and see what the market tells you. It doesn't matter than your more recent idea is not as far along, there are lot of opportunities for lead generation outside of actually using the product (scorecards, waiting lists, etc...)
It doesn't matter how great either idea is if you can't get people to look at it. Focus there.
HIPAA rules apply to covered entities, and the developer of this app does not appear to be a covered entity. If a covered entity used this service, THEY would be required to enter into a Business Associate Agreement (BAA) with the developer, at which point the developer is on the hook and HIPAA applies.
If a covered entity engages with a platform like this, without a BAA, the liability under HIPAA is borne by the Covered Entity whom the rules apply to.
That said - if you want to engage with covered entities (and I think that should be a goal) you'll need to have all your ducks in a row before they'll be interested. It's all doable though, dont let the gatekeepers push you out.
One thing I've got my eye on right now is Palantir's HealthStart initiative that seeks to streamline the compliance requirements needed to operate in this space legally. Might be worth following if you plan to take this anywhere beyond a hobby.
Last note - my statement here is only about HIPAA. There are any number of state and federal level privacy rules where liability may or may not come into play here. Have a privacy policy, follow it, protect other people's data.If you're not confident you know how to do that, find someone who is. We do have a responsibility to our users that goes well beyond our desire to learn and experiment.
Good luck!
reply