undefined | Better HN

0 pointsnumbsafari8y ago0 comments

Uhhhh... most orgs that run HIPAA workloads do so slavishly on Windows and EPIC, neither of which are famously what most would consider open source.

0 comments

kuschku8y ago

You’re right, the real distinction is on-premises vs off-premises, I should have made that more clear (although free software implies on-premises being possible)

numbsafariOP8y ago

I’m still confused... most orgs running HIPAA workloads are still doing so on prem, AND using very much non-free software.

Google, and Amazon, and MS, undergo extensive third-party audits and people can, and do, run HIPAA workloads there.

I’m not sure what distinction you are trying to draw.

kuschku8y ago

The distinction is that companies that require HIPAA workloads aren’t going to upload their entire dataset into Google Cloud Spanner, which is not available as on-prem version, and which isn’t HIPAA certified.

So either we need an on-prem version of Cloud Spanner, Cloud Spanner needs to be HIPAA certified, certified to match German privacy laws, etc, or Cloud Spanner can’t serve these situations.

j / k navigate · click thread line to collapse

0 comments

kuschku8y ago

You’re right, the real distinction is on-premises vs off-premises, I should have made that more clear (although free software implies on-premises being possible)

numbsafariOP8y ago

I’m still confused... most orgs running HIPAA workloads are still doing so on prem, AND using very much non-free software.

Google, and Amazon, and MS, undergo extensive third-party audits and people can, and do, run HIPAA workloads there.

I’m not sure what distinction you are trying to draw.

kuschku8y ago

So either we need an on-prem version of Cloud Spanner, Cloud Spanner needs to be HIPAA certified, certified to match German privacy laws, etc, or Cloud Spanner can’t serve these situations.

j / k navigate · click thread line to collapse