undefined | Better HN

0 pointspistoleer1y ago0 comments

> How do you handle something like HIPPA compliance when you're in this situation?

I'm a dev who hasn't seen anything related to that. Since you bring it up, can you give some pointers on why something like a MySQL db coupled to a monolithic backend isn't good enough? What shortcomings did you experience?

All of the things raised in the article seem possible to solve without the need for microservices.

0 comments

mexicocitinluez1y ago

> All of the things raised in the article seem possible to solve without the need for microservices.

First, this has nothing to do with microservices. Needing cloud infrastructure and building microservices are 2 orthogonal things.

Second, it has nothing to do with the tech you're using. MySQL is irrelevant. So is a monolithic backend.

What IS important is the security and infrasture behind the data your storing. Clinical data (and data captured in EMR's) is easily some of the most sensitive stuff you'll come across (unless you work in govt). The idea that I wouldn't use off-the-shelf, already-tested solutions specifically for this problem with a cloud provider is nuts. I pay Azure peanuts compared to what I'd have to pay a full-time person to manage multiple environments, security updates, provisioning new infra, etc. And that's not even considering the actual process you need to go to connect to outside systems.

Most integrations want you to have a SOCS audits and stuff. What happens when there is a breach? Do you have the personnel on staff to understand and troubleshoot the issue? Remember the "we have your data and will release it for bitcoin" hacks? That's only made possible by these systems sitting in closets in someone's facility.

And trust me, this isn't just a "large enterprisey" problem. It's a "everyone who wants to build an app in this space" problem.

So you can use MySql (if you can host it compliantly) and I'm building what you could theoretically call a "monolithic" backend and it's working well. I use MSSQL on Azure though.

pistoleerOP1y ago

That makes sense, cloud infra does reduce risk in that sense. I assume you're allowed to say "we need to be compliant with X, and our cloud provider is compliant with X, therefore we are compliant with X".

When something bad does happen, is the cloud company liable?

mexicocitinluez1y ago

Most of it falls on the shoulders of the providers not cloud companys. One aspect that's reappy hard to control is the whole human side of things. Most of my time in the "healthcare security" side of things is with employees opening emails with viruses in them and their constitutional incapablility of not clicking on links in emails.

Im a developer who is a CTO for a healthcare company (not like a big corp or anything) and also administers an Office 365 tenant while building out custom apps and an EMR. The office side of things is so much harder to get secure.

j / k navigate · click thread line to collapse

0 comments

mexicocitinluez1y ago

> All of the things raised in the article seem possible to solve without the need for microservices.

First, this has nothing to do with microservices. Needing cloud infrastructure and building microservices are 2 orthogonal things.

Second, it has nothing to do with the tech you're using. MySQL is irrelevant. So is a monolithic backend.

And trust me, this isn't just a "large enterprisey" problem. It's a "everyone who wants to build an app in this space" problem.

So you can use MySql (if you can host it compliantly) and I'm building what you could theoretically call a "monolithic" backend and it's working well. I use MSSQL on Azure though.

pistoleerOP1y ago

When something bad does happen, is the cloud company liable?

mexicocitinluez1y ago

j / k navigate · click thread line to collapse