Below is the excerpt of Geoff Clapp's comments during our HealthTech Fireside Chat at 500 Startups.
Question: Are cloud-based services more secure than in-house?
"I think that when you look at the success of AWS.. now look, 3 years ago, maybe even 2 1/2 years ago, if I told you I had healthcare and were working with AWS, they would not work with you. That's since changed. Four years ago, Amazon wouldn't sign a BAA.
Right so this stuff has had to mature over time. But if you have actually sat down and done something with AWS, it is magic. And the stuff they can take care of out of the box, as an example: That the smartest people in this room, if we call got together and focused on, would be stupid. Because we need to be actually working on real healthcare problems, not solving how to block a port for the 19th time, or the 19 millionth time. So I would argue that in general, that kind of direction is the direction we have to head in. Now, to what Jason said, absolutely who do you trust. They have to be legally in place, they have to follow HIPAA, there's all those things you have to do. But the bottom line is, until we move that way, all the interoperability arguments, all of the security arguments. I recently worked with a very large healthcare system that had every single EMR you could name. Now they're moving to one direction, but that in and of itself is a security hole because half the people didn't know how those things actually worked together. So that complexity is a problem. That is absolutely the direction we have to use and I think Jonathan is 100% right about this. What he's not 100% right about is that you can flip a switch today and it's there. But that's absolutely the way we have to push. There just is no other choice. Now architecturally, solving the multiple applications problem, these requirements have to get into the process. So it's not like let's just push everything aside and do what Jonathan told us what to do, let's not push everything aside and do what AWS told us what to do. We have to set those requirements, both security, performance, uptime. All of things have to be set by us as an industry. But we're much smarter getting people like AWS to care about healthcare than trying to do it ourselves."