Google is absolutely doing the right thing. Anything that can be done to enhance the efficacy of EMR software will help lead to better patient outcomes. As far as I can tell, Google is approaching the problem foremost from the perspective of "how can we make people healthier by making software more effective." Epic and Cerner are simply not doing that. Somewhere in the comments here someone mentioned that most EMR software is a billing system with record keeping attached. Although implementations vary between hospitals, the software is always purchased by administrators, typically with little input from doctors.
In most implementations, neither Cerner not Epic encourage structured data recording except for billing codes. This means that if a patient comes through the medical system frequently, doctors have to read pages and pages of unstructured text to get a sense of what's going on for the patient. The software is designed to be sold to administrators and, as currently designed is unquestionably leading to worse outcomes for patients.
Google has made a lot of mistakes. If they build something doctors truly want to use and that helps properly organize information, however, and if Google doesn't misuse the data/people aren't unreasonably paranoid about data misuse, it will be a godsend for the industry and it will save lives.
We haven't even begun to talk about the potential for machine learning and statistics to understand what treatments are most effective if data are structured properly. This is unquestionably an interesting and unique case where collecting massive amounts of data and handing in to a trusted, competent, creative, research-oriented authority could have incredible benefit for mankind. I don't trust Cerner or Epic with this mission for a second.
The problem is that Google has the most obvious conflict of interest of all cloud and AI providers when it comes to data use.
Many people simply don't believe anything Google says, and even those who do believe them to some degree know that others won't.
Google has become a reputational hazard in fields that deal with sensitive data such as healthcare.
Some decisions made by current management don't help at all. Instead of separating the advertising business from other activities like cloud and AI, they are moving in the exact opposite direction.
It's data ownership laws and adequate monitoring (including whistle blower laws with adequate rewards) and enforcement that is necessary. Replace "Google" with any unknown or known bad actor that can be taken over by a bad actor, and we return to the same problem.
At the end of the day you're right, but look at it from the perspective of a healthcare decision maker.
What if something questionable happens, even if it's legal, and you're found to have handed over patient data to Google, the largest ad targeting firm on the planet?
Pointing at legalities will not save your reputation or your job in the face of glaring misalignment of interests.
It's like letting your dog guard your employer's sausages after giving it state of the art training in self control.
I understand that monitoring and keeping people in check, and perhaps you're right that there should be a physical barrier between certain systems, however there's still nothing stopping bad actors from infiltrating in these systems. I personally think ads should be obliterated, as they're simply shallow and cheap methods of manipulating people; Presidential candidate Andrew Yang's plan is to tax ads higher in his VAT strategy than other things, progressively increase it over time, basically as a mechanism similar to a carbon tax countering pollution that's bad for us. Tesla spends no money on advertising, the word of mouth and media attention they get is all earned - meanwhile other vehicle manufacturers compete through emotional ads spend money which increases the cost of the vehicles, perpetuates the ad industrial complex, and to some degree limits people's depth of critical thinking for their buying decisions re: the emotional manipulation of ads bombarding them to build a good, relatable feeling, familiarizing them with specific products to make it feel like a safe, good choice.
I don't think ads should be obliterated. People will always try to influence other people and ads are just one way of doing that. In my opinion, there are far more nefarious, manipulative and intransparent ways of pursuing the same goal.
Also, ads are currently indispensible for privacy as weird as that may sound. There is currently no widespread, privacy preserving form of electronic payment, and I very much doubt that there will ever be one.
What we should do is regulate/restrict ad targeting and make sure that advertising is as transparent as possible.
But none of that has anything to do with Google's reputation issues and conflict of interest. Google should split off its ad business from all other activities. Otherwise they will always remain an advertising company and distrust in everything else they do will only grow.
How about an "ad system" that people actively engage with when they're wanting to discover vs. being bombarded everywhere - perhaps not understanding the implications of manipulation of ads have on them? At minimum it changes the user experience greatly.
We can always wish for things to be less annoying, but the difficult question is how to make it happen without causing more unintended consequences than intended ones.
You have to ask yourself what advertisers would do if you ban those in-your-face super annoying ads. Stop spending money on trying to influence our decisions? I don't think so.
Except other methods will certainly cost more, bringing their cost of products up, and so someone's products who are better and known as such through word of mouth will have a competitive advantage on price.
The problem I have with this is the simple fact, that an ad company can never know my medical history. Intentions and benefits aside, this is not solvable by Google.
> people aren't unreasonably paranoid about data misuse
Is this a joke? Google is an ad company. And if I look at the US, I think there are periphery problems here.
What really improves the situation in the medical field are large databases of indications.
A remote city or village has a few general practitioners. They cannot know about any form of illness that has been indentified. To help them, they need an information infrastructure to support them for diagnostics. That would help people and might save lives.
> We haven't even begun to talk about the potential for machine learning
Then you just have to ask patients if they want to share their data. That is not asking to much. Until then medical data should be protected.
Neither are Chrome or Android (or all of the other Google products that were once silo'd from each other through privacy agreements and could have been monetized in other ways)
Now they all do their best to feed your data straight into Google, while other similar products do their best to protect it. How long until GCP says 'let's pool all of our data for machine learning' or 'centralize your network traffic for security analysis' and 'We've updated our privacy policy, please leave immediately if you don't agree to the updates'
Oh come on. There are contracts with GCP customers in place. There is a massive set of regulations around data misuse. Do you really think Google would risk the company-destroying liability of being caught using data improperly (something that‘s not in their T&c)? Who‘s to say there wouldn‘t be whistleblower tomorrow.
A company can do more than one thing. It probably would be a decent idea to make GCP a subsidiary, just so it‘s absolutely clear to everyone. Their capabilities in data analysis and ML make this an ideal project.
Like why is no one saying Amazon might be misusing data from AWS to benefit themselves. This just seems like the usual HN bias.
Has any company ever been punished for data misuse (i.e. severely, enough to make other companies think twice before doing the same thing)?
Apple listens to Siri conversations, whatever. Experian leaks private data, no biggie. Experian gets hacked, oops. Grindr sells your sexual orientation data, business as usual.
Different scenario. Voice assistant customers are regular users. The opposing side is a government agency who collects fines.
In a cloud data misuse case the civil liabilities are actually terrible, because you’re going up against other cash-rich corporations. Insert saying: stealing from the poor vs stealing from the wealthy.
Actually a lot of people point out that Amazon abuses it's storefront data as market research for it's own first party products on a scale nobody else can match. (And then, in turn, gives its first party products better placement in the store, to then crush the competition.)
The difference is, Amazon hasn't demonstrated a massive desire to collect and use health data, and fundamentally, isn't an ad company.
The other thing you're forgetting is that Google regularly changes the terms of the agreements it makes. When it bought DoubleClick, it swore that DoubleClick would never be able to access people's Google account data and that there would be a clear firewall of ad personalization information. Up until they changed their terms of service so that they could: https://www.propublica.org/article/google-has-quietly-droppe...
Google literally embodies the classic "I am altering the deal. Pray I do not alter it any further." Just because they claim they won't abuse the health data they are zealously collecting today doesn't mean they won't change their mind tomorrow.
An ad company should not be allowed to hold your health data.
Amazon using it‘s marketplace data for their own purposes, while obviously also problematic, is not the same thing as going behind their AWS clients back and using their data. The data literally belongs to the client.
I‘m pretty sure they are only accessing their data as allowed by the contracts for maintenance for example. Likewise for GCP and Azure.
Regarding your second argument. Doubleclick is on the consumer side. That‘s why GCP has it‘s own CEO, it‘s own buildings and org in general. They are seperate from the consumer side.
Put yourself in Google‘s shoes. They can make tons of money by revolutionizing the health care sector, improving patient care at the same time. Why would they fuck it up by feeding data to the ad side illegally. The risk is too high. No one would ever trust them again and they‘d probably be sued out of existence.
Is it not feasible that they are simply trying everything they can to become less reliant on ads. They have stated several times that the cloud side will be the dominant revenue source in the future. Is that possible? No idea. But strategically it makes sense to push cloud with all possible force.
I doubt that the data flow will be contained within these "mini companies". Formally they are the same company and even with the inefficiency of large corps, I doubt that Google doesn't have the capabilities to efficiently exchange information.
That aside, I do not want to rely on the inefficiency of internal processes for data protection.
The data flow is quite well-contained. I obviously can't offer you proof that you'd be likely to accept, but I do work on GCP and have experience with how data is partitioned.
I do not, however, believe that Google has any incentive to keep it that way, once there's buy-in. What Google's doing here is great, but on the other hand it's Google that's doing it.
Let's assume Google pulls a "gotcha" five years down the road and meshes its medical data into its advertising data.
What incentive do doctors and patients have to keep vending the data to Google at that point? And what incentive would other Cloud customers have to trust their data wouldn't get aggregated?
The GCP business model is different from Google's other business models and they know it.
The problem here is that even if that is the case at the moment, the same organisation still has possession of the data and those partition walls can probably be moved later if the leadership of the organisation decide to do so.
Regardless of your personal good intentions and honesty, or anyone else's working there right now, a lot of people are never going to trust an organisation with the track record and potential conflicts of interest that Google has to process sensitive personal data responsibly. Its leaders and the investors backing them made their bed by helping to create the culture of pervasive involuntary surveillance that we all now suffer, and they will forever have to lie in that bed as a result.
It's unfortunate, because clearly there is considerable potential for improving patient outcomes through better use of big data and automation in medicine, and no doubt many of the people working on these kinds of projects have nothing but good intentions. However, until the culture of the technologists operates on the same kind of ethical and legal level as the culture of the clinicians, I don't see how the trust is ever going to be there now. The individuals doing the work need to be personally responsible for behaving ethically, even if they are directed to do otherwise by their superiors, like doctors and real engineers. Organisations that fail to meet the required standards need to face penalties that are an existential threat, so their investors stand to lose everything and their leaders can end their own careers if anyone breaks the rules deliberately or through gross negligence. Without those kinds of obvious, strong incentives, with the way so many players in the tech industry have exploited people's data in recent years, I think the barrier may simply be too high to clear.
> In most implementations, neither Cerner not Epic encourage structured data recording except for billing codes.
> The software is designed to be sold to administrators and, as currently designed is unquestionably leading to worse outcomes for patients.
disclaimer: I’m a former Epic employee who worked on their inpatient app.
Do you have data or literature to support these statements for a typical Epic implementation or is this just anecdotal and biased?
Although there were ALWAYS some sort of issues and pushback from clinicians during implementation and go live, Epic software and data flow literally revolves around patient care and not billing. I don’t recall exactly which apps came first when Epic was born in the 1970s, but I believe their billing and admin apps came much later than many of the clinical apps. It’s actually why they still use a backend on top of mumps and cache, because the way data is stored and flows in these systems can do so literally around the core patient data structure, which should theoretically make a clinicians job easier to review a complete patient record (not make it easier for billing).
Generally agree with your sentiments, with one correction: Scheduling/Revenue apps came first (Cadence was the first app to go live in 1983) with clinical apps launching in the 90s (Ambulatory in 1992 and Inpatient in 1998).
I try hard not to give my data to Google, for a lot of reasons. As a patient, having my healthcare provider hand my data over for them to monetize in God-knows-what ways is...undesirable.
This is where things get mixed up. EPIC is suggesting that using Google Cloud is somehow equivalent with handing data over to Google so that Google works with that data.
These are absolutely, extremely different. Assuming that Google will somehow break into your VMs or GKE clusters to get data out and monetize it is crazy, of course, but EPIC tries to suggest that.
Google is an unethical technological giant based in a major power (read: zero consequences). The data they would receive from this is extremely sensitive, and therefore lucrative. At the very least, their government would be interested in this information and they would be a good target for such interest simply because of their size and severely lacking ethical compass.
All these things taken together means it is not crazy to imagine that this is the case. If it is not the case currently, we have to assume it will be the case soon and that when it does become the case, historic data is still available. They are therefore always a bad choice.
I was actually referring to Google teaming up with Ascension to “share data”, which is what the second half of the article is about (and thus presumably related to this decision?). I don’t think Google would be so brazen to do what you’re suggesting, their typical playbook is to hide behind euphemisms and reassurances about the security and anonymity of your data, while providing no evidence of either, and then quietly profiting from it.
> if Google doesn't misuse the data/people aren't unreasonably paranoid about data misuse
It’s pretty hard to trust google from where I’m standing right now. So many incentives to do the wrong thing.
Edit - I can’t help but to say they are still better than most... at least for now. They should get some credit for their track record. It’d just be nice to know how their incentives are still aligned to the end consumers, and how to know how that would change.
-> most EMR software is a billing system with record keeping attached
not really. Maybe that's how they started, but that's not what they have evolved into.
-> the software is always purchased by administrators, typically with little input from doctors.
again, maybe that's how it used to happen but anywhere that I've worked or consulted on has a myriad of doctors, nurses, etc that have input. The last hospital I worked for wouldn't even let us change a single field in the EMR without it being approved by a committee of nurses.
-> In most implementations, neither Cerner not Epic encourage structured data recording except for billing codes.
This is not true at all. In fact, it is the clinicians' preference to write or dictate notes that is the reason for this. Both Epic and Cerner provide digital forms that allow for selections from lists or checkboxes which are then stored as discrete data elements in their respective databases. I'm not going to say either are perfect and - surprise! - clinicians hate change so they always hate their EMR, but it's not for the reasons you state.
I'm curious which division of Google you work for and how much experience you have working for an EMR vendor or healthcare system.
Google is absolutely NOT doing the right thing here. They’re are stealing people’s private medical data without their consent.
|and if Google doesn't misuse the data
-Don’t worry, they will, like every piece of data they’ve ever fathered.
|people aren't unreasonably paranoid about data misuse,
-They are, because google has shown they can’t be trusted ever. They view fines as the cost of doing business so why should they care?
>In most implementations, neither Cerner not Epic encourage structured data recording except for billing codes. This means that if a patient comes through the medical system frequently, doctors have to read pages and pages of unstructured text to get a sense of what's going on for the patient. The software is designed to be sold to administrators and, as currently designed is unquestionably leading to worse outcomes for patients.
So instead doctors need to spend hours typing up their notes using the just correct code or term so it's structured? As I understand it, doctors find having to type things into EMRs to be a giant time sink as it is that takes away from their ability to care for patients.
I agree with your comments about how EMRs are bought by executives not doctors. This is exactly the same as companies buying SAP and then everyone else is stuck implementing it for 2 years and then hates using it daily. I work in healthcare and have literally never met a single person who uses Epic not absolutely HATE it!
Healthcare can't be fixed with software or cloud providers. Healthcare is a problem of four groups with misaligned incentives. Any "solution" usually only considers one or two of these groups. The only way to solve healthcare in the US is to push regulations via CMS (Medicare). Medicare is such a huge piece of the pie that they drive the ship. Anything they mandate will move to commercial payors since they need to implement it everywhere anyway.
Healthcare is like homelessness. It is a political problem not a technical problem without solutions. We know what will fix it, we just don't have the will to do so.
I'm in healthcare software, worked for epic, and now am trying to solve part of the problem. If love to learn more about what you think are the 4 corners thar need to be solved.
The four groups are the payors, the health systems/providers, the employers and the patients(employees). It is almost impossible to balance four competing goals.
The solution is to make it fewer competing concerns. We need to make employer provided healthcare illegal (go back to pre WWII) and force competition on the open market. We can still have you buy your own with HSA pre-tax dollars. We need to move to reference based pricing. Payors can't charge more than 1.3 * Medicare. This also solves the "out of network" bullshit, it is all the same so just pay. We also need to separate wellness/preventative from "health insurance". The one you know you will and should perform annually and the other is against catastrophe. Unfortunately, today we treat them as the same thing. I don't think a Medicare for all works but I do think it might work if it was for primary care only. Specialty care and Urgent/Emergency care could be handle by private payors.
I just don't understand how Google, as a server and storage provider for any EMR, could use the data themselves for anything. Because HIPAA. Yes, it's possible to anonymize patient data for use in research. But the anonymizing techniques are subject to review by the researcher's Institutional Review Board. They review the purpose of each study, the use of the data, and the ways the study preserves patient confidentiality.
Institutional Review Boards are responsible for ethical scrutiny of research involving human subjects. Informed consent, safety, etc.
As long as HIPAA is intact, I'm not sure any panic about misuse of patient data is justified, by any cloud provider.
> Existing players in the health-care data market also fear that the tech giant will gain too much power in their industry. Some hospital and technology executives say they declined deals with Google lest it become a future competitor.
> “We could never pin down Google on what their true business model was,” says a Cerner executive involved in the discussions.
Oracle has done the same in the last 25 years.
Company I worked for used Oracle database for an enterprise system.
Oracle over the years, acquired some of our competitors.
Then every time customers would need to renew database licenses with Oracle, Oracle's sales reps would try to sell them the competing enterprise systems that they had acquired.
>> “We could never pin down Google on what their true business model was,” says a Cerner executive involved in the discussions.
I think they really do understand what the Google true business model is, and this is exactly why they say that and avoid giving Google the access to the data.
Epic is a cash cow private company. Sutter Health in the Bay Area paid $1B for its EHR. Epic stays quiet to protect its walled gardens; deeply integrated into hospital infrastructure. No doubt Google is a threat to them.
I talked to a doctor at Stanford and he mentioned to me one reason why the main Stanford Health and Stanford Children's Health have separate patient portals (not unified) that you have to create separate logins for is because of the huge amount Epic wanted to charge to merge them. (They both run separate Epic instances as far as I can tell)
I used to go to NYU medical, which uses Epic. As janky as their interface is, it was nice enough to use and see all my charts, etc, as well as communicate with doctors over email. So when I moved to another city I specifically chose a medical system that used Epic. Once I got my login I then logged into my NYU Epic to initiate a data transfer and wouldn't you know it... it was impossible. After digging around to no avail I contacted my new provider and they told me the best thing to do is print out a PDF of my medical history in NYU's Epic and they would scan it back into their Epic... with a complete loss in structured historical data (bloodwork, vitals etc). Insane.
They're not entirely tolerated fortunately. The US government has been taking action to tear down EHR walled gardens via the Cures Act[1] which is manifesting in public access APIs called FHIR.
FHIR is nice but doesn’t completely reduce the complexity of integrating the underlying data itself considering the mess that is HL7 and mess that occurred with v3.
The situation is sort of like moving from SOAP+XML Schemas to REST/JSON. Easier to develop, but the underlying data structures are still extremely complicated and tricky to get right.
This is especially true when dealing with ancient systems written in niche languages/database hybrids (MUMPS comes to mind): https://en.m.wikipedia.org/wiki/MUMPS
From what I understand this is the norm in the US. For another example, see credit reporting agencies. Control of critical infrastructure is given to private companies under the assumption that competition will make them do good. In practice, most competition goes away immediately and the maximization of profit destroys any remaining incentives to not be horrible for everyone involved.
As a former hospital IT employee, as it was told to me by my IT management, you don't get to pick Epic as your EMR; Epic somehow "decides" you're worthy enough to buy it.
Then once you do, you're told who to hire, what to buy, what to train on, what to overall do, and if you don't do that they hold your support costs hostage under the guise of a "quality installation score". Not to mention the no-competes they slap on hospital staff so they can't bail as soon as Epic goes live.
This is a head-in-the-sand move by US companies (not just Cerner and Epic, but the hospital system CIOs). If they really think Google is going after healthcare data, they should keep in mind Google is already working with NHS and has a little thing called the Billion Users project focused on India. The British and Indian populations have the same health problems Americans do. Proportions might change, but the content is qualitatively the same.
Also, I wonder if AWS is pushing their heads into the sand. Particularly now that Cerner committed to AWS but DoD gave Jedi to Azure (Defense Health and VA are migrating their medical records to Cerner). AWS may be pressuring a customer (Epic) to squeeze their customers. Which absolutely sounds like something I'd expect from Amazon.
Epic is ruthless and takes competition out by any means necessary. They are a dinosaur that avoided competition for decades, and Google is a massive thread. This is good news because they are scared, and Google has an infinite runaway to take them out. Epic should have worked tirelessly to innovate and improve US healthcare, but instead chose to stay still and to profit. They won’t be for long.
Is Google going to try to compete in the EHR space? I don’t think of them as an enterprise software company - at least not in the same way as an Oracle or MSFT. My impression of their strategy/focus is that they are trying to sell cloud compute and ML services?
I feel like Google is an everything company. Traditionally EHR has been done via enterprise and connections, but it doesn’t mean google can’t change it. In fact, they could open a network of Google hospitals, and run their own software on them, or buy a big chain. Much like Amazon got WholeFoods, Google can get into the game if they choose to, and at the end of the day, if they want to grow, they will have to find more avenues to expand to.
>In fact, they could open a network of Google hospitals, and run their own software on them, or buy a big chain. Much like Amazon got WholeFoods,
I'm a fan of Google, but what's with people thinking Silicon Valley companies can easily "get into" everything? What business is Google in that leads you to believe they could run hospitals? They couldn't even design a decent social network, which is their wheelhouse. At least Amazon was selling groceries before they bought Whole Foods.
I thought they designed a perfectly serviceable social network. As a product I thought it worked better than Facebook. It wasn't enough better to beat the network effect of the latter, however, and medical records keeping would likely be an even tougher nut to crack. How are you going to convince a hospital that just spent $10M on an epic install to switch to your version, even if it is 15% better?
Generally barriers to entry preserving market power are what Warren Buffett looks at when BH buys companies. SV recognizes that tech typically lowers common barriers to entry like management silo expertise.
If you think Google can break into the healthcare software space just by being technically better at it, you haven't worked in the healthcare software space.
Google could develop the best electronic medical record the world has ever seen, and still not take business from the companies that have been honing their dirty tricks since 1979.
I really don’t think this has anything to do with competition (if anything Google is competing with Amazon and Microsoft here, not Epic). The article muddies the waters somewhat, but all the quotes are telling a story that says (not untruthfully) they’re dropping it due to its outsized maintenance burden in relation to the proportion of their clients who use it.
There might be some fear of competition. Google is offering healthcare solutions some of which seem to be angled at "owning" the healthcare data. I'm only vaguely familiar with Epic's offerings but a lot of these solutions that Google offers seem to encroach in that territory:
Sorry - by "own" I meant that it's in their system, a "walled garden". Any other vendor system looking to integrate has to sign business deals with Epic in addition to whatever institution is using it. I did not mean that Epic gets access to see and use that data as what seems to be a separate concern people have of Google.
Google is now building an EHR as direct competition to Epic. It's definitely related to this move. Fwiw I welcome Google's entrance to this market because Epic's EHR and business practices are equally aweful.
Do you mean that Epic's EHR and business practices are equally awful to each other, or to Google's EHR and business practices (is Google's EHR in the state that its awfulness can be proclaimed?)
Because it (atleast the demo) looks like readonly-data aggregation application (that has somesort note functionality that is not directly linked to actual ehr data)
I didn't really understand what this meant until the very end of the actual MSNBC article. At least I think I get it now.
“We’ve historically seen hospital systems make these decisions independently of their medical record provider,” said Aneesh Chopra, the president of health-technology company CareJourney and the former chief technology officer of the United States. “It will be interesting to see if Epic’s thumb on the scale moves cloud market share.”
So apparently if I'm a hospital I can run the Epic systems anywhere, or at least store my records anywhere, well, at least at AWS or Azure, and apparently not Google now.
> That report notes that "insufficient interest" from Epic customers in Google is behind the decision to focus efforts instead with those cloud competitors.
It seems like if you run Epic Systems at Google, you were in a minority that is apparently not worth supporting. This seems less like Epic putting their thumb on the scale, and more like their customers putting their thumb on the scale.
I have only limited experience in the healthcare space when it comes to cloud selection, but I can tell you that every single healthcare company I work with uses Azure.
They don't do it because it may or may not be right for their needs. They pick Azure because somewhere along the line the mid- and upper-level managers, including director-level IT people, have been made to believe that anything other than Windows is insecure and not suitable for HIPAA.
If I even mention the word "Linux" or "AWS" to them they immediately curl up in a little ball mentally and treat me like I'm some kind of evil script kiddie, or magical wizard. It's truly baffling the responses I get from people who are supposed to be in charge of these things.
I don't know these people outside of boardroom presentations, so I don't know how they got this way. My best guess is that it's either Microsoft salesmen, industry conferences, or simply what they're comfortable with and anything else is not worth risking their jobs.
Azure does appear to be quite wide-spread, I think microsoft has always been a very glom-y company with a very high network effect from using multiple of their products in tandem. The healthcare market isn't nearly as startup friendly as others and a lot of the movers and shakers directing company direction are likely to be more familiar with the business sides of things than pure dev folks - I think that naturally slides into an MSFT preference since those folks will be using all flavours of office and at least some portion of dev talent will need to be MSFT folks who can work Access/TSQL/VB magic and make the spreadsheets work.
Lastly, all three of AWS, Azure and GCS do try and make a big deal of their HIPAA compatible instances, but whatever the compliance officer at a company is used to is what will get by the easiest - honestly anyone who has a compliance officer that is happy to accept a non-on-premises solution should count themselves as lucky.
All that said - I'd be amazed if MSFT hasn't invested heavily into advertising to cement this decision, but I'd also be surprised if AWS hasn't been trying to dump even more money in there - google just seems a bit clueless when it comes to the convention game and these sort of closed circles where everyone plays golf on tuesdays.
>They pick Azure because somewhere along the line the mid- and upper-level managers, including director-level IT people, have been made to believe that anything other than Windows is insecure and not suitable for HIPAA.
I'd argue it's less because of a belief that a non-Windows environment is inherently insecure and more that Microsoft very aggressively promotes their products as being compliant with regulations like HIPAA.
This isn't limited to PaaS. For example, I think that Teams will likely gain a foothold in healthcare environments over Slack because MS markets Teams as explicitly HIPAA compliant. (Slack explicitly is not).
Things like that buy them a lot of mindshare when it comes time to choose a PaaS provider.
“Director-level IT” healthcare person here. We use AWS but are evaluating Azure because of the way Microsoft includes VDI in the form of Windows 10 Multi-Session licenses available only with Azure+Windows Virtual Desktop. Classic Microsoft bundle approach.
Also, as someone who actively shops for SaaS offerings for healthcare users, I can say that AWS and Azure are some of the very, very few organizations who offer anything with HIPAA compliance that isn’t locked away at the most expensive “contact us for pricing” tier. It’s so annoying. Never a chance to try a service with a low cost/stakes pilot/prototype because they hit you with the full sales pitch and highest price points. Being able to dip our proverbial toe into AWS with a low time/dollar commitment was a huge win.
Side note: interesting point on trying services with low cost/stakes pilot/prototype. How would you expect to try things out? Would it be similar to online demos that many other SaaS companies employ?
note: I would love to connect with you to discover other's director level experiences. I'm relatively new in the healthcare space after spending awhile in finance and utilities. If you'd like to connect, see my email in-profile.
It'x a brilliant piece of marketing from MS, if you think about it. Many decision makers, even in spaces with HIPAA data, have no real idea what it entails. They are frightened of screwing it up.
What Microsoft sells is a "good enough" solution that speaks the right language for the decision makers. In turn, this makes their decision less risky while still satisficing the requirements.
Exactly. From the perspective of high level decision makers, PaaS is heading toward being a commodity good, so differentiating your platform can be what makes a deal and making regulatory compliance "easy" in heavily regulated industries can be a pretty strong differentiator.
If you have an existing business relationship with a company and already trust them to help you navigate regulatory hoops, there's going to be strong inclination to continue to trust them as you expand your infrastructure to the cloud.
Like you said, it's the kind of very smart, long-term marketing I tend to associate with "New"/Nadella Microsoft.
I encourage you to consider how your statement, "I don't trust Microsoft," sounds to a higher level exec or department head. I don't mean this as a criticism -- I notice there's a tendency for ICs to state their opinions in such a way that hurts their perception.
Namely, if you were to state to a higher level manager that you "don't trust Microsoft", you will come across as a crank. Or a developer who doesn't see the bigger picture.
To improve perception, folks should try to reframe their personal preferences ("I don't trust MS") as risks to the business - "I worry that MS will lock us in to their platform and jack up prices". The former is reputation-harming; the latter is being a savvy 2nd order thinker, who looks beyond just what the MS salesman says.
That would be the first reason I'd give to someone that questioned my "crank" statement.
The next one would be the PRISM connection (Skype architecture, etc), and FISA orders they're surely under.
It's not totally they're fault I don't trust them. Buuuuut, it is partly.
Definitely appreciate the feedback - lucky for me, I have removed myself from corporate tech bureaucracy, become self-employed, and can preach from my poor man's pulpit ;D
The company I work for does not deal with health-related data so I don't have direct exposure to the issues. But, I think there is something analogous happening with SOX compliance. It is a very expensive and slow bureaucracy that reacts very poorly to change. For example, once I was mortified to find out that due to me randomly logging in to some SOX-covered server, afterward there were multiple meetings between SOX people and my manager to justify that login. (Manager didn't tell me originally to shield me, I just happened to find out later). Any changes to SOX-covered systems have to go through many meetings with technically not very good SOX team.
As a result what we end up having is this shadow-structure/architecture at the company that is highly resistant to change, such that when new projects are discussed and designed, oftentimes decisions are made that are technically worse but save time due to not messing with the SOX structure.
I feel the Azure choice might be due to a similar phenomenon. Maybe the Azure people promise all sorts of out-of-the box HIPAA compliance and insurance and security etc. and the upper management is happy not having to deal with it. Price difference almost doesn't matter very much, if saving a few bucks means that you'll now have to hire and retain a team to design and maintain compliance in your AWS stack. I've no idea if this is actually what happens but it smells like it.
If you work for a company that must follow regulations, then you should be aware of your impact. You will learn this as you advance further in your career.. however this post was written as though the regulations are there to cause you grief, but that can't be further from the truth. Think of it like this, the Boeing team is finding out the hard way what happens when you skirt steps in a highly regulated field.
SOX is the standard for change management for financial companies to prevent shadow changes that could enable another Enron, Worldcom, or Adelphia style cooking-of-books financial scandal. The idea is that all changes should be fully analyzed for their impact. If a change is found to have been made without going through the controls process then a review and an emergency after-the-fact change record must be created. This leads me to believe you did not just login to a server, unless you weren't supposed to have access in the first place (separation of duties requirement), but actually made a modification to that server without an approved change.
All this means that the system is very resilient and will not suffer random outages but most importantly, in the SOX world, there is no avenue for malicious changes to be introduced to critical financial systems and their data.
If you’ve never encountered a brain-dead compliance process, you’ve had an extraordinarily lucky career.
Even good and thoughtful regulations get interpreted into nonsensical bureaucratic nightmares by some companies’ compliance departments. The implementations that add disproportionate friction usually don’t achieve the intended benefit either. It’s not people choosing a convenience vs. safety tradeoff. It’s just people who don’t understand the subject matter at all.
Having worked in a lab environment heavily subject to OSHA regulation, I think you are both correct. I've been personally subjected to brain-dead interpretations on multiple occasions, but I'm also absolutely certain that in the absence of any regulation the environment would have been absurdly dangerous. On the balance, I'll favor the regulation.
I would agree that this is the health _system_ sentiment, but not healthcare overall.
I work with hundreds of vendors and digital health organizations that deliver life critical software applications to health systems - and we host everything on AWS. Independent 3rd party HIPAA assessments + a HITRUST (not self assessed) certification goes a long way with hospitals now.
I think that's because before this whole cloud thing came about, Microsoft already had built the image as an enterprise software vendor. They provided hosted cloud solutions long back, then they invented hybrid solutions like Azure Stack and slowly and carefully eased their clients into Azure.
Also, Microsoft support for enterprise customers is just amazing. They have been deploying their own engineers to support enterprise customers in the past for their hosted clouds.
Cant mention much about security but Microsoft does open fewer lower level Apis compared to Linux. For example, it's impossible to do certain socket-level ops with Windows apis. So, in a sense I guess it makes Windows safer at least historically?
Windows and Office are Trojan horses for Azure. Microsoft does all sorts of SKU trickery at the time of Windows and Office license renewal to make it seem like you can't afford to NOT buy Azure from them.
The problem is, especially with Office, that it has no alternatives.Google Suite is a toy and any open source solution feels like someone chopped your hands off and sent you back to 90's..
I try them at least once or twice a year and always get to the point where I'm like: "Ok, where's my Excel". It's not the ribbon, it's the whole experience that is lacking. Also MS office products do integrate well with each other.
I'm not surprised. Azure is the obvious choice at the enterprise level since it's MS makes it relatively easy to sync on-prem Active Directory into Azure AD.
I work in the public sector where we often pick Azure, but your reasoning for why we do it is wrong.
People are professionals, and these decisions are important and expensive enough that they are very rarely made by lower level management. Sure your CTO will advice the executives to go with Azure, but it’s not because he or she fears Linux, Azure runs a lot of Linux after all. It’s because of several business related reasons.
When you’re and enterprise sized organisation your IT staff probably knows Microsoft products. They are certified in them, and have worked on them for maybe decades. You probably also already run an Office365 platform, which means you probably already run things like Azure AD, which again means, that training and re-training costs will be millions lower if you stick with Microsoft rather than going with AWS, and Google is typically not even on the table because their support isn’t competitive with Microsoft or Amazon. Not only are there the training cost, but you will probably lose your best IT staff members if you don’t pick the technologies they like, and that’s really expensive in a world where some of the hardest IT people to hire are people who know how to manage an enterprise sized cloud setup.
Then there is the business relationship. We’ve worked with Microsoft for what? Three decades? And while the average Joe was making M$ jokes, they were the only company, aside from IBM, to take enterprise organisations with a lot of different business related needs serious. It’s hard to compete with that sort of history. Amazon actually does a great job with AWS now that they’ve realised just how much money is available in public sector cloud, but they’re still up against a business relationship where we know that we can call directly to Seattle when something breaks and that they will be on the phone with us all the way until it’s fixed. Not having the same relationship with Amazon is a huge risk factor in your strategic analysis, and that is something most enterprise organisations but especially the public sector is very careful with.
I don’t think I’ve ever heard a single argument to run Windows because it was safer than Linux, or any of the million other Internet armchair options on why the public sector wastes its money on Microsoft. The truth is a lot simpler, there is no alternative, and Microsoft is actually very good at selling software solutions as well as support to enterprise organisations. There is no actual alternative to office365, and 90% of the 300-500 applications/IT-systems you operate only run on Windows and have no alternatives available. Like we run a medical journal that keeps track of first graders vaccination history, it’s client only works on Windows and it’s backend is on a mainframe. We’d like to replace it, because only a few companies know how to operate mainframes, which means they can squeeze us on price, but no one has made a competing system, and that’s just one of a million such stories.
If the price difference isn’t significant, you’re going to have a very hard time competing with Microsoft if the enterprise organisation you’re selling to in anyway has to operate part of its backend in a lot of organisations.
That's a correct read of the article, but since that fact was self-reported by Epic it may not be the true cause of their withdrawal from GCS.
All that said, cross-cloud data links are relatively easy to establish - just like linking in data from someone else when everyone had on-premises servers.
Well, yeah, you can run Epic anywhere that provides Windows VMs. I can't imagine any hospital choosing Google right now—many systems are just coming around to the idea of cloud-hosting being viable (they've had to justify that sunk datacenter cost somehow), and Google's track record and uncertainty with the longevity of GCP would make most CIOs nervous (rightly so, IMHO).
EPIC is a perfect example of the walled garden ecosystem that extracts every last drop from its clients and keeps anyone trying to innovate out. Healthcare tech could use the competition to drive down costs related to medical record management and exchange.
Don't tell Europeans/Scandinavians about that. In Finland there is now massive Epic rollout in the capital region (costwise it looks like $1bn or more) and most likely also huge installation coming up In Central Finland (Its either Epic or Cerner).
Samething in Norway, central Norweigian health district chose epic.
Oh and almost forgot capital area in Denmark. Huge epic installation.
It's garbage because the interface sucks. It looks like it was designed in 1998, and is full of clunky non sequiturs like, "You cannot proceed. Proceed anyway?" There are untold hours and dollars spent on training users because of it.
It's garbage on the backend because the update process is ridiculously manual. Every minor change sends out a ticket with incredibly detailed instructions, e.g. to update a single element somewhere. The role of the analyst is essentially to execute a script, by hand. Not only is this more costly and slower, it's more error prone. But it creates an ecosystem of these Epic-trained and -approved technicians which helps lock in customers and ensures another steady stream of income to epic.
It's a billing system with clinical related functionality tacked on. It's pretty frustrating to use from the perspective of a "boots on the ground" user.
That's a pretty pessimistic and quite frankly not accurate assessment of the software. They have a ton of clinical functionality, and that's what the majority of the dev/design spends their time on at their users group meeting, among other places. You might not like it, but many do.
You haven't spoken to many doctors then. I don't mean to be a jerk or snarky. It really is an awful piece of software. Among its worst flaws is that in most implementations, neither Cerner not Epic encourage structured data recording except for billing codes. This means that if a patient comes through the medical system frequently, doctors have to read pages and pages of unstructured text to get a sense of what's going on for the patient. The shittiness of the software (and I'm normally sorry to curse) is unquestionably leading to worse outcomes for patients.
I'm not really sure what to say to that, since you seem to be implying that no one likes it, which is pretty patently false.
A lot of it does depend on the organization you're working with, as some are more dysfunctional than others when it comes to setting up best practices and build for their physicians. Others actually listen to their clinical users and tailor the system for them.
I'm not saying no one likes it, I'm saying none of the several dozen providers and nurses I know (between two different hospitals in the area using Epic) like it.
I also don't disagree with the fact that some of the issues arise from the implementation requirements. But at some point, it's still the system's fault if it allows its users to be burdened like that. It shouldn't take clicking across three different pages and who knows how many modals to triage one patient in an emergency room. It's silly that I've had to learn which order to provide my transfer of care report so the nurse doesn't have to keep clicking back and forth between different pages...
I fundamentally disagree with the idea that the system can somehow overcome poor implementation; guardrails can only do so much. At the end of the day you can set up almost any piece of software in a way that hinders rather than helps a user. At some point the organization needs to take some responsibility for that.
At any rate, this all started with a glib "garbage software" comment, so I suppose I should happy that you acknowledge that the implementation requirements set by the organization have at least something to do with overall user satisfaction.
I used to work in IT where I worked with sizeable Epic installations... and now I’m a clinician amongst other things.
I’m going to agree with the garbage software sentiment.
I will say that Epic implementations tend to be liked better than alternatives... but when it replaced some piece of shit Meditech implementation nursed from 1980 that’s not really high praise dude.
> I fundamentally disagree with the idea that the system can somehow overcome poor implementation
If very large amounts of 'implementation' have to be done on top of the software, then that's also a sign of bad design. It should be handling more of the implementation and making it more streamlined.
Having used a dozen EMR systems and Jira, I'd say Jira is much better at its job than most EMRs are at theirs. In fact, now that you mention it: you could easily model each patient as an epic, assignments to various people on various teams (ICU, pharmacy, lab, etc), to-do/in-progress/done. Holy cricky, you may have just cracked the EMR nut.
They already have an option like that. The problem is a lot of organizations still want to do their own thing or have their own requirements they want to impose on their users, which is where the large amounts of "implementation" comes from.
I'll be the first, then. I've used two versions of Cerner (the first was heavily modified by the University where I did residency and the second is a more recent version), Soarian, Epic, CPRS, and had brushings with half a dozen outpatient EMRs. Epic is bad, but it's unfortunately still miles better than anything else I have ever used so far.
I think you’re right. I would like/love it if my hospital dropped Cerner for Epic, as I could get my job done at least 20% faster, which would allow more time with family.
My main point I wanted to make was 1) that I also hated Epic the first time I used it in residency (we switched from Cerner to Epic for outpatient only). 2) I have so far never met someone who prefers another EMR over Epic, which really says something since Epic is also bad.
In 2005, when I started working there, the Epic codebase was MUMPS and Visual Basic 6, which left mainstream support before I was even allowed to touch it. There was no migration plan for expiration of extended support in 2008.
As for the MUMPS code, there was a node size limitation for the code. Which included variable names and comments. So each code segment (identified by inscrutable five-letter (or less) names like "^ZHMRG") was jam-packed as tightly as possible with one-letter variable names and zero comments. Basically unmaintainable, but I bet they're still using it.
Garbage software. I left in 2007.
They like to hire straight out of universities. It was the second job for me, so I didn't really know to jump ship earlier.
At Sutter, every machine is Windows and runs Epic integrated. Epic is much more than EHR. It’s a hospital layer sitting ontop of Windows. Naturally, it integrates with Active Directory and I can see why Google would have little dominance.
Saying that, I wonder if Epic has a plan to go after smaller players who might be using Google Apps and fears google’s dominance.
There seems to be major disengenuousness on behalf of EPIC and Cerner, and some ignorance on behalf of WSJ.
GCP != Google Health, at least for the purposes of patient privacy. If you hold the encryption keys, google can't do anything, or am I wrong in that assumption?
It is fine, and expected, to rule out GCP for storing your own records for competitive reasons (e.g. choosing them would make future Google Health integrations easier). It is also expected, if not quite fine, to try to actively prevent your customers from using GCP.
Cerner seemed happy to play a few rounds of golf with Eric Schmidt regarding using GCP, presumably to try to glean insight into Google Health, while EPIC flat out refused a meeting. Cerner then helpfully provided a misleading quote to the WSJ to help spread FUD.
everyone has conspiracy theories about what is "really going on here", this is to stamp out a competitive threat in google, or whatever, but I do think this story probably is just that hospitals (and "traditional enterprises" broadly) are not using GCP for their cloud infrastructure and are instead going with AWS or Azure.
I still don't see why they have to be tied to a single provider. Seems like a major weakness of large customers in this space, that they're unwilling to demand standards or protect themselves from exploitation in this way. Obviously there will be new APIs for services which are not yet a commodity, but there are some highly standardized offerings from every major "cloud" vendor which should be configurable in roughly the same way; many of them even have similar limitations, like AWS and Azure (last I tried) not having the option to expose their VPSes directly over IPv6.
Which of the two has a trillion dollar market cap with monopoly like market share in multiple business to consumer product sectors?
There’s nothing novel about what Epic or any other B2B enterprise software company does (for the most part), other than total addressable market (and profits) being far smaller than the B2C FAANG giants - the market caps reflect this as well.
Right. And while Epic does the heavy lifting of crafting software to support healthcare provider workflows, integrating dissimilar systems (PACS, etc.), and storing all that data, the companies you mentioned feel they can create value by attempting to automate diagnosis and potentially offer some integration point for genetic counseling.
As a physician forced to use Epic, I'm not sure "crafted" is the word I'd use to describe their software. It's more like they addressed the spec from the C suite in a way that was equivalent to punching health care providers in the face. They take Dad's money, and use it to pay thugs to beat up his kids.
I have not used all of them, but every one of them I've touched is hot garbage. Like much enterprise software, the people who decide to buy it are not the people that use it. It would seem, from the outside looking in, that the majority of the effort goes into maximizing billing in the byzantine world of US insurance rather than the work of actually making people well.
What concerns me most about the larger players in the field is their dedication to minimizing interoperability to lock people into their software.
A few years ago I did a very thorough analysis of every dose-based electronic prescribing system suitable for secondary care available in the UK market (and several which were not officially). They fell into three categories:
- Home-grown systems which were fit for purpose but not operable or available outside the organisation for which they were designed. The Birmingham (UK) University Hospitals system [1] is a great example of these.
- "Enterprise" (pejorative) systems which generally came from the US and focused almost entirely on billing capture, and had almost no thought put into clinicians workflow. This encompassed Epic, Cerner Millenium and so forth.
- "New" systems which were UX first, but were often little more than front-end mockups. A good example was "Alert", a Portuguese system written in Flash which had almost nothing in the way of basic medicine management safeguards, and the team demonstrated zero aptitude for the ability to build them.
In the end the hospital in question used paper-based prescribing.
I know that Epic was hiring UX designers a few years ago. I didn't make it through their interview process, but I'm kind of glad I didn't due to the invasive nature of the remote test that I had to take.
They wanted my high school GPA and SAT scores to complete my application. I had my bachelor's, and 12 years of experience at the time. After moving to Madison, was glad I refused to give that info. They like their implementation teams right out of school, and work them to death
I’ve recently experienced two hospitals’ EMR systems (one using Epic, the other Cerner) from the patient’s perspective. Integrating/accessing my data from external systems (in my case Apple Health) is roughly equivalent–the important things are (mostly) there like test results, procedures, medications, etc; they just do some things differently that are annoying:
* The Cerner hospital will duplicate medications for a single visit. It also classifies a bunch of vital signs as lab test results, so things like blood pressure don’t get merged in with other sources of data.
* The Epic system seems to use more recent/complex FHIR structures, so occasionally there’ll be more info in the raw data (this is more a knock on Apple Health though).
The Epic system has a big advantage with MyChart though. It’s their app and website for accessing your records at various hospitals. Through the app you can get push notifications of test results and schedule procedures. The latter was nice as I’d get roughly 15-30 minutes of advance notice before having a procedure done. The discharge instructions being made available in the app is also very helpful. Finally, being able to browse the raw clinical notes through the website, and request a dump of all of my data is appreciated.
It depends on the setting. In a hospital (or hospital-owned primary care), the EMR generally reflects the top heavy administration. You end up with a billing system masquerading as an EHR.
In an independent practice, there are more options, and some are quite good (I work for one that I happen to think is pretty great in that regard, and most of our users seem to agree)
My favorite so far, honestly, are the old military systems, CoPath and CHCS, with a terminal interface running on OpenVMS. They have are lightening fast to use for anyone who is actually in the business of getting things done (new users are sad for a couple weeks, but experienced hands are fast. Lots of keyboard shortcuts) and easy to pull data from when it comes to research.
One of my first jobs was a software dev at Cerner. Cerner isn't much better.
EMR is a difficult field to "disrupt" IMO because a hospital comprises so many departments with wildly different requirements for a software system, that it's basically only the big players who can do it all. And if you're a CIO for a hospital looking for an EMR system to purchase, one system that handles everything sounds much more appealing than trying to cobble together something yourself.
It's also why there's only a few major ERP players.
Not a physician but I previously did "unauthorized integrations" with health care systems for doctors to get their data out of systems without APIs
Epic was by far the jankiest. i.e. if you tried to cancel a recurring appointment the wrong way it crashed the entire system. Athena and Nextech were among the least disliked
Keep in mind your priorities are very different from your employer's. Healthcare systems have been on a big kick to reign in physician independence, and EMRs are effective tools in this goal.
The point is that it doesn't make much sense to avoid Google - for the reason that it's a giant with too much power - when Microsoft and Amazon are just as big, and also have healthcare businesslines.
It’s like WalMart refusing to do business with Amazon.
Google does business in potentially adjacent areas on the ad side. At one point, the government was buying targeted ads to debunk extremist search topics when people at risk of extremist behavior pursued them.
There’s a lot of obvious health use cases that could use the same framework. Google knows more about you that anyone. Epic has medical claims data before the insurers do, and knows more about your healthcare spending that most anyone. They probably have or will have a business where they monetize that data for similar outcomes.
> "This is not us mining somebody’s records to sell ads, to learn from it, to do machine learning, to develop products. We developed this on de-identified data."
"De-identified data" is "somebody's records".
Also, for all the PR put behind the patient, Epic (and likely Cerner too) focus all their bizdev efforts on what the hospital and HMO administrators want, because they're the ones that sign the checks. Back when I worked there, they threw huge stacks of employees at customizing every installation, and significant developer effort at making broad customization possible. If patient care were the primary issue, every Epic implementation would be identical at the keyboard shortcut level. Hospital admins would have had to backdoor their customizations in by forcing their physicians and nurses to demand them as features. But instead, I saw page after page of customizations, inserting arbitrary administrator-created workflows on the staff via the software.
Azure if you don’t want to give your dollars to a competitor (anything Amazon competes in). That’s Microsoft’s big cloud selling point: "we sell you tech services, we’ll never be competing in your vertical."
Major part of Google Health team came from Deep Mind. We have a lot of doctors and people used to work for NHS. Our goal to help doctors, nurses in their work, save patients lives and revolutionise the industry. We are complient with privicy regulations and see huge potential in what we do. Majority of negative comments are driven by fear of Google selling data for targeted adds but in all our agreements with trust we clearly state our goals and practices. I'd rather people concentrate on positive side and huge potentials in front of us instead of FUD.
To be fair if anyone is going to take on Epic its big tech. What is really needed is legislation to protect your data. This area seems ready for disruption.
Doesn’t bode well for Google’s cloud ambitions, but squares with what the marketplace looks like (clients absolutely hungry for those with Azure experience and AWS to a lesser extent). Azure is unpleasant to work with, but the deals are apparently being made (mostly outside of tech centric firms). Kudos to MS’ sales teams.
^^^ spot on. My thought while reading the article was how poor Google’s sales and customer support culture is across the entire company that has led to non-tech firms picking solutions with Azure and AWS who invest heavily on the support side.
I was operating a fairly large AWS operation, and had the idea to at least check with G Cloud if they were interested (usually you get a boatload of free credits to startups).
After 3 emails spread over several months I eventually got a note saying I should expect to talk with my Google Cloud salesguy, but it can only happen over a Hangout. And not any hangout - they sent a cheap ass Android "netbook" that I had to physically go to the post office to get, that the Hangout call was supposed to happen through.
I did get it from the post office, noted that it took minutes to start up, then gave it away and never heard from GC again.
No, I'm sure they could have accepted any Hangouts call or being coerced into accepting a phonecall as well.
But truthfully what they wrote in the sendout was like I described - they outlined the procedure to go get the netbook and use it and at no point did they suggest a physical phone number to call or similar. I went along with it as far as I did just because I was kind of baffled by the suggested procedure :)
I assume it was part of some marketing scheme to try to market Hangouts and/or Chromebooks (or whatever it was) at the same time as GCP, but it just confused the sale and added unnecessary pain-points. The AWS guys just send an email and let me call them by a normal phone.
I think AWS is also going to start seriously suffering from their terrible billing experience pretty soon. I think I can see the beginnings of the damage showing up in how many HOWTOs and retrospectives are out there about unexpected AWS charges, but I don't think it's caused a noticeable impact for them yet.
Not just their billing, but their terrible interface. I shouldn't have to ctrl f everytime I want to check ec2 instances. Whoever decided to show 200+ "services" on a single screen is a crazy person.
At the company level of conversation, the UI of AWS services isn't that big of a deal. The people with budget authority usually don't even see the AWS UI and have most likely never logged in.
‘ Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that." ‘
I agree that it's good to at least specify the industry domain this affects as from the headline someone might assume the Epic they know, or be confused about which Epic is involved if they know of both.
Used to intern at Epic in 2015. I asked my manager why they weren't on cloud. He said our customer data is too critical to be stored in cloud. Interesting how things have change in a very short time
Before I read the article I was guessing that it had to do with the leaked memo regarding Google cloud growth targets and the popular conclusion that they'll be shutting it down or pivoting that LoB in 2023.
I've heard there are a couple Google Ventures - backed healthcare startups that have questionable HIPAA-compliance as well, directly from clients that have worked with them. They're not necessarily holes in GCP itself but rather in integrations with certain services.
GCP seems culturally a terrible fit for anything compliance-related. Azure and AWS both offer high-compliance regions (Azure Government / AWS GovCloud) that are absolutely necessary for many industries (medical, defense, etc). Slightly salty about this as I am currently migrating a legacy Firebase app because Google doesn't care...
Government Cloud seems to revolve around “access controls” to the cloud instances. I skimmed over one of specifications (“FedRAMP”) and most of the requirements seem like the standard requirements for any type of multi-tenant system (eg, user login expiry).
Doesn’t seem like it offers anything different from the “non-government” packages.
GovCloud is for government agencies though, mostly to facilitate rules such as no access by foreign nationals. Just because you are in a regulated field doesn't mean you qualify to use it.
Not understanding the incentives of those you tie yourself to is a quick way to endanger any endeavor you attempt.
It's not insecurity to paranoia to worry about today's partner being tomorrow's competitor when it's so common. In fact, this is exactly one of the things China has used to jump start many industries. In their fervor to enter the Chinese market, many companies have given over intellectual property in exchange for access (an excahnge only really on the table because the Chinese government could and did constrain that access otherwise), and found that after some time they had local competitors with similar advantages (and possibly government consrtaints again to boot).
That a company might recognize that a deal may have long-term consequences that vastly outweigh the short term gains is not something to deride, it's exactly what they should be on the lookout for if they intend to survive and grow.
I don't think it's insecure to want to understand the motivations of those you're in business with. It's not just about competition either. If you don't know why a business partner is bothering to work with you or your industry, you shouldn't be investing significant resources with that partner, they may not plan to stick around.
Heck, dealing with large scale Enterprise tech, a 10-year roadmap (in terms of updates & support) is the standard. I don't expect Google to have such roadmaps for things they're piloting, but then I also wouldn't build anything critical, anything that might be strategic and core to my business, on someone else's "pilot" project.
Managing a massive business is complex, successfully doing so cannot be reduced to something as simple as "innovate or die".
> What were they looking for? A non-compete from Google?
Good faith. Google has for years selected for raw bureaucratic ambition and a cloistered view of technical talent. That set of cultural defects is coming home to roost.
I don't think that is fair. Understanding your partners business model is a key part of dd for collaboration. If the partner is being cagey about it, there is probably a reason, and it probably isn't a good sign.
I believe usage for ads is highlighted on the non-legalese privacy page because it's a common question/concern, but the terms specify that data can only be processed as requested by the customer (IANAL, but that's my read and understanding as a Googler who works on Cloud infrastructure).
I would go further and say you're crazy if you think a Google engineer is going to run code on your data without a requirement in a signed and funded agreement.
Can you provide a source, either in the form of a ToS/privacy policy or an evidence-backed article, showing that Google uses customer data stored in GCP for advertising purposes?
Google doesn't use data stored in GCP for their own purposes any more than Amazon uses data in AWS or Microsoft uses data in Azure.
That said, it's completely understandable that companies don't want to help fund competitors. --Walmart knows that they could use AWS without having any real fear of Amazon employees looking at their data to get a competitive advantage, but they chose Azure because Microsoft is not a direct competitor.
Likewise, companies providing healthcare software look at what Google is doing in that space and they don't want to fund the competition by using GCP.
These are rational decisions that we would expect companies to make. It's actually more surprising that, for example, Netflix still uses AWS given the fact that Amazon is a direct competitor in the streaming business. --GCP or Azure would make more sense here unless Amazon is giving them a really good deal to keep their business.
What do you mean by this? All major corporations use private internal data to drive their products, including competing with their own customers. Amazon's ecommerce business is notorious for this and a reason why other major retailers tell their vendors not to use AWS. This was all just discussed days ago: https://news.ycombinator.com/item?id=22079174
That being said, and with 15 years of adtech of experience, I guarantee that there's absolutely no usage of business customers' first party data by Google's adtech system. While companies can use it to match and target their users, they have to do explicitly with lots of restrictions and protocols and it's only become more limited with new privacy regulations.
Which doesn't mean they definitely won't do it. Businesses do illegal things all the time for competitive advantage. Literally the entire advertising industry, including Google, is flagrantly violating GDPR.
Does anyone know, if Epic implemented parallelized Vulkan renderer in their engine, or they dropped the whole parallelization effort and enabling Vulkan for high end features? If anyone is using it for development, please comment.
You're not alone, I went down a few comment threads in here being more and more surprised that Epic games has such a strong foothold in the health market already. Whoops, guess it pays off to actually read the article.
In most implementations, neither Cerner not Epic encourage structured data recording except for billing codes. This means that if a patient comes through the medical system frequently, doctors have to read pages and pages of unstructured text to get a sense of what's going on for the patient. The software is designed to be sold to administrators and, as currently designed is unquestionably leading to worse outcomes for patients.
Google has made a lot of mistakes. If they build something doctors truly want to use and that helps properly organize information, however, and if Google doesn't misuse the data/people aren't unreasonably paranoid about data misuse, it will be a godsend for the industry and it will save lives.
We haven't even begun to talk about the potential for machine learning and statistics to understand what treatments are most effective if data are structured properly. This is unquestionably an interesting and unique case where collecting massive amounts of data and handing in to a trusted, competent, creative, research-oriented authority could have incredible benefit for mankind. I don't trust Cerner or Epic with this mission for a second.