Based on a very brief glance at this it looks like I would be reliant on self hosting it to circumvent the need for a BAA (although the hosting company may still need to provide one, unless I literally hosted it from my house or something?) not sure
Will investigate further, had not heard of this
It is generally best to keep an entirely separate account for professional dealings so such things are segregated, at least that’s what I do
Signal as a zoom replacement would be great but a big part of the deal would be the necessity for hipaa compliance. I would imagine a huge part of what keeps zoom alive is financial injections from telehealth provides like myself that need a platform that is hipaa compliant that patients understand. EMR software often comes with a telehealth platform built in nowadays but it tends to not work as well and confuses the tech illiterate who got trained on zoom during COVID years.
I’m sure there’s a ton of stuff they have to do on their end to be hipaa compliant that I’m ignorant of but the primary thing is that they have to share a document called a business associate agreement (baa) with me that essentially says they will take meaningful steps to appropriately safeguard any protected health information and makes zoom liable if a breach of their systems exposes PHI.
This is why telehealth can’t (technically, people still do it) occur over teams, skype, discord, facetime, hangouts, etc. google, apple, microsoft, etc have no interest in taking on that liability.
The difficult piece will be challenging zooms pricing. They offer healthcare zoom for $15/mo with BAA. There are better deals though, doxy.me does it for free (they claim this is subsidized by paid account which I believe because they are substantially more than zoom starting at 35/mo).
Would be a great way to get them a revenue stream too. I don’t know anyone who practices heavily telemedicine that relies on free solutions; the only ones I know that utilize the bundled emr components or the free doxy.me service are clinicians that mostly practice in person and only do a small handful of telehealth sessions a month, like under 10% of their total billing. For people like me where it’s 50-100% of their billing it’s almost always a paid subscription. more reliable, tax deduction, and access to support
A school district spends $180,000 (hyperbole, I don’t know actual numbers) of taxpayer money deploying this system between the actual hardware costs, maintenance costs to install the hardware, it costs to implement it into their network, and probably an ongoing contact with this dummy’s company. Maybe only for support but with the way things are now I’m sure they built this app to phone home to their servers (introducing a huge potential security risk over simply running it locally on the schools existing network infrastructure in a docker or something), calling it “cloud based”, and charging the district 1k/month to run the devices the district now owns and should be able to operate without the company. The company then talks about how they’ll back up records and safeguard data so you don’t have to worry about that (that it dept you pay is pointless!)
Three months after deployment it turns out the sensors can be tripped by many things not related to vaping, maybe increases in heat, mouthwash breath, etc. the false positives are due to a hardware flaw and cannot be fixed with a patch. Feel free to upgrade to sensor version 2.0, now with improved accuracy! (read: the problem still exists but isn’t as bad). Only another 40k to buy the new hardware, rip out the old hardware (which is now worthless), install the new stuff, and configure the software for everything (again, maintenance and IT costs)
9 months after deployment the company is doing poorly because their product is stupid and only a few idiots actually bought it (way to go idiot). There’s concerns because they sent a new Eula that outlines data sharing policies. They are potentially finding ways to harvest the data they agreed to safely store to try and create a new revenue stream to right their sinking ship. District counsel says fighting the Eula change will be expensive and there’s not much precedent for it, plus they state they will anonymize data before sharing so it’s not a ferpa violation, technically. It feels scummy but you can’t do anything about it. You also don’t really trust them to only sell anonymized data but you can’t prove they aren’t crossing that line so whatever, I guess
15 months after deployment they get hacked because they’ve run out of vc cash, never could get an actual profit stream going (turns out they’re spending 750,000/yr on salaries for 5 people and they’re all kitted out with sick work computers for what is basically coding a web app, but I digress). security of their servers was one of the budgetary constraints they chose to make to right the ship (but had to keep the $1800 office chairs and the 15-20k/mo rent loft they use as an office in a hcol area). The contract says this may happen and they’re not responsible unless there’s gross negligence on their part, which you can’t prove, and that they do some bare minimum reactionary shit after the fact to mitigate damage. So they’re legally blameless and now you get to notify your community their children’s data was leaked to god knows who, whoops
22 months after the fact they go out of business officially. You get a form email about the company’s journey and the difficult decision they had to make to stop fucking around on a dumb project that sucks because no dumbass vc will give them fun bucks anymore to keep playing tech bro billionaire. All the sensors stop working because they require a connection to the servers, which they shut off immediately without a sunset period. You’re reminded every day when you log in to the schools admin panel and get 350 “sensor not connected” error messages and your students bitch about the “sensor not connected: server not available” error pop up showing up on their classroom console. It takes IT a few days to remove their shit from the network and that costs you even more money in wasting your IT staff time when they should be fixing the broken computers in the computer lab or whatever.
Now your school has a bunch of weird boxes on the wall. Sometimes people ask you about them and you go “oh those don’t do anything” and remember that they cost taxpayers in your community tens, if not hundreds, of thousands of dollars and wasted hundreds of hours of your supports staffs time that they could’ve been using to improve the school
But then you scroll on instagram and see there’s this new thing that will detect when kids are bullying each other. You just have to put a camera in each classroom. It’s okay, it won’t record. It will just use the power of AI and machine learning. You’re sold right there and the cycle starts again
Oh I see, I just searched the forums and the info there is sparse
Thanks