What criteria are healthcare providers prioritizing when choosing external software vendors, given time and specific compliance demands?

When it comes to healthcare providers, the big problem for technology adoption within traditional healthcare organizations is that I, as a doctor, am completely disintermediated from making a purchasing decision. Because of HIPAA, because of the compliance aspect, you need to go through a lot... I could say, "Hey, I want this tool." It gets thrown over to the IT team. They do intense security reviews. They have a huge backlog of projects because integration takes so long, historically. 

It means that it's an absolute slog to get any technology, to even just something to play with like, "This might be interesting. This might help me. I could do my job better." I can go do that. I'm not a doctor. But I can do that in my company really easily. I can be like, "This is a cool SaaS. I'm going to try it." You can't do that in healthcare. 

There's some business waiting to be built to help facilitate the business associate agreements and the security. Not just HIPAA compliance as a service -- there's a couple of players who do that -- but selling some sort of software to a hospital to help them programmatically manage the applications that there are out there, and say, "Dr. Smith wants this. Let's get this through the approval process in a programmatic fashion," rather than a big Excel document of like, "Do you host on-premise?" So, traditional security questionnaires, that process, if someone can speed that up from weeks or months and bring it down to days, then that's the hospital that’s going to be really successful with technology adoption, to really accelerate how they deliver care.