Hello @WillyG ,
As Vlad mentioned above: HIPAA dictates that all components of a service must be compliant in order for the product as a whole to meet requirements. Though certain sub-processors may be HIPAA compliant, the Bubble platform and internal company processes as a whole are not, so any applications built on Bubble will not meet compliance requirements. Therefore, we cannot recommend building applications that require HIPAA compliance on Bubble.
If you’re building an application geared towards COVID-19 recovery efforts, we do currently offer a special plan for these apps: please reach out to us at support@bubble.io for more information!