Challange for amazeball developers (Virgil Security, HIPAA)

So what are you planning right now? Are you going to use Bubble or what are the alternative solutions?

1 Like

Hi All, :raised_hand_with_fingers_splayed:

@enes

1. I am planning a few things. (read below)

2. After being contacted by some fantastic participants here on the forum, after all, I am still considering Bubble for my HIPPA compliant app. The dream is alive y’all!

3. There are other tangible and attainable solutions out there for the type of company you contacted me in private about.

The one thing you must ALWAYS keep in mind while working in Bubble’s environment is that Bubble could bring your enterprise down if they saw it fit as per their policies, believes, likes, or dislikes, etc.

Bubble.is is a privately owned company, (not open source) and they can do things which you might not like. Things you might not like include you being dropped out as a client, erasing or stoping things from happening. When or if that happens, well, there goes your everything.

This terrifying possibility is the one characteristic that deters other more “serious” companies from ever coming on board with Bubble. You have to take that risk on your own. There is no reason to be alarmed, yet, or hopefully never, but this is the one particular reason why I would NEVER recommend others to join something that could potentially harm their investment.

Although different, Facebook “kills” good and honest companies on a daily basis. Companies that plan, market, and execute their business models around or on top of facebook’s ecosystem - chatbots, integrations, and analytics, etc. Facebook changes its policies every time it sees outsiders make money in some honest way. You see, they learn from what these outside developers (companies) are doing, and then they implement those same models themselves. They are geniuses - evil geniuses. It’s as if they have thousands of MVP creators that cost them nothing. Essentially, they have an army of researchers and developers that cost them zilch.

Those who create plugins or services on top of Bubble should be very mindful of this. This is one of many other examples @Hyperbuild_Labs

Unless you are “part of the family” or unless you have signed a contract that protects you, I wouldn’t take my eyes off of this.

All that darkness said, I am willing to take the risk with Bubble.is - my own money. I have faith that Bubble isn’t a totalitarian company. What do you think? @enes

Without giving specifics here, you mentioned investment once you go native. Look, the vast majority of apps or businesses never see the light of day. If you are already thinking of going native down the road, go native now.

Most people mistake the role of an MVP, and they think that creating an “MVP” on Bubble is a good idea - that is not always correct. Most people rush to creating apps; instead, they should validate their idea with a simple survey or a basic landing page.

They should ask their potential users (clients) to pay minimal advancement on the promise of the app. If they pay for it, well, at that point, Bubble or native will be, at least, a lesser concern. You have to be creative in how you ask, though. If the app that you described in private is for your PERSONAL use, then, by all means, I’d say explore all Bubble and native possibilities.

So, what am I planning to do now? Three things.

1. At first, when I got @keith 's response, I wanted to crawl in my bed and mourn the loss of my dream :sleepy:. I must say that I NEVER felt like punching him in the face,:boxing_glove: no-no-no. However, I did feel like firmly pressing my thumb against his left cheek until he turned purple :imp:. But I never ever thought of hurting him. (I would never do that)

I then received @Jici 's response, which made me think that perhaps @keith was NOT as KooKoo :stuck_out_tongue_winking_eye: as I originally had thought!! I actually started to appreciate and like Keith’s response :thinking:. I was the KooKoo one. My thoughts of firmly pressing my thumb against his left cheek until he turned purple began to melt away. I started to like @keith

In fact, those thoughts started to make me feel a bit dirty and creepy. Keith was merely pointing out some difficulties. He did take his time to do so, and kindly offered his take on the challenge. Nonetheless, a dark and violent side in me was awakened when I felt my dream fading away. @keith and @Jici are, in my opinion, very valuable minds. Although they didn’t offer solutions, they did point out some negatives that need to be taken seriously into consideration. Thank you, guys.

2. I am waiting on the always caring and helpful @neerja :pray: I’m hoping she will respond to what I believe is one the smartest non-tech comments on this thread. The comment is from @Hyperbuild_Labs

" @neerja - if bubble is expressly stating that they don’t want users to build stuff in the space, that is one thing. But if you aren’t closing off the window, it does seem possible for certain types of applications."

3. I will continue massaging my knees :leg: in an attempt to minimize the swelling caused by all the praying :angel:I have been doing in the past days while dealing with this challenge.

Thank you for your questions, @enes

Damian

P.S

Guys, keep the questions and suggestions coming. Do you realize that you have a huge opportunity here with the forum to make your goals a reality? What can I do for you?

I can already hear someone say, "you can shut up, man!! That’s what you can do for us!! Haha, funny. :smile:

2 Likes

As you’re back with Bubble, the first challenge is still…

I think the first challenge will be with Bubble to get the JWT (Json Web Token)

So technically you owe me $100 :joy:

Unless you touch illegal domains, there’s no obvious reason that Bubble would be a threat to our applications. I understand that we are totally dependent on the platform, but I see Bubble as my business partner with the responsibility of maintaining my servers operationally, and offering me simple tools for designing and implementing my ideas.

The day our friends at Bubble sell their business to a giant, well, there are other challenges ahead. And before that happens, you’ll have plenty of time to monetize your project.

2 Likes

I think you are correct about the $100 :smile:
But now that I am back, the challenge isn’t over!

Do any of you smart people have an answer for Mr. @JohnMark ?

" I’m trying to create a JWT from Bubble to be used with Nexmo API. Easy steps? I have a private.key and I tried using an api connector with JWT, but I’m stuck. My understanding is that the JWT must be created on Bubble server. Do we have to create a plugin for each JWT? curl -X POST https://api.nexmo.com/v1/calls/ -H “Authorization: Bearer \ JWT” -H “Content-Type: application/json” -d ‘{ “to”: [{ “type”: “phone”, “number”: “1xxxxxxxxxx”}], “from”: {“type”: “phone”, “…

Give it a try!

There are a ton of node libraries that can sign a JWT token. Anyone with a knowledge of JavaScript could build it for you as a SSA.

AuthO maintains an open source one that I have used a few times in projects.

TBH, I didn’t know this was such a roadblock for people!

1 Like

At the risk of re-melting your dream, I would advise – once again – that you not attempt an app that deals with PHI or PFI (directly) in Bubble.

If you do so, you lose ALL the benefits of Bubble. You need HIPAA-compliant storage, for example. So then, what is the effing benefit of Bubble? The benefit of Bubble is that you can stand up a web and web app stack – with database and all – in seconds.

If you have to use an external db, you lose one of the major benefits of Bubble. So just forget about that.

Regulatory compliance is no joke. (It’s stupid, but not a joke, see?) That is, Bubble’s database may actually meet or exceed HIPAA requirements, but without certification (which is costly – in time and dollars) THAT DOESN’T MATTER. And – let me reiterate – Bubble is unlikely to proceed with any such certification in the near, mid- or long-term future.

They will tell you as much if you ask. It’s just “not a thing”.

Hell, Bubble won’t even fix bugs like this one, because it only affects the most advanced of users (currently, an army of one… namely ME). So why would they pursue the requisite HIPAA certifications, etc.

If you choose to go that route, you’re simply doomed to failure. Build your HIPAA-compliant app on a HIPAA-compliant stack. There is no come to bet on here.

In the meantime: Build something without weird regulatory compliance requirements on Bubble. The possibilities are endless, as long as they don’t involve stuff like this. (And there are, in fact, an infinite number of things that don’t require HIPAA compliance. That’s the nature of infinity. It’s big. Like, mind-boggling big as Douglas Adams would have it.)

2 Likes

Aside: There is no turnkey HIPAA-compliant stack. You’re on your own there.

I agree with @keith. At the moment, it is not a good idea to build it out using Bubble.
You will receive a Frankenstein as the outcome which can be handled by specific developers only.
Moreover, it will not be flexible for debugging, fixing, and implementation of new features. I’m sure that you will spend much more than using code as a solution.
Also, I think it would be hard to explain to a HIPAA consultant that your app follows all requirements while Bubble doesn’t support it.

@lottemint.md solved the problem by creating a Nexmo JWT plugin. :wink:

Hi y’all, :sleepy:

I just got out of the hospital :hospital:.

Yesterday, I read @keith 's response, and my blood pressure rose to extremely high levels. I thought I was out for the count. I said, here I come, God!

The doctor (she) prescribed some very potent medicine :pill:- it knocked me out. Good looking doctor if I may say so myself.

I was out cold for a while, but I am not entirely sure it was a bad experience overall. I had a very vivid dream, and I am amazed to say that @keith was the predominant figure in it. As you all know with certainty, dreams show you life’s truths.

Because I am still human, at first, I once again felt rage and hate for seeing my HIPAA dream melting away, but in my dream, I saw the real and honest love that Keith has for me. I was able to read between the lines; I had cracked the code. I felt as though his words were my mom’s actual arms protecting me :family_woman_boy:. I started to feel respect, love, and admiration for this man. I thought, how lucky can a human being be!. To have a person who gives it to you straight, honest, and intelligently - priceless.

It’s like I have a new outlook on life. I now realize that only an insecure and small-minded individual would be offended by his words. I am not one to give up easily on his goals and aspirations, but this dream forced me to rethink my strategy. I take the following from this rather inexplicable and weird experience.

“In the meantime: Build something without weird regulatory compliance requirements on Bubble. The possibilities are endless, as long as they don’t involve stuff like this. (And there are, in fact, an infinite number of things that don’t require HIPAA compliance. That’s the nature of infinity. It’s big. Like, mind-boggling big as Douglas Adams would have it.)”

Now, I am off to find out who Douglas Adams is. Wait, is that the English Author-Humorist? Golly gee whiz, I knew I liked this man @keith :hugs:

That @lottemint.md sure is a smart cookie. Heck, look at him; he is the only one who’s made any real money in the middle of this debacle.

He $old one plugin for $10 and he also won $100 for the challenge. I tell you what; I’d listen to a man who can make money while others are busy debating dreams and maybes. I wouldn’t mind having that guy as part of my team. :wink:

1 Like

@keith said everything. Someone should close your topic as this has been answered before.

And I certainly dont like how your behavior is towards other members.

I feel @keith understands that I’m not being disrespectful towards him. I genuinely appreciate his advice, and I can demonstrate that I have put in action what he and others kindly suggested I’d do.

@nocodeventure Furthermore, I can prove and offer proof that more than likely, your reasons for saying these sore-like comments are due to other more personal reasons. Prior to the ”challenge,” you wanted me to rush and pay you to do the app. Opposite to what Keith suggested. I mentioned to you that I needed HIPAA COMPLIANCE, (not at first ) but that didn’t deter you from wanting to go ahead and do the app. I don’t doubt your ability to code a beautiful app. However, I felt you lack the more than crucial empathy needed to create a good relationship with your partners (clients). Now, I can see my gut feeling was correct about you. Now, you can see that without having more context from your clients, you would have wasted my valuable time and money.

@keith I am sorry if my immature humor was in any way mean to you. I’ll try to be more careful. Again, thank you for looking out for me.

1 Like

You can’t expect a developer to do the legal research for you. With that said, good luck.

You are correct @nocodeventure

Hi @keith
Can you please clarify your comment “Aside: There is no turnkey HIPAA-compliant stack. You’re on your own there.” ?

I’m asking because specifically, knack.com says you can get a HIPPA compliant version of their product. Wouldn’t that qualify?

Many thanks,

Alex

Nice bump

+1 to this. And It is worth echoing - there is no turnkey HIPAA-compliant stack. Application design varies wildly, and therefore infrastructure needs vary wildly. Because of that, it is a virtual impossibility to simply “turn on” a stack. You have to be careful and considered in your infrastructure design, trimming all fat and complexity, so that your security needs can be as simple, but robust, as possible.

Hi everyone,

I’ve read this thread (and other similar threads) a few times over and feel that this conversation hasn’t arrived at a totally fair conclusion (if any conclusion at all).

The dominant sentiment here seems to be that “it might be possible to implement DIY HIPAA compliance by using Bubble as a frontend and connecting to a 3rd party data storage service that will sign a BAA (such as Aptible, TrueValt, AWS even I believe?). However, this is a bad road to follow because a) it’s not Bubble’s intended use, b) you’re paying for Bubble’s no-code benefits but now may have to worry about traditional database management and some potentially tricky integration, c) the list goes on…”

Now I think these disadvantages make sense and can certainly guide a lot of people in the right direction. However, I actually have a project in the pipeline - which needs to be HIPAA compliant - which I’d like to create with Bubble.

I come from a software dev background and am perfectly happy to treat Bubble as a ‘no-code frontend builder’ which connects to a 3rd party HIPAA-compliant storage option. I’ve seen some interesting points about Data De-Identification and compliant DB services like TrueVault, Aptible and even AWS — if anyone is still interested in these options, I’d love to continue the discussion with you.

Hello folks!

HIPAA dictates that all components of a service must be compliant in order for the product as a whole to meet requirements. Though certain sub-processors may be HIPAA compliant, the Bubble platform and internal company processes as a whole are not, so any applications built on Bubble will not meet compliance requirements. Therefore, we cannot recommend building applications that require HIPAA compliance on Bubble at this time.

4 Likes