Forum Academy Marketplace Showcase Pricing Features

Challange for amazeball developers (Virgil Security, HIPAA)

Hi y’all, :sleepy:

I just got out of the hospital :hospital:.

Yesterday, I read @keith 's response, and my blood pressure rose to extremely high levels. I thought I was out for the count. I said, here I come, God!

The doctor (she) prescribed some very potent medicine :pill:- it knocked me out. Good looking doctor if I may say so myself.

I was out cold for a while, but I am not entirely sure it was a bad experience overall. I had a very vivid dream, and I am amazed to say that @keith was the predominant figure in it. As you all know with certainty, dreams show you life’s truths.

Because I am still human, at first, I once again felt rage and hate for seeing my HIPAA dream melting away, but in my dream, I saw the real and honest love that Keith has for me. I was able to read between the lines; I had cracked the code. I felt as though his words were my mom’s actual arms protecting me :family_woman_boy:. I started to feel respect, love, and admiration for this man. I thought, how lucky can a human being be!. To have a person who gives it to you straight, honest, and intelligently - priceless.

It’s like I have a new outlook on life. I now realize that only an insecure and small-minded individual would be offended by his words. I am not one to give up easily on his goals and aspirations, but this dream forced me to rethink my strategy. I take the following from this rather inexplicable and weird experience.

“In the meantime: Build something without weird regulatory compliance requirements on Bubble. The possibilities are endless, as long as they don’t involve stuff like this. (And there are, in fact, an infinite number of things that don’t require HIPAA compliance. That’s the nature of infinity. It’s big. Like, mind-boggling big as Douglas Adams would have it.)”

Now, I am off to find out who Douglas Adams is. Wait, is that the English Author-Humorist? Golly gee whiz, I knew I liked this man @keith :hugs:

That sure is a smart cookie. Heck, look at him; he is the only one who’s made any real money in the middle of this debacle.

He $old one plugin for $10 and he also won $100 for the challenge. I tell you what; I’d listen to a man who can make money while others are busy debating dreams and maybes. I wouldn’t mind having that guy as part of my team. :wink:

1 Like

@keith said everything. Someone should close your topic as this has been answered before.

And I certainly dont like how your behavior is towards other members.

I feel @keith understands that I’m not being disrespectful towards him. I genuinely appreciate his advice, and I can demonstrate that I have put in action what he and others kindly suggested I’d do.

@nocodeventure Furthermore, I can prove and offer proof that more than likely, your reasons for saying these sore-like comments are due to other more personal reasons. Prior to the ”challenge,” you wanted me to rush and pay you to do the app. Opposite to what Keith suggested. I mentioned to you that I needed HIPAA COMPLIANCE, (not at first ) but that didn’t deter you from wanting to go ahead and do the app. I don’t doubt your ability to code a beautiful app. However, I felt you lack the more than crucial empathy needed to create a good relationship with your partners (clients). Now, I can see my gut feeling was correct about you. Now, you can see that without having more context from your clients, you would have wasted my valuable time and money.

@keith I am sorry if my immature humor was in any way mean to you. I’ll try to be more careful. Again, thank you for looking out for me.

1 Like

You can’t expect a developer to do the legal research for you. With that said, good luck.

You are correct @nocodeventure

Hi @keith
Can you please clarify your comment “Aside: There is no turnkey HIPAA-compliant stack. You’re on your own there.” ?

I’m asking because specifically, says you can get a HIPPA compliant version of their product. Wouldn’t that qualify?

Many thanks,


Nice bump

+1 to this. And It is worth echoing - there is no turnkey HIPAA-compliant stack. Application design varies wildly, and therefore infrastructure needs vary wildly. Because of that, it is a virtual impossibility to simply “turn on” a stack. You have to be careful and considered in your infrastructure design, trimming all fat and complexity, so that your security needs can be as simple, but robust, as possible.

Hi everyone,

I’ve read this thread (and other similar threads) a few times over and feel that this conversation hasn’t arrived at a totally fair conclusion (if any conclusion at all).

The dominant sentiment here seems to be that “it might be possible to implement DIY HIPAA compliance by using Bubble as a frontend and connecting to a 3rd party data storage service that will sign a BAA (such as Aptible, TrueValt, AWS even I believe?). However, this is a bad road to follow because a) it’s not Bubble’s intended use, b) you’re paying for Bubble’s no-code benefits but now may have to worry about traditional database management and some potentially tricky integration, c) the list goes on…”

Now I think these disadvantages make sense and can certainly guide a lot of people in the right direction. However, I actually have a project in the pipeline - which needs to be HIPAA compliant - which I’d like to create with Bubble.

I come from a software dev background and am perfectly happy to treat Bubble as a ‘no-code frontend builder’ which connects to a 3rd party HIPAA-compliant storage option. I’ve seen some interesting points about Data De-Identification and compliant DB services like TrueVault, Aptible and even AWS — if anyone is still interested in these options, I’d love to continue the discussion with you.

Hello folks!

HIPAA dictates that all components of a service must be compliant in order for the product as a whole to meet requirements. Though certain sub-processors may be HIPAA compliant, the Bubble platform and internal company processes as a whole are not, so any applications built on Bubble will not meet compliance requirements. Therefore, we cannot recommend building applications that require HIPAA compliance on Bubble at this time.


I am trying to connect to firestore using the bubble api plugin but I can’t find the good configuration for the auth , call …
I have my service account and my Json with the private key, … but I am failing all the time to access my firestore database.
Can you help me please ?

I tried to find your plugin but I couldn’t find it.
The only “thing” I am trying to do read / write my data from my bubble app.
I manage to retrieve a token but in a seperate call. And not doing the auth in the read call; I have tried with auth2 login/password, … but I did not manage to succeed.
Can you please tell me what data to put in which field in order to do it.
Thanks a lot

@hi14 has close to no idea of what he’s talking about. Do not listen to him. Besides, he’s writing as if he was in a People’s magazine forum, and not in a serious professional discussion. Please, keep Bubble’s forum professional. @PWC @rebecca1 and @neerja do know what they’re talking about. It is feasible to use the techniques mentioned by the former two in order to consolidate a HIPAA compliant platform. I think nobody is talking about that because they somehow didn’t get what @PWC was suggesting, nor they understand what HIPAA or web development is all about. I’ll be back soon with further information.

PS: Bubble’s decisions around HIPAA compliance are not a matter of politics, but of business strategy and product development (use common sense), and it’s doing an extraordinary work regarding optimizations and computational problems you’re not even aware of, nor have cared to investigate @hi14 . Thus I recommend you to visit further documentation on how the internet, and the world, actually works.