Forum Academy Marketplace Showcase Pricing Features

Data Privacy in many to many relationship

I’m building an app that may contain some sensitive information about people and I’m trying to use the Data Privacy rules but I can’t figure it out how to make it work for what I need.
I just want to say upfront that the data displayed in the user interface is already showing correctly only to people who should see it. I got all UI and workflows working. This is just to prevent hackers or unauthorized users from snooping in, as privacy is of great importance for this app. (So I’m trying to use the Data Privacy rules).

I’ll try to simplify what I’m trying to do to illustrate it.
In my app, I have a few Types and example fields:

  • User (the usual user fields - can be doctors, patients or admin staff in a medical practice)
  • Patient (User, Name, BloodType, DOB, Allergies… - with patient-specific info. Some patients can be users but most are not as they are just created by the practice for internal use)
  • Doctor (User, Credential, Speciality… - with doctor-specific info)
  • PatientDoctor (Patient, Doctor - this creates a many-to-many relationship as one doctor treats many patients and one patient can be treated by many doctors)
  • ExamResults (Patient, Type, Score, Comments… - exam results related to a single patient. One patient can have many ExamResults records)

What I am trying to do is to create a rule in the ExamResults type that will allow only users who are either the Patients themselves or Doctors who are linked to the Patient to see the data in the ExamResults table.

When I go create a rule, I can easily create one for the User who is a patient, as the relationship is directly linked by one to one relationships. However, I can’t create a rule for doctors, as I would need to do a search in PatientDoctor for doctors who can see the Patient related to the data in this table. I can’t use search in Privacy Rules and I can reference PatientDoctors from there.

I will also need a similar rule for Doctors seeing info in the Patients table related to their patients only.

Any ideas on how to make that info private only to the people I want?


Hi @rscestari!

Is it too late to make data structure changes, eliminating the PatientDoctor thing, and having a many-to-many relationship on the Patient and Doctor things themselves?

Something like this:

And then add the doctor and patient records to the user:

And setup privacy for patient and doctor on the Exam Results:

The check for is not empty, is just in case you end up with a User with an empty patient record, that would then match to any ExamResults that also do not have a patient attached.

Now unfortunately, for the doctors permission, you can’t use the searches (as noted in the screenshot,) but it still might work for you. For example, if a doctor user searched for a patient, then all the patient’s ExamResult’s would be still visible to the doctor.

Hopefully this stirs up some ideas for you!


Sounds like a useful app in the making.

A small note of caution, in some countries there are legal requirements around storage and access of patient medical information.

Thanks, @mebeingken,
That does give me some insights.
I’ll try it out.

Thanks for the note @mishav.
The results will basically be the results of a mental health self-reporting questionnaire.
I don’t know if that will classify as health records but I’ll keep that in mind.

If any of you want to check the app, version 1 is ready and launched.
Check it here:

The app, in the current version, is designed for 2 publics in mind:

  1. For people who want to check their level of stress, anxiety and depression and, if high, to urge them to seek medical help.
  2. For doctors and mental health professionals to use the tool to automatically calculate the results and keep historical patient data for future reference.
    Check it out and let me know what you think.



I have been looking at a lot of these same challenges. If you are storing patient info on behalf of doctors, HIPPA would apply in the US and you would need a HIPPA-compliant system, which Bubble specifically states it is not. Might be worth looking into before you launch.

@mebeingken - Ken, thanks for the explanation. Could you explain how you use the “list of doctors” data type on the patient type? I watched the Bubble tutorial on using lists, but when I tried to use it, I got an error that a “doctor” (name) couldn’t be entered in the input text field because type was “list” not “text.”
Assuming you have set up your patient as you described above, how to do you populate that patient’s “list of doctors”?

Can a USA company, that is storing patient info on behalf of non USA clinics and non USA doctors not in the USA, Canada, or Europe (e.g. Mexico, Thailand, Bali, Africa, etc), still use What if a USA patient uses a clinic in Mexico?

Did you know it worked when it started urging you to seek medical help, or when it stopped?

I wouldn’t keep anything worth suing me over on Bubble.

@2morses is right about HIPPA.
There are compliant off-site solutions you could integrate with an API. That way you would only keep the off-site IDs on Bubble.

As for the original question, it’s less stress on resources to put a “doctor list” field on the patient (user) table.

@carlos1 - From what I understand, HIPPA applies to patients receiving care in US only as it is part of US law (telemedicine makes this a bit fuzzy). As far as a USA company storing info on behalf of non-USA doctors located in clinics outside the US, I don’t think HIPPA compliance could be required as it is beyond the jurisdiction, but you should probably confirm this with an expert.
The bigger question is what your clients expect: anyone can choose to be HIPPA compliant, even if they aren’t required to. A clinic in Mexico that caters to a lot of “medical tourists” and expects to have a lot of USA patients, may want to be able to advertise they are HIPPA-compliant as a business decision rather than a regulatory one. So, you may want to check with your potential customers on their needs.

1 Like

I feel like this thread pointed out a major gap in bubble that still doesn’t seem to be filled to this day. Privacy for many-to-many relationships SHOULD be supported as part of privacy rules. While @mebeinken 's solution works, it quickly becomes an issue at larger scales. Imagine designing a social media site, for instance, where a person’s privacy is controlled by followers. If a person has 100,000 followers, not only would that cause major performance issues, but I don’t even think it would be supported at bubble’s current list length maximums.

@josh is there any way we could get more advanced privacy rules for these kinds of situations?