I am looking to build an application on Bubble for a healthcare company. The only data stored on the application would be a login for the application user. Aside from that all data would live inside of Salesforce or Amazon S3.
Does anybody foresee any compliance issues with this approach? I am thinking that the retrieval of the data via API might be an issue. Any thoughts on this?
I think it may. The login may cause you issues. You’re storing phi in an insecure storage facility (ie bubble). Get your login on Amplify directly and sign a baa with them. Then your probably good to go
Solid security rules are essential
Plus a bunch of other stuff. It’s not just where the data lives. Do be mindful of the requirements
Got it, what is amplify and could I use SSO with their email service provider?
I’m curious about this as well as I have a client dealing with healthcare data and REALLY want to use Bubble as the UI but know Bubble itself isn’t HIPAA compliant (tragically).
This topic was automatically closed after 70 days. New replies are no longer allowed.
