Forum Academy Marketplace Showcase Pricing Features

HIPAA Compliance of Apps built on Bubble

I am looking to build an application on Bubble for a healthcare company. The only data stored on the application would be a login for the application user. Aside from that all data would live inside of Salesforce or Amazon S3.

Does anybody foresee any compliance issues with this approach? I am thinking that the retrieval of the data via API might be an issue. Any thoughts on this?

I think it may. The login may cause you issues. You’re storing phi in an insecure storage facility (ie bubble). Get your login on Amplify directly and sign a baa with them. Then your probably good to go

Solid security rules are essential

Plus a bunch of other stuff. It’s not just where the data lives. Do be mindful of the requirements

Got it, what is amplify and could I use SSO with their email service provider?

I’m curious about this as well as I have a client dealing with healthcare data and REALLY want to use Bubble as the UI but know Bubble itself isn’t HIPAA compliant (tragically).