HIPPA Compliancy

Looks interesting. I just asked about pricing: “Our HIPAA plans start out at $1000 per month and up.” Too expensive for my situation, but seems in line with the features.

What options are you looking at?

I just asked what it would cost to get on a hipaa-compliant plan and that’s what he said. I’ve come across a number of services like that which are well-priced for regular users, but then you need to get on an Enterprise plan for hipaa.

According to this Caspio pricing page, HIPPA compliance starts at the $249/month plan.

I also talked with them and they told the HIPPA compliant plan is $1000

Interesting. Here’s my chat transcript:

11:44:52 AM [Phil] How much will I have to pay to get on a hipaa-compliant plan?
11:46:07 AM [Kevin] Our HIPAA plans start out at $1,000 per month and up depending on the features and requirements.

1 Like

Care to join this chat about HIPAA? Challange for amazeball developers (Virgil Security, HIPAA)

Care to join us? Challange for amazeball developers (Virgil Security, HIPAA)

@anon29779373 I though you might have something helpful to add. Challange for amazeball developers (Virgil Security, HIPAA)

Would this make bubble hippa compliant?

I know I’m necroing an old thread, but I did have a question/insight for those who may be doing research on this. In a response to a privacy/security Q&A thread a couple years back, @josh mentioned that the bubble team all have access to any data stored on bubble. I’m not sure if this is the case anymore, but if it is, could it affect bubble’s HIPAA compliance, even if AWS itself is compliant?

1 Like

Dear Bubblers
Covered health care providers that seek additional privacy protections for telehealth while using video communication products should provide such services through technology vendors that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products. The list below includes some vendors that represent that they provide HIPAA-compliant video communication products and that they will enter into a HIPAA BAA.

  • Skype for Business / Microsoft Teams
  • Updox
  • VSee
  • MirrorFly for Healthcare
  • Zoom for Healthcare
  • Doxy Me
  • Google G Suite Hangouts Meet
  • Cisco Webex Meetings / Webex Teams
  • Amazon Chime
  • GoToMeeting
  • Spruce Health Care Messenger
3 Likes

I realize it goes against the main use case & benefits of Bubble, but Is there any way to export your application as code and then self-host? With ever increasing compliance standards, especially with medical patient data – even if not storing the data & just making the DB calls – I don’t want to get into compliance issues for my client. I was looking at one of these providers as a HIPAA compliant hosting option… but just not sure if a Bubble app is the right platform. Thoughts/tips? Thanks, guys!

Unfortunately, you cannot export your Bubble code and run it yourself.

Hi
did you try to do this ?
is it difficult ?
i think it’s the best way to have hipaa

I’m reviving this thread to share a project that I’m working on. Perhaps this will give everyone some insight.

I’m using Bubble to act as a customer facing website. All sensitive information will be processed using AWS Lambda and stored on AWS S3. They have a template that your can start from to get a HIPAA compliant server up (only from an access perspective. You’ll need to setup the technical settings correctly too, and there’s a manual on this).

The Bubble site holds the following pages - login, signup, landing, dashboard, billing, settings, and order. Signed-in users can place an order containing PII which gets processed on AWS. Here’s how I PLAN to handoff sensitive data:
I create a form in AWS that gets shown on the order page. The data is displayed and transferred using the API Connector, so nothing is ever stored on Bubble’s servers. Only updates on the order are sent to Bubble for storage.

Thoughts?

3 Likes

Interested to see what others have to say @johnbaluch. If this works, this would be game changer!

interested to see if this worked out/ passed infosec?

Same here. Have a client for which I’d love to use Bubble but need a viable HIPAA solution.

You can do this with Firebase IAM for authentication and firestore as a DB. Bubble would be the front end only.

But the compliance goes way beyond where the data is stored.

1 Like