Sending linked information securely and confidentially between page and webapp

Hi all,

I have a marketplace app that is aimed at healthcare consumers, and is to be used by them. This app is to be referred to patients by doctors, and I would like the doctor to be able to send the patient a SMS that links to the main webapp which opens on their mobile device.

Because the user of the first page (the doctor) is not the user of the second webapp (the patient), I would like to be able to transfer information securely and confidentially between the two.

What’s the best arrangement for setting up a page that links information between these two? Should I use hashed URL parameters, or another arrangement?

I will also want a third page that receives information from the healthcare consumer that they have consented to securely share with another healthcare business.

Thoughts appreciated!

I’m going to put this as gently as possible:

Just don’t. Go work on some other idea — any idea — that doesn’t involve regulated personal information.

1 Like

That’s a very fair comment. However the information that is being supplied by the doctor is simple information limited to:

Name
Phone number

I’m outside of the US so not seeking to build something HIPAA compliant right now, but medical information is highly regulated here in Australia. No patient records or medical information are being transferred.

The second transfer is also consented non-medical information about the exercise program they wish to do.

If they are two different applications wouldn’t it make sense to connect them via API then just pass some sort of UID within the text or email that you can reference server side to ensure no data is shown to the client?

But also, I may not have fully understood your question :man_shrugging:

2 Likes

Thanks, I think that this is actually what I need to do.

I’ll look into APIs between the web applications and see what information can be passed between them.

The most important thing is that there is one account linked to the phone number, and that this is associated with the link that passes from the referring app to the user’s phone, and then the user’s new bubble account.

Ride on,

If they are bubble applications, connect the applications via The Data API - Bubble Docs or use the Bubble App Connector, Bubble App Connector - Bubble Docs

Then link them in a single data group and use a UID to reference them, this can be passed in via a URL parameter while not exposing any sensitive data as the UID will be an undecipherable string.

Good luck!

This might be a stupid question, but it appears that the Bubble App Connector requires the user of App A and App B to be the same user? So there is no way for Person A to create information that is passed on to the second (main) app when Person B opens their account?

The other solution I could see would be to create the user in the database before the second (main) app is opened, but because this is associated with an email address (which hasn’t been inputted) it gets a bit tricky.