Comment on page
This section covers Bubble and HIPAA compliance
Legal disclaimer: This article is meant only to be educational content to help give you a start on these regulatory compliance matters and is strictly not intended to be legal advice. The information presented may not be applicable to your specific situation and may not reflect the most recent developments in this area.
Always consult a qualified legal professional for advice regarding specific regulatory compliance obligations relevant to your circumstances. Details about your speciﬁc idea, app or context could make a diﬀerence in how you approach these obligations.
Moreover, this article is meant to be an introductory- level guide and will not cover all the ﬁne details of these topics.
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law enacted in 1996. It primarily aims to protect the privacy and security of individuals' health information and to establish national standards for the handling of such data. HIPAA applies to healthcare providers, health plans, healthcare clearinghouses, and their business associates who process, store, or transmit Protected Health Information (PHI).
In the context of Bubble app development, if your app collects, stores, or processes PHI, you must ensure compliance with HIPAA regulations. To achieve HIPAA compliance, you need to implement specific administrative, physical, and technical safeguards, as well as enter into Business Associate Agreements (BAAs) with any third-party services you use in your app that handle PHI on your behalf.
HIPAA mandates that all aspects of a service need to be compliant for the overall product to fulfill its requirements. While some sub-processors might be HIPAA compliant, the entire Bubble platform and its internal company processes currently do not meet these standards. Consequently, apps built on Bubble won't achieve HIPAA compliance. As a result, it is not advisable to develop applications requiring HIPAA compliance on the Bubble platform.
While it may be possible to set up your app using third-party solutions that together ensure HIPAA compliance, Bubble cannot support HIPAA compliant apps.
For this reason, we currently do not recommend using Bubble for apps that require HIPAA compliance.