Question on Building an Healthcare WebApp

Hi everyone,

I’m currently looking to build an healthcare web application using WeWeb. My goal is to ensure that the application is scalable and HIPAA compliant. I’m seeking advice on the best steps to take next to achieve these objective.

Would you recommend using Superbase or Xano for this project? Any other suggestions or insights on ensuring scalability and compliance would be greatly appreciated.

Thanks!

WeWeb should be capable of doing compliant apps, as it only builds the code that is run on the people’s machines (client-side). There is very few and very specific cases where you would route your data/traffic through WeWeb’s servers. These are quite easy to avoid though.

To give you more context, these cases include cases when you route traffic through their servers, like when you wanna avoid CORS without a backend, or I think specific plugins like the ChatGPT one.

Both Supabase and Xano can be compliant, as far as I know, Supabase is compliant to many of these standards. So I’d say you can use both.

One thing you might find useful might be getting a 1:1 consultation before deciding, or to help with deciding and maybe undertand the scope and the right tools. I built a tech stack (spoiler: it’s very often WeWeb and Supabase - not sponsored ) for many projects and even entire no-code agencies and I do this often with people who want to spend a few bucks to save money and nerves in the long run.

I think @kyanaloe has an app about healtcare made in weweb + xano.
I also remember @jaredgibb was doing something about hipaa compliance

I also discussed this topic before and it was semi-answered in that thread, and it was confirmed by @Slavo from WeWeb, who is the most knowledgeable in these kind of things as far as I know.

@Broberto has spoken.

I have very little to add to this. You can build a HIPAA compliant app on WeWeb + Xano/Supabase.

• Many companies do.
• When it comes to HIPAA compliance, very little is actually about the technology, it is mostly about processes.
• I wrote an article about this: Build a HIPAA Compliant Website: HIPAA Compliance Checklist | WeWeb
• The connection between WeWeb and your backend is direct. Data DOES NOT transit through WeWeb infrastructure (unless you choose to do so to avoid CORS issues).
• WeWeb does not store any data at all with the exception of the tokens/secrets/etc required to securely connect to an external service.
• If you selfhost the application on your infra - it is completely disconnected from WeWeb. There is no backdoor or any umbilical that would allow anyone from Weweb to access anything. If WeWeb would go away or if you stop paying your subscription, your selfhosted app will keep running.

We are highly unique in this aspect and this is the reasons why Enterprise guarding the most sensitive information classes (financial, tax, healthcare, government, military, etc) are moving over to WeWeb.