HIPAA Compliance with custom actions

I’m aware that it’s impossible to run a HIPAA compliant app in adalo, however, there are clear ways to to avoid hipaa whataoever by breaking the connection between client and patient private data.

If I allow a doctor to sign a user up and have them pooled togeteher, that is not hipaa compliant with adalo. That being said, if I have a doctor sign the user up as a “regular user” (completely un-tied to the doctor in question) than it bypasses hipaa compliancy.

My question is this: If I have a doctor sign up a user on their phones and have a CUSTOM ACTION send an email through sendgrid transacitonal emails, will it still bypass HIPAA? In other words, will anything tie the doctor and the new ungrouped user together in the custom action side / is there a record of custom actions and requests in adalo’s database

As far as I know right now, there is no way for me or anyone else to see who the sendgrid transactional emails are sent to, so it would be on the adalo side.

Hi @tmurray19 ,

Another alternative logic would be to use automation tools such as make/zapier.

But business thought would be if you get warned by HIPAA because of your app, it means you achieve product market fit and you have succeeded with no code adventure, another journey will await you.

It’s definitely working so far as the connection between provider and client/patient does not exist. I actually did use zapier and make/integromat but they kept a pretty extensive log of everything. As far as I know right now, there is no such log for me to see in adalo’s servers… Which means that the connection is null

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.