4

I am working on deciding the technology stack for one of health-related application. We are targetting for HIPAA compliance for the same.

Definitely Native is a good option but I am looking for cost-effective option from development as well as maintenance perspective that's why looking into Flutter Framework. It is satisfying most of the functional as well as technical needs.

I need answers of,

  • Is there anything inside Flutter framework itself which is not compliant with Hippa?
  • Any challenges that I can't see at this moment but people have faced in compliance?
  • Popular third parties not to be used like Firebase, Crashlytics etc? Definitely, at the time of adding new package we will do analysis then we will add it.
Iducool
  • 3,015
  • 2
  • 20
  • 40

1 Answers1

2

Short answer (first bullet): Yes, you can use Flutter in a way that complies with the HIPAA Security & Privacy Rules.

Long Answer (second bullet): You can also use it in a way that violates those rules. At the risk of pedantry, you're asking the wrong question. HIPAA applies to Covered Entities and Business Associates, not to frameworks or applications. A better question is "Is my company HIPAA Compliant?" which means "Have we implemented the 54 safeguards of the Security Rule in a reasonable and appropriate fashion, and are we using and disclosing PHI in ways permissible under the Privacy Rule?"

Third Bullet: If the third party is handling ePHI, they will need to sign a Business Associate Agreement (BAA) - no matter how popular they are. Google's an odd case in that they'll sign a BAA for some, but not all, services. Here's the full list .

Pete N.
  • 36
  • 2