Is it okay to use Flutter for Hipaa compliant app?

Question

I am working on deciding the technology stack for one of health-related application. We are targetting for HIPAA compliance for the same.
Definitely Native is a good option but I am looking for cost-effective option from development as well as maintenance perspective that's why looking into Flutter Framework. It is satisfying most of the functional as well as technical needs.
I need answers of,

Is there anything inside Flutter framework itself which is not compliant with Hippa?
Any challenges that I can't see at this moment but people have faced in compliance?
Popular third parties not to be used like Firebase, Crashlytics etc? Definitely, at the time of adding new package we will do analysis then we will add it.

Pete N. · Answer

Short answer (first bullet):  Yes, you can use Flutter in a way that complies with the HIPAA Security & Privacy Rules.
Long Answer (second bullet): You can also use it in a way that violates those rules. At the risk of pedantry, you're asking the wrong question. HIPAA applies to Covered Entities and Business Associates, not to frameworks or applications. A better question is "Is my company HIPAA Compliant?" which means "Have we implemented the 54 safeguards of the Security Rule in a reasonable and appropriate fashion, and are we using and disclosing PHI in ways permissible under the Privacy Rule?"
Third Bullet: If the third party is handling ePHI, they will need to sign a Business Associate Agreement (BAA) - no matter how popular they are. Google's an odd case in that they'll sign a BAA for some, but not all, services. Here's the full list .

Is it okay to use Flutter for Hipaa compliant app?

One Answer

Add your own answers!

Ask a Question