[btown]

Amazing - you all are doing vital, lifesaving work! Curious - did you determine that you needed to use any existing software systems to help with regulatory compliance, such as any big-name EMR solutions and/or single-sign-on with the same? Or were you able to meet HIPAA requirements with standard web application tools & stack? Do you feel any choices of language, database, even things like advisory board, etc. made this easier to do?

[alexalvarado]

Working with existing software systems make this compliance much easier. Many of the big name service providers (Twilio, Sendbird, Auth0, Heroku, AWS, etc) have out-of-the-box HIPAA compliancy. And working with an EMR is tablestakes for a healthcare provider, we definitely did not build that from the ground up! Our work is about bringing these solutions together into a unified UX and ensuring compliancy / security across the stack, while gradually introducing secure and compliant native functionality. Language itself does not have a huge impact (we've seen it done in many different languages), but having the right advisor can make the build process a lot easier if they know what to look for!