We're using free cloud resources which also host our internal collaboration infra, its definitely underpowered.
> considering this is hospital data
To be clear, our first target audience is research data collection, which is consented, so that's not immediately an issue, however we don't store Personally Identifying Data (PID) in the current design, instead hashing all ID data. Our institution and local laws are very happy with that. We aim for compliance with other statutes going forward.
We are a research-funded group in Canada, so GDPR and HIPPA compliance was not something we initially considered. Going forward, this is something that we will be prioritizing, since we are looking at potentially offering this as a cloud service (separate from our research team).
We're using free cloud resources which also host our internal collaboration infra, its definitely underpowered.
> considering this is hospital data
To be clear, our first target audience is research data collection, which is consented, so that's not immediately an issue, however we don't store Personally Identifying Data (PID) in the current design, instead hashing all ID data. Our institution and local laws are very happy with that. We aim for compliance with other statutes going forward.