| Thanks for your comments everyone. I'm trying to keep up with them all. A little more information: Pacifica is a hybrid application, built on the Ionic Framework (http://ionicframework.com/). We've been pretty happy with Ionic, it's the main reason we were able to release on Android and iOS simultaneously. Thanks to Max and the Drifty team for creating a great platform. There are a lot of comments and questions about privacy and compliance. I'll try to summarize some of my answers: We don't technically store what's called Protected (or Private) Health Information. This is because Pacifica is a self-help tool and PHI is defined as originating from a healthcare professional. That being said, we are taking steps to treat our data as if it were PHI. We have a signed Business Associated Agreement with Amazon and are trying to operate as if we were HIPAA compliant (we technically are, in the same way that any company that doesn't store PHI is HIPAA compliant). Regarding privacy and security: yes, we're in the cloud. Specifically, on AWS. While this may be contentious, we believe that there's no reason this is less secure than if you were hosted in a local colocation facility. Amazon has pretty rigorous requirements for who has access to machines and who can access data on those machines. Many of their services are HIPAA compliant, and they certainly take this extremely seriously. In addition, we do try to make sure everyone's data is as safe as possible. The mobile applications communicate with our servers over HTTPS. We're using Elastic Load Balancers but don't terminate SSL at the ELB, it passes through to our own server so Amazon doesn't have the private keys. Recordings are stored encrypted in S3, and our RDS instances are also encrypted. There's more that we can do (as there always is), but we wanted to provide a little information about what we are currently trying to do to protect things. We welcome any additional suggestions. |