Is it okay to use Flutter for Hipaa compliant app? - flutter

I am working on deciding the technology stack for one of health-related application. We are targetting for HIPAA compliance for the same.
Definitely Native is a good option but I am looking for cost-effective option from development as well as maintenance perspective that's why looking into Flutter Framework. It is satisfying most of the functional as well as technical needs.
I need answers of,
Is there anything inside Flutter framework itself which is not compliant with Hippa?
Any challenges that I can't see at this moment but people have faced in compliance?
Popular third parties not to be used like Firebase, Crashlytics etc? Definitely, at the time of adding new package we will do analysis then we will add it.

Short answer (first bullet): Yes, you can use Flutter in a way that complies with the HIPAA Security & Privacy Rules.
Long Answer (second bullet): You can also use it in a way that violates those rules. At the risk of pedantry, you're asking the wrong question. HIPAA applies to Covered Entities and Business Associates, not to frameworks or applications. A better question is "Is my company HIPAA Compliant?" which means "Have we implemented the 54 safeguards of the Security Rule in a reasonable and appropriate fashion, and are we using and disclosing PHI in ways permissible under the Privacy Rule?"
Third Bullet: If the third party is handling ePHI, they will need to sign a Business Associate Agreement (BAA) - no matter how popular they are. Google's an odd case in that they'll sign a BAA for some, but not all, services. Here's the full list .

Related

What is the difference between Paypal Business and Paypal Enterprise?

As a new developer, I found there are two very similar types of Paypal from Paypal Developer's page: https://developer.paypal.com/home/
For Business and For Enterprise (I understand For Marketplaces and Platforms is meant to be used entirely different use casaes)
I saw "Manage Risk" under for Enterprise -- that seems to be the only difference from For Business -- but even a small business needs to manage its risk, doesn't it?
Can someone give me a high level explanation, when should I use For Business and when should I use for Enterprise from the following perspective?
how much extra functionality does for enterprise offer comparing to for business?
how much extra complexity for the developers to implement the integration comparing to the later?
It's a matter of scale. The product offerings in the Enterprise section aren't designed for or marketed toward small and medium sized businesses. What exactly that means, and whether there might be a particular exception to something you need, will vary.
If you have to ask whether the Enterprise section applies to you, it doesn't.

Getting up to speed on current web service design practices

I'm admittedly unsure whether this post falls within the scope of acceptable SO questions. If not, please advise whether I might be able to adjust it to fit or if perhaps there might be a more appropriate site for it.
I'm a WinForms guy, but I've got a new project where I'm going to be making web service calls for a Point of Sale system. I've read about how CRUD operations are handled in RESTful environments where GET/PUT/POST/etc represent their respective CRUD counterpart. However I've just started working on a project where I need to submit my requirements to a developer who'll be developing a web api for me to use but he tells me that this isn't how the big boys do it.
Instead of making web requests to create a transaction followed by requests to add items to the transaction in the object based approach I'm accustomed to, I will instead use a service based approach to just make a 'prepare' checkout call in order to see the subtotal, tax, total, etc. for the transaction with the items I currently have on it. Then when I'm ready to actually process the transaction I'll make a call to 'complete' checkout.
I quoted a couple words above because I'm curious whether these are common terms that everyone uses or just ones that he happened to choose to explain the process to me. And my question is, where might I go to get up to speed on the way the 'big boys' like Google and Amazon design their APIs? I'm not the one implementing the API, but there seems to be a little bit of an impedance mismatch in regard to how I'm trying to communicate what I need and the way the developer is expecting to hear my requirements.
Not sure wrt the specifics of your application though your general understanding seems ik. There are always corner cases that test the born though.
I would heed that you listen to your dev team on how things should be imolemented and just provide the "what's" (requirements). They should be trusted to know best practice and your company's own interpretation and standards (right or wrong). If they don't give you your requirement (ease-of-use or can't be easily reusable with expanded requirements) then you can review why with an architect or dev mgr.
However, if you are interested and want to debate and perhaps understand, check out Atlassian's best practice here: https://developer.atlassian.com/plugins/servlet/mobile#content/view/4915226.
FYI: Atlassian make really leading dev tools in use in v.large companies. Note also that this best-practices is as a part of refactoring meaning they've been through the mill and know what worked and what hasn't).
FYI2 (edit): Reading between the lines of your question, I think your dev is basically instructing you specifically on how transactions are managed within ReST. That is, you don't typically begin, add, end. Instead, everything that is transactional is rolled within a transaction wrapper and POSTed to the server as a single transaction.

Shopping cart framework that supports multiple vendors?

I'm searching for a shopping cart or web store framework that supports multiple vendors.
There are many, many shopping cart frameworks out there: that page lists couple of hundred. In spite of the comparisons on that page, supporting multiple vendors isn't a comparison item, probably because it's a rare requirement. Separate to that page I have evaluated a few of what appear to be the top frameworks, and none that I evaluated supported this feature. Which carts would you recommend?
Commercial is okay, although I would prefer open source.
Platform (Windows, Linux, ASP.Net, PHP, Ruby... Minix, Fortran... :)) doesn't matter.
A system
where I manually add vendors who request it (instead of them freely
being able to sign up) is also okay, if there's a store where that's
possible but freely joining up isn't built in yet.
Rationale: I'd like to create an app-store like website. "App store" is a close analogy: it won't sell apps, but it will sell digital goods and I'd like anyone to be able to sell their item on the store. It's this second requirement, multiple vendors selling through the store, that I'm finding hard to satisfy.
I've used multiple shopping cart frameworks (a lot of them broken), and my favorite (which just so happens to support multiple vendors) is PrestaShop. It's free, open source, and suppports all that you asked for. Is this the framework you were looking for?
-JXP
The Wikipedia page you cited lists multiple vendor support as a column in Other Features, along with features that are pertinent to your search.
This question otherwise requires domain knowledge and likely requires multiple answers. The best I can do is offer the bounded set of software that competes directly within this space, at least according to Wikipedia.
The easiest solution for achieving your stated goal of allowing multiple people to sell on your site while exercising fine-grained control of who can and cannot do so is perhaps using WPMU's MarketPress in tandem with BuddyPress or WordPress Multisite. I'm not a die-hard fan of WordPress, per se, but that might be an expedient way for you to get to a minimal viable product and to validate your idea before shelling out the time and/or cash to custom build it from the ground up, and/or labor ad nauseam with tweaking an existing framework. MarketPress is a good plug-in that'll give you many of the features of a full-fledged e-commerce framework... BuddyPress, of course, will allow you to set up individual vendor's with their own sites under your brand. The two work together. More on MarketPress at:
http://premium.wpmudev.org/project/e-commerce/installation/
Another alternative is Jimdo's PagePartners. I haven't used it, but it looks intriguing. I like their design sensibilities, and their stated business ethos. This might be a viable option, too. The caveat being: it's not white label. More info about Jimdo's PagePartners here:
http://www.jimdo.com/pagepartner/faq/
Finally, another interesting CMS to explore is SetSeed. I think it'll allow you to launch multiple sites for each vendor via a central hub you control, and will allow you to maintain your branding within each. How, the,n any sort of renumeration would flow back to you for setting up an individual vendor's store would be up to you to figure out... This is a fairly new CMS and it looks like it's evolving smartly and rapidly. If you require some customization of it, to approach more specifically what you ask for, now might be a good time to reach out to the developer...but you might be able to think of an effective way to adapt it for your use right out of the box.
http://setseed.com/multi-site-cms/setseed-hub/
Unfortunately, none of the above is open-source--but, again, the ease by which you could get to a functional site approximating your idea may off-set that drawback. Jimdo is an open-source contributor, however. So, maybe even an e-mail to them might be a fruitful dialogue to begin. If anything, check out each of the above, and it may influence how you search for other solutions, and will at least provide some models in your own thinking or with other developers. The shopping cart is an integrated feature, I believe, in all of the above cases. With regard to giving your vendors the capacity to deliver digital goods (e-books, mp3s, etc.), check out Fetchapp.com. Very cool app. Very easy to set-up...could probably be rolled into one of the above frameworks. The frameworks would handle the issue of individual vendor profiles and/or sub-domains.

Is it expected to disclose all the frameworks / open source software used in a project to a client

Taken aback to day when I was confronted about the use of validation code used from the Csla framework. It felt like I was reprimanded for not disclosing the use of the framework to the client.
Is this not the same as using libraries such as jQuery etc?
You absolutely should acknowledge what you're using, IMO.
Some clients may have particularly strict legal requirements (whether for legitimate reasons or not - they're the client, it's not up to you to judge their laywers) and detailing any third party software you're using to create a product for them seems only reasonable.
What reason could you have for not wanting to be open with your client?
This depends on the license of the open source code you are using. Many of them require to acknowledge the use in some credits section, others require you to redistribute the source code, etc. You should read the license and act accordingly.
It depends on the project and the kind of client and whatever contracts you had. However, for a typical consultant delivering code to a customer, I would say no it is very strange that you would be reprimanded for not bothering them with details such as the use of CSLA. That's pretty odd.
It is the same, I have a feeling that you would have been reprimanded for using jQuery as well. There are enterprises that frown upon the use of open source for various reasons.
They boil down to
The type of license and what does it force the user to do
The availability of support in some commercial form
The need to 'share-alike' the results
You should know what's your customer/employer's stance on this. If they don't have a stance, then you have to discuss on a case-by-case basis.
I usually tell people I use a lot of open source and, by seeing the response I get I know the path to follow. If they jump and scream at the mention of open source and the lack of support and whatnot, I just tend to ask for budget to buy commercial components or present good cases as to why the open source version of X is better than the commercial alternatives.
It very much depends on the type of project and the type of client. The real problem here is that you were surprised, which indicates non-alignment of expectations. How did the client motivate its interest in Csla specifically?
If your client needs to know or cares about which technology you use, then you should specify everything as part of the project documentation. If the choices are clearly described, then it is easier to have a discussion about them, if required. Documentation also gives you a way to ask (literally) for 'sign-off', if that is the way you work.
From your question it is not clear whether the problem was the choice of framework, or not having informed the customer.
Even on projects with minimal documentation, if the customer owns the code then I always deliver at least a High-level architecture document that includes the names and exact versions of every software component used, along with a brief description of what it is for and why it was selected. This is also the correct place to address any license issues.

SaaS-company structure

What is the most typical structure of business where you want to develop several web services? Should one establish a company for each of them or keep under one? I would like to hear your experiences maintaining such situation, keeping in mind the global focus.
By far the two most critical sets of issues determining the answer to this question are legal and financial (including, but not mainly, accounting). So it's hard to see how this question fits with the intent of this site.
It is advised to provide more background information on the topic. Business plans for SaaS companies can range from large cloud computing service vendors (with integrated solutions) and up to business analytics providers targeting specific market niche.
Business is a bit like programming: Keep It Simple (Stupid). Do not create multiple companies, unless there is a good reason to do it.
If You Planning to use python, you can use Django to build saas application,
this video Build SaaS application in Python django will explain about getting started with Sass.
Thanks