I am building an application on Firebase, and some of the data needs to be HIPAA compliant. My initial idea was to connect to AWS DynamoDB (HIPAA compliant) from Firebase Cloud Functions, but then I realized that the data would be passing through the (NOT HIPAA compliant) function.
Is there a way to securely access DynamoDB from a serverless webapp? It doesn't have to be DynamoDB either. I am also open to other services that provide HIPAA compliant database services (preferably through an API would be great!).
Thanks in advance.
The key thing here is that you only process, store, and transmit protected health information (PHI) in HIPAA-eligible services, as defined in the Business Associate Addendum (BAA) from your cloud service provider. How you deploy code is not significant, to the best of my knowledge (as that process would not typically involve PHI).
Of course you need to comply with the Security Rule, the Privacy Rule, and the Breach Notification Rule.