Tess
May 8, 2025, 10:57pm
3
Hi @jfc ,
Thanks for reaching out!
You might find these related topics helpful:
I'm in healthcare industry under HIPAA as well.
Our compliance officer gave us greenlight if the Retool is hosted strictly internal, which means no public access at all time, and communicates only limited non PHI data (license check, user invite, etc.) with Retool company (as outlined in Self-hosted Retool quickstart | Retool Docs ).
Since it's self-hosted internally, we don't have to worry about PHI during external transmittion or how Retool is gonna store / use the data. The Retool entry poinβ¦
Hi friends. I am trying to build applications for healthcare to integrate with data from an EPIC electronic health record system. This requires HIPAA compliance. I was wondering if anyone had best practices to share on how to stay in compliance?
My default assumption is that even if I have encrypted databases, if it is read by a non-self hosted version of Retool, that I will be out of compliance.
Thanks!
For your questions about authentication, do you mean auth with username and password? Curious if you can share more details on your use case & potential concerns