I am currently creating a web application for a medical company. All the data needs to be stored on a HIPAA compliant database, and deployed to a HIPAA compliant web hosting service. (HIPAA compliance is the standard for sensitive patient data protection that all companies dealing with protected health information (PHI) must follow). Any tech stack suggestions?
When it comes to Next.js, unfortunately Vercel is NOT HIPAA compliant, but AWS Amplify seems to be the best option for hosting a Next.js application.
Supabase is a great option to handle auth / postgres db / storage all in one, and they just became HIPAA compliant, but in order to have HIPAA compliance built in you must be on their teams plan ($600/month). Otherwise AWS will probably be your go to solution for all the backend services as well.