Purpose
Document the fundamental architectural decision of how BrandaCare handles sensitive data (PHI/HIPAA) vs. non-sensitive data, separating concerns into 2 clear layers. This separation lets us scale without compromising compliance.
Audience:
Yami, Pablo, Quasar, Santi, Manuel. All technical and leadership team members should understand this.
The golden rule
All PHI data lives inside the Google Workspace ecosystem (Apps Script, Sheets, Drive, Forms). All UX / branding / training lives on Netlify (static HTML). The visible layer is Netlify; the layer that touches PHI is embedded Google Apps Script.
The 2 layers
| Layer | Content | Vendor | HIPAA | Cost |
|---|---|---|---|---|
| UX Layer (no-PHI) |
Manual / training General dashboard Internal forms without PHI Navigation + branding Acronyms, glossaries |
Netlify | Not required | $0/mo |
| HIPAA Layer (PHI) |
Patient data Insurance verifications Claims data Forms with PHI Processed EOBs Productivity tracker with patients |
Google Workspace + Apps Script |
Yes — via Google BAA | Included in Workspace |
How they connect
Apps Script web apps are embedded inside the Netlify frontend using iframes. The user sees ONE unified BrandaCare experience, but technically:
- The Netlify "host" HTML provides UX, branding, navigation
- When the user needs to interact with PHI (e.g. view a verification, complete a patient form), that widget is an iframe to a Google Apps Script web app
- The iframe runs in the browser but its content and data live in Google
- BrandaCare never has PHI on Netlify or own servers
Concrete example:
When an Insurance Verification Junior opens the "Insurance Verification Form" in the dashboard,
the shell (branding, navigation) comes from Netlify, but the form itself is an embedded Apps Script app.
The form reads/writes to Google Sheets — where it's HIPAA-compliant.
Critical rules for the tech team
| RULE | Why |
|---|---|
| NEVER put PHI in static Netlify HTML | Netlify has no BAA = not HIPAA compliant |
| NEVER hardcode PatNum + name + DOB in public docs | Combination = PHI under HIPAA |
| NEVER allow OD queries from Netlify JavaScript | OD credentials would give PHI access from non-HIPAA env |
| ALWAYS put workflows with PHI inside Apps Script | Workspace is the only place with BAA |
| ALWAYS embed Apps Script via iframe | Isolates PHI sandbox from public shell |
| ALWAYS audit logs in Apps Script for PHI actions | HIPAA requires audit trail |
Where each component lives
| Component | Lives in | Reason |
|---|---|---|
| Internal manual (this site) | Netlify | Only training/SOPs without PHI |
| Manual auth gate | Netlify + Google OAuth | Only restricts access, doesn't touch data |
| Insurance Verification Form | Apps Script | Contains PHI (patient, DOB, ID) |
| OPS Dashboard (future) | Hybrid | Shell in Netlify, PHI widgets in embedded Apps Script |
| Productivity Tracker (future) | Apps Script | References PHI by PatNum |
| Carrier Coverage Notes | Netlify | Only generic carrier rules, no patients |
| BC Breakdown (future) | Apps Script | Contains patient + plan + real coverage |
| Internal timesheets | Apps Script or Netlify | Apps Script preferred (Workspace auth) — no PHI |
| Internal IT tickets | Netlify | No PHI |
Benefits of this model
- Zero new HIPAA infrastructure to maintain — Google does the heavy compliance work
- No extra vendor lock-in — depend only on Google and Netlify (free)
- Brand consistency — UX the team sees is 100% BrandaCare across the whole stack
- Near-zero cost — Netlify free + Workspace already paid
- Replaces Jotform ($130/mo) → $1,560/year savings when we migrate
- Scalable — adding 50 manual docs ≠ adding PHI features; each layer scales independently
- Team familiarity — Yami already masters Apps Script, no new stack to learn
Migration roadmap
| Phase | Action | Status |
|---|---|---|
| P1 | Static manual on Netlify + Google OAuth auth gate | In progress |
| P2 | Embed first Apps Script form in the manual (proof of concept) | Pending |
| P3 | Migrate 1 form from Jotform to Apps Script | Pending |
| P4 | Migrate remaining PHI forms to Apps Script → cancel Jotform | Pending |
| P5 | Build OPS Dashboard as Netlify shell + Apps Script widgets | Q3-Q4 2026 |
| P6 | Migrate Productivity Tracker + Task assignment to new dashboard | Q4 2026 |