How to require 2-factor authentication or multi-factor authentication (or client-side end-to-end encryption) for consumers of Observable Framework dashboards?

[jaanli]

For the health care use cases at @onefact, we rely on @observablehq's Framework regularly.

However, for clinicians to be able to make predictions and decisions (or financial engineers at hospitals/hospital-connected entities like private equity fund resource allocators), we need to comply with federal laws like the Health Insurance Portability and Accountability Act.

I was able to confirm with the @observablehq team that the platform is not HIPAA-compliant unfortunately, so we are rolling our own feature.

Does anyone else need this?

Happy to make this contribution from @onefact as we have some headcount for the summer.

Examples of our tests with Observable so far that I can share (the work with clinicians and clinics is private by federal law, as protected health information is unable to be shared or we will lose a lot of money due to the HIPAA violations):

• https://onefact.github.io/new-york-real-estate/
• https://onefact.github.io/american-community-survey/new-york-area/income-by-race
• https://onefact.github.io/healthcare-data/

Examples with de-identified semi-public health care data I've trained language models (e.g. http://arxiv.org/abs/1904.05342) on:

• https://colab.research.google.com/github/onefact/loving-the-baseline/blob/main/nearest-neighbors.ipynb

HTH happy to chat if anyone else needs this feature, our focus is hospitals, tertiary care centers, and clinics in low- and middle-income countries that tend to need on-device compute (due to internet connectivity), but HIPAA-compliance is still the gold standard we start from for these use cases 🙏