I am working on a bootstrapped side project aimed at digital nomads that lets you input your personal blood test data and track results over time, across countries.
My business entity is based in Georgia (country). Do I need to worry about HIPAA? Any specific GDPR provisions related to health data?
Does it matter where the users are from, and where the blood tests they're inputting data from were conducted?
In the future, it would be interesting to provide a paid service where the users would get connected with a doctor who could provide recommendations based on their record. Is, for example, a US doctor allowed to provide tele-services to a British citizen in Bali? Or a Filipino doctor to a US citizen in Thailand?