IT Security expert. Founder of Metaluxo IT Security based in London and Berlin. International experience across four continents. Giving expert advice in matter of information security: Ethical Hacking, Vulnerability Assessments, Penetration Testing, Disaster Recovery Plans, Data Breaches, Cloud Security (specially AWS), GDPR compliance and other related topics.
For a small/medium-sized project WordPress might be acceptable. However, if you plan to scale up and expect a lot of traffic it will be quite difficult to keep up.
Security of WP has improved in recent years, however, it still relies in PHP one of the languages that historically has suffered of prevalent security issues.
Scalability will be difficult at some point, you will need professional infrastructure to get a lot of transactions and other operations smooth. I would recommend research dedicated eCommerce platforms, remember Wordpress was originally conceived as a blogging platform.
GoDaddy is definitely not the best option for hosting, not even for keeping your domain!
I'd recommend to get a reputable hosting company, preferrable not using a shared hosting. You can check out Google Cloud Platform or Amazon Web Services that will scale up with your needs.
Of course, the first part of the process is to identify which personal information are you holding and for what purpose.
On the technical side, you need to have appropriate security for protecting such information (such using encryption in your laptop, or making sure you have "https" on you site when submitting information).
The process if of course, longer than that but that gives you an idea. Depending on your size it would be a good idea to bring an external consultant to help you with the process. The UK ICO has good information about you have to do.
Please also consider if the solutions architect have good knowledge of best security practices (or at least some working knowledge and he's able to find what's needed). The least thing you want is to have security gaps that might kill your startup with a security breach. Cross-platform apps might be tricky and interacting with external third-parties might leave you exposed to unwanted threats. Correctly managed these potential security breaches might be greatly reduced.
I work in the security and privacy business in Europe and I can tell you a bit more about point d. You need to make sure you're bringing also an expert in compliance depending on your jurisdiction (e.g. HIPAA). You might need expert advice to know if you're doing enough to protect private information from patients. A lawyer might have a good knowledge of the regulations, however, a technical expert will also tell you if your measures are enough or if you're falling short and possibly liable.
If you're going to do business with Europe in any length, remember that we do have quite strict guidelines about privacy and is your responsibility to adequately protect patient's information.
After working quite a few years in engineering, definitely I can recommend bringing an expert that acts as you CTO which will help you grow a reliable team. She/he will be able to advise you the best option for you about growing a team. Make sure this person has the correct balance of experience in a similar project and is someone who can understand your business requirements.
This expert will help you to also find some other experts you might need to get you where you want to be, or hire permanent employees if that's the best option. When you're ready to get your IT security policy as well, then drop me a line, we work with a variety of small-medium businesses with very little knowledge, sometimes, of this area.
Data security and privacy controls are things to consider carefully. Depending on the jurisdiction you fall in, there can even be legislation that you need to follow (e.g. HIPAA).
Having a strong data protection and a clear privacy statement is not only good for your peace of mind, it also demonstrates that you care about your customers data and set you apart from other healthcare businesses. Here in the Europe there are strong directives for protecting private identifiable personal data and especially anything related to healthcare.
That's definitely a possible. Networking with other startups can help you point out in the right direction. You might as well offer internships (at least here in Germany most of them are unpaid) and advertise for co-founders who can join you, even part-time.
There's a lot of people waiting for an opportunity to improve their skills. Of course you need to have such a great pitch and offer realistic expectation when they might get paid.
I agree with the previous suggestions. You need to be sure your idea is profitable. There are myriad of applications nowadays and many of them don't generate a good business. Once you move to the execution time, get a good team to build a quality app, your testers are your friends.
Be sure to get your IT security strategy in place since the beginning, at least a basic one, when it's easier (and cheaper) to establish. Remember that in the rush to go live many startups lack security mechanisms and a single data breach in early stages can trash all your good work in a minute.
Call me if you need further assistance with the last topic.