Coolest bug is less of a bug and more of a feature. I've been working on a medical app and I used an open source backend which had almost everything I needed. To be hipaa compliant you have to encrypt all sensitive data - full db encryption was not something this backend was capable of.

So my solution was to encrypt the data on the client side and create a secondary server - that can only be accessed on my app server - to store and retrieve the keys.

If anyone's thinking of working on a HIPAA project - you're welcome