Horizontal SaaS platforms often back into HIPAA the moment a healthcare customer wants to put PHI in the product. We get you to a defensible HIPAA posture and a signable BAA.
More context on this sector on our SaaS industry page, and on the framework itself on our HIPAA hub.
Tailored to SaaS, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full HIPAA service page, or productized pricing for fixed-scope engagements.
When you store, process, or transmit PHI on behalf of a covered entity — typically once a healthcare customer puts patient data in your product. That makes you a business associate.
Only if your controls actually support the commitments in it. We build the safeguards first, then you can sign with confidence.
They overlap on access control, encryption, and logging. If you are doing SOC 2, most HIPAA technical safeguards come along with it.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.