A crowdsourced list of SaaS vendors that charge a premium for HIPAA compliance and Business Associate Agreements (BAAs).
Many SaaS vendors offer affordable "Pro" plans at $20–50/mo, but lock the Business Associate Agreement (BAA)—a legal requirement for handling patient data under HIPAA—behind "Enterprise" plans that cost $20k–50k/year.
This hidden cost hits healthtech founders when they least expect it.
Vendors that require an enterprise upgrade to sign a BAA:
- HubSpot
- Typeform
- Monday.com
- Notion
- Box
- Netlify
- Snowflake
Vendors that charge a published add-on fee for BAA access:
- Render
- Railway
- DigitalOcean
- Fly.io
- Vercel
- Intercom
- Supabase
We welcome contributions! If you know of a vendor that should be on this list or have updated pricing information:
- Fork this repository
- Edit
index.htmlwith your changes - Submit a pull request
Alternatively, reach out at hipaa@keygraph.io.
- Include a source link for all pricing information
- Update the "Updated" date when modifying existing entries
- Keep pricing information as accurate and current as possible
- Inspired by the original SSO Tax, which brought transparency to enterprise SSO pricing
- Building on the precedent set by BAA Tax, an earlier effort that never quite took off
- Sparked by a Bookface comment from a YC founder who got hit by the HIPAA BAA tax while building their healthtech startup
Apache 2.0
© 2025 Keygraph, Inc.
Check out Shannon, our open source AI pentester that scored 96.15% on the XBOW benchmark.