HIPAA law applies to doctors’ offices, hospitals, health insurers, and other healthcare companies, including healthcare SaaS, as well as cloud service providers, that process protected health information (PHI) on their behalf. HIPAA violation can cost a health organization millions of dollars. To be compliant, healthcare businesses must keep PHI safe (billing statements, claims requests, health status, treatment, and prescription information, test and procedure results, and visit notes) while storing or manipulating it (transfer, receive, handle, or share). In this article we focus on the data-storing aspect, around considering HIPAA-compliant databases, specifically cloud ones.