TL;DR: Many SaaS vendors offer affordable "Pro" plans at $20–50/mo, but lock the Business Associate Agreement (BAA), a legal requirement for handling patient data under HIPAA, behind "Enterprise" plans that cost $20k–50k/year. This is the HIPAA Tax.
Enterprise Barrier
Vendors that require an enterprise upgrade to sign a BAA.
| Vendor | Base Price | BAA Requirement | Source | Updated |
|---|---|---|---|---|
| HubSpot | Pro: $800/mo | Enterprise: $3,600/mo + $3k–7k onboarding | hubspot.com | 2025-12-02 |
| Typeform | Plus: $50/mo | Enterprise Plan (Contact Sales) | typeform.com | 2025-12-02 |
| Monday.com | Pro: $16/seat/mo | Enterprise Plan (Contact Sales) | monday.com | 2025-12-02 |
| Notion | Plus: $10/user/mo | Enterprise Plan (Contact Sales) | notion.com | 2025-12-02 |
| Box | Business: $15/user/mo | Enterprise, Enterprise Plus, or Enterprise Advanced | box.com | 2025-12-02 |
| Netlify | Pro: $20/user/mo | Enterprise (Contact Sales) | netlify.com | 2025-12-02 |
| Snowflake | Standard: $2/credit | Business Critical: starts at $10,000 | snowflake.com | 2025-12-02 |
Compliance Premium
Vendors that charge a published add-on fee for BAA access.
| Vendor | Base Price | BAA Requirement | Source | Updated |
|---|---|---|---|---|
| Render | Professional: $19/user/mo | Organization: $29/user/mo + 20% usage fee + $250/mo minimum | render.com | 2025-12-02 |
| Railway | $5/mo minimum | $1,000/mo spend threshold | railway.com | 2025-12-02 |
| DigitalOcean | Droplets: $4/mo | Standard Support Plan: $99/mo | digitalocean.com | 2025-12-02 |
| Fly.io | Pay-as-you-go | Compliance Support: $99/mo | fly.io | 2025-12-02 |
| Vercel | Pro: $20/mo | Pro Add-on: $350/mo | vercel.com | 2025-12-02 |
| Intercom | Essential: $29/seat/mo | Expert: $132/seat/mo | intercom.com | 2025-12-02 |
| Supabase | Pro: $25/mo | Team: $599/mo + HIPAA Add-On (Contact Sales) | supabase.com | 2025-12-02 |
FAQ
What is the HIPAA (BAA) Tax?
The HIPAA (BAA) Tax is a hidden cost that hits healthtech founders when SaaS vendors lock Business Associate Agreements (BAAs), a legal requirement for handling patient data under HIPAA, behind enterprise plans that cost $20k-50k/year while base plans are only $20-50/month.
What is a Business Associate Agreement (BAA)?
A BAA is a legal contract required under HIPAA between a healthcare provider (covered entity) and a vendor (business associate) that handles Protected Health Information (PHI). Without a signed BAA, healthcare companies cannot legally use a SaaS product to process patient data.
I'm a vendor and I'd like to update this information.
Please feel free to submit a PR to this page, or reach out at hipaa@keygraph.io.
Acknowledgments
Inspired by the original SSO Tax, which brought transparency to enterprise SSO pricing. Building on the precedent set by BAA Tax, an earlier effort that never quite took off. And finally, sparked by a Bookface comment from a YC founder who got hit by the HIPAA BAA tax while building their healthtech startup.