Our software meets industry standards for online security, but is not compliant with the HIPAA standards for privacy. If you are a health care professional using this application, it is not recommended that you enter in "individually identifiable health information - or access credentials to systems that are storing such information". This is similar to Quickbooks and other SaaS platforms (https://community.intuit.com/articles/1145503-is-quickbooks-online-hipaa-compliant).
We will not sign a Business Associate Agreement (BAA). We do hear from a lot of our customers that say they are able to use us and keep the healthcare related data separate, we can not speak to this beyond that.
Officially - We don't have any further information on this subject, and we're not equipped to advise you. For more information on the subject, as well as to seek legal advisement regarding this issue, go to: http://www.hhs.gov/ocr/hipaa/.
We pride ourselves in maintaining a very high level of security and our team is constantly keeping up with all web application best practices (http://www.repairshopr.com/security-and-reliability). Our managed hosting provider is one of the largest in the world and they do a great job of keeping the platform and servers secured.
We do not have other industry specific security certifications for our software, but our managed hosting company does - read more about it here: https://www.heroku.com/policy/security