It would be a mistake to assume a SaaS that stores healthcare PII for coordinating healthcare is not covered under HIPAA. An exception should be filed at the very least.
Edit: If no healthcare provider has access then maybe it could skate by. I interpreted "any user making notes to your account" to mean healthcare providers would have access. Even if not, they should still seek legal counsel. And this app is literally promising safety and security of healthcare information.
It would be a mistake to assume a SaaS that stores healthcare PII for coordinating healthcare is not covered under HIPAA. An exception should be filed at the very least.
Edit: If no healthcare provider has access then maybe it could skate by. I interpreted "any user making notes to your account" to mean healthcare providers would have access. Even if not, they should still seek legal counsel. And this app is literally promising safety and security of healthcare information.