Hey all - I have a potential user that's really interested in a product I'm building. However, some of the use cases would involve medical records and the tools they already use advertise HIPPA (and SOC) compliance. I plan to focus on use cases that won't bring HIPPA into scope. But I'm curious to hear how others have approached this. When do you start getting audits and paying for compliance reports?