We’re not HIPAA experts, but if you need someone to conduct a formal code audit, then the open-source App Server is a great fit!
However, if you’re using the App Server or Anvil Enterprise on your own server, then from a regulatory point of view it’s just like using any other software – you don’t need to sign any agreements with us 
(edit, 7 months later: locking this thread as the term “HIPAA” is a spam magnet!)