Courier is now HIPAA compliant, handling protected health information (PHI) and personally identifiable information (PII), which is a sensitive type of data that requires special regulations like the Health Insurance Portability and Accountability Act (HIPAA). Becoming HIPAA compliant is necessary for SaaS companies to handle PHI, especially as healthcare tech grows and digitization expands. Courier's mission to make software-to-human communication delightful led to investing in HIPAA compliance to provide better notification infrastructure for healthcare providers and patients. To achieve compliance, Courier considered who would touch the data and how it would be presented in the product, implementing a Business Associate Agreement (BAA) with vendors like AWS and designing internal policies and security safeguards.