We're building a healthcare platform and obviously need to be HIPAA compliant. I'm trying to budget for this but every dev company I talk to gives wildly different estimates for what the compliance piece adds. Some say it's just following best practices they already do so minimal extra cost, others are quoting like 30-40% more specifically for HIPAA requirements and security audits. For anyone who's built healthcare software, what's realistic here? is HIPAA compliance actually that expensive to implement or are some of these companies just using it as an excuse to inflate prices? We're dealing with PHI so I know we can't mess around, just trying to figure out what's actually necessary vs what's overkill.