Hi, I'm wondering if the team has put together resources (blog post or case study) about potential issues companies have had with HIPAA or State/FedRAMP compliance? I work for a healthcare tech company and just want to make sure we have our bases covered if we decide to use Metaflow

Hi! Many healthcare companies and govt's/militaries around the world use Metaflow. Happy to chat about how they have deployed. Given Metaflow is OSS, there is no legal entity to sign a BAA against. Outerbounds in contrast has a bring-your-own-cloud architecture with a stateless control plane that makes it out-of-scope for HIPAA - no data is ever stored by Outerbounds (and we are happy to sign BAAs too).

Okay, I figured that it is more of a decision on our end (as should be expected) to make sure things are compliant so I appreciate the quick response