I received an quote for hosting a backend which require to be HIPAA compliant. My reaction when I saw the price was just "lol". It was at least 10 times what I expected.
The provider in question is Heroku. Their services are really interesting, basically, you can just focus on your code, no server admin required. On AWS you already have a lot of things taken cared of for you, but you still need to setup the network, the load balancer... On Heroku you upload your code and it's just works.
Paying a bit more for less server admin is great. But you have to be careful, the cost can quickly get out of hands. I my case, with the HIPAA compliance requirement, the cost skyrocketed.
First your are limited on the type of server you can use, you have to take one that is 10 times bigger than the smallest one. For the database you can get the same capacity but it will cost 6 times as much. Then comes the biggest expanse, the private space. In order to be compliant with HIPAA, all your servers must be in a network isolated from other clients. You can't share servers. A simple private space on Heroku is $1 000 a month and for the extra security required by HIPAA, it's $3 000 a month. That cost alone was enough for use to go looking for another provider. The cost is fixed, so if you are running a lot of servers behind it's not that expensive.