US medical/healthcare compliance standard governing the handling of patient data. In the talk's case study, the team inherited PII-laden data in a HIPAA-compliant healthcare project, learned they couldn't host on plain Amazon, had to use a restrictive compliant hosting provider (infrastructure managed only via email to tech support), and ultimately used data obfuscation to achieve practical compliance for staging, analytics and testing.