From the team at TrueVault, a GitHub repo with a developer's guide to HIPAA compliance. Similar to Aptible, they pitch themselves within the guide but still a good resource:
The guide is pretty good and definitely helped me get up to speed with HIPAA. The product, not so much. They had 10 days of downtime around Thanksgiving. Not a happy holiday for my team.
Nice report, sounds like a nightmare scenario. You seem to take care to don't mention any names of the used technologies/vendors even though the report specifically says they have admitted to misleading you. Is this because you have reached some kind of settlement with them?