For full HIPPA compliance, a company like Layer would be a Business Associate and is subject to the 4 rules described here. These are the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Enforcement Rule, and the HIPAA Breach Notification Rule.
Of these 4 rules, the HIPAA Security Rule covers technical, physical and administrative safeguards for confidentiality, integrity, and security of protected health information (PHI). The other 3 rules refer to company processes and procedures.
At Layer, we have implemented privacy and security company policies that we believe match the requirements specified in the HIPAA rules. When used with end-to-end encryption, our technical capabilities match the requirements of the HIPAA Security rule. (Many of the requirements such as facility access controls are satisfied by running on Google Cloud Platform.)
However, we have taken the position that we will not claim to be HIPAA compliant until we have conducted a full HIPAA audit, and therefore do not claim to be HIPAA compliant at this stage.