Basecamp’s flat-fee, opinionated design is genuinely appealing to small teams, and the per-company pricing model looks a lot like what PHIGuard does. The difference is the compliance layer. Basecamp does not sign Business Associate Agreements, has no HIPAA audit trail, and has no PHI-aware fields. For a clinic, that is a dealbreaker no matter how much you like the interface.
The BAA Problem
37signals (Basecamp’s maker) has stated publicly that Basecamp is not HIPAA-compliant and will not sign a BAA. There is no premium tier that changes this. Any PHI on Basecamp is operating outside HIPAA entirely.
What Changes With PHIGuard
PHIGuard keeps the flat per-clinic pricing model you like about Basecamp, and adds the compliance layer Basecamp refuses to offer. Every tier — starting at $99/month per clinic — includes:
- Signed BAA at account creation
- Immutable audit trail satisfying HIPAA §164.312(b)
- PHI-aware fields that keep patient data out of notifications and logs
- Compliance templates for annual training, risk analysis, incident response, and policy review
Pricing Comparison
| Basecamp | PHIGuard | |
|---|---|---|
| BAA available | No | Yes, every tier |
| Pricing model | Flat (per company) | Flat (per clinic) |
| HIPAA audit trail | No | Yes, built-in |
| Compliance templates | No | Yes |
| Starting price | $15/user or $299 flat | $99/clinic/mo |
Who Should Use PHIGuard Instead of Basecamp
Clinics that like the Basecamp philosophy — one flat price, no per-seat games — but need an actual BAA and audit trail will find PHIGuard closer to the spirit of Basecamp than any enterprise plan from a competitor.