I could build the greatest healthcare tool in the world, but if it's not HIPAA compliant then it's worthless in the United States. More than that, if I built it without HIPAA compliance in mind as a first principle, what other mistakes did I make on the way?

I'm not trying to gatekeep and say that only domain experts should be allowed to build software, but part of being an engineer is doing due diligence to understand the domain well enough to build the product. If OP failed to recognize that any forensic accountant that gets caught uploading privileged documents into a random AI tool would be both breaking the chain of possession of that document AND client privilege, what other mistakes did they make along the way?

I went through the entire website and couldn't find a single mention about privacy. I'm not a domain expert, but I would expect the product site for any legal tool to at least have a disclaimer.