Many tech companies perform a SOC 2 audit (which covers general security) and ask their auditors to include a HIPAA Mapping section. This allows one report to prove both general platform security and specific healthcare regulatory compliance.