To add to what Andrew has posted: Shopify can be made a part of a HIPAA-compliant solution.
We’ve done it successfully for pharmaceutical companies, lab testing companies and general site that sell medical products that have a prescription component. (e.g. eyeglasses).
Happy to discuss with anyone reading this thread on how we can help.