What are saas costs?

What “SaaS costs” actually means

SaaS costs are the recurring (and some one-time) expenses required to build, operate, secure, sell, and support a subscription software product. In a medtech context—digital health apps, clinician workflow tools, remote monitoring dashboards—SaaS costs include standard software expenses plus healthcare-specific items like security controls, audits, and integrations with EHRs.

A useful way to think about SaaS costs is by timeline:

• Build costs (initial): product development, architecture, initial compliance setup.
• Run costs (ongoing): cloud hosting, monitoring, incident response, customer support.
• Go-to-market costs (ongoing): sales, marketing, procurement cycles, contracting.
• Risk & compliance costs (ongoing): HIPAA program, SOC 2, vendor security reviews, IRB support if research is involved.

Founders often underestimate SaaS costs because they only count cloud hosting. In medtech, hosting can be a minority compared to compliance, integrations, and enterprise sales overhead.

The main categories of SaaS costs (with medtech examples)

1) Product & engineering

This is the cost to create and continuously improve the software: engineers, QA, product management, design, and the tooling they use (issue trackers, CI/CD, code scanning). In regulated or safety-adjacent products, you may also need additional documentation and testing rigor.

If your software could be considered Software as a Medical Device (SaMD), your engineering work may expand to include design controls, traceability, and verification/validation activities. Whether you need FDA clearance (e.g., 510(k), De Novo, or PMA) depends on intended use and risk; the cost impact can be substantial, but it varies widely by product and pathway.

2) Cloud infrastructure (hosting) & reliability

These are the “keep it running” costs: compute, storage, databases, backups, logging, monitoring, content delivery, and uptime engineering. In healthcare, you’ll often add:

• Encryption at rest and in transit, plus key management.
• Audit logs retained for longer periods (retention needs vary by customer and policy).
• High availability and disaster recovery planning if clinicians depend on it in real time.

Cloud costs scale with usage (patients, clinicians, data volume, AI inference). A common mistake is not modeling “unit economics” early—e.g., cost per active patient per month—so you can price confidently.

3) Security, privacy, and compliance

For medtech SaaS, this category is often the surprise line item. It includes:

• HIPAA program: policies, training, access controls, breach response plan, and a BAA (Business Associate Agreement) if you handle protected health information (PHI).
• SOC 2 (or similar) readiness and audits: many hospitals and enterprise buyers expect it.
• Penetration tests and vulnerability management.
• Vendor security reviews: time spent answering hospital questionnaires and providing evidence.

Even if you’re not “regulated by FDA,” buyers may still require strong security posture. Plan for ongoing work, not a one-time checkbox.

4) Data, integrations, and interoperability

In medtech, integrations can dominate both cost and timeline. Examples:

• EHR integration (often via HL7 v2, FHIR, or vendor-specific interfaces).
• Identity and access (SSO, SAML/OIDC) for hospital IT.
• Device data ingestion from wearables, bedside monitors, or proprietary device APIs.

Integration costs include engineering time, interface engines/middleware, testing in customer environments, and ongoing maintenance when upstream systems change. If your product depends on hospital data access, your sales cycle and delivery costs are tightly coupled to integration complexity.

5) Customer support, clinical operations, and implementation

SaaS isn’t “ship and forget.” You’ll pay for:

• Implementation: onboarding, configuration, training, workflow mapping.
• Support: tickets, SLAs, incident response, after-hours coverage (varies by customer).
• Clinical content or review: if you provide decision support, protocols, or patient-facing education, you may need clinical oversight.

In enterprise healthcare, implementation can be a major cost center. If you’re selling to hospitals, assume procurement and rollout will require more human time than a typical B2C app.

6) Sales, marketing, and “enterprise friction”

Go-to-market costs are part of SaaS costs because they recur every month. In medtech, they often include:

• Sales team (or founder time) plus CRM tools.
• Long procurement cycles: security review, legal negotiation, BAAs, and vendor onboarding.
• Contracting: MSAs, DPAs, and sometimes clinical evaluation agreements.

If reimbursement is part of your model, add the work to secure CPT codes (if applicable), prove coverage, and support billing workflows. Reimbursement strategy can reduce customer resistance, but it can also add complexity and time.

How to estimate SaaS costs: a simple founder model

You don’t need an MBA—just a basic cost model tied to how your product scales. Start with two buckets:

1. Fixed monthly costs: salaries/contractors, baseline cloud, security tooling, compliance retainers, core software subscriptions.
2. Variable costs: costs that grow with usage—data storage, messages, AI inference, support load, third-party API fees.

Then calculate two key SaaS metrics (jargon explained):

• Gross margin = (Revenue − Cost of Service) / Revenue. “Cost of Service” is what it costs to deliver the product (hosting, support, third-party usage fees). Higher is better because it funds growth.
• Customer Acquisition Cost (CAC) = sales + marketing spend to win a customer. In hospital sales, CAC can be high because cycles are long and involve multiple stakeholders.

For medtech SaaS, also track implementation cost per customer (time and tooling to onboard) and integration cost per customer (EHR/device connectivity). These can quietly destroy margins if you price like a generic SaaS tool.

Medtech-specific cost drivers founders often miss

• Regulatory pathway work: If your claims push you into SaMD, costs expand to quality systems, documentation, and potentially FDA submissions (510(k), De Novo, or PMA depending on risk and predicate availability). The right approach is to align intended use and claims with your business model early.
• IRB and clinical evaluation: If you need clinical evidence or are running studies, you may incur IRB fees, study coordination, and data management. Even “just a pilot” can require real operational work.
• Hospital procurement overhead: Vendor onboarding, security attestations, insurance requirements, and contract redlines consume founder and legal time.
• Data governance: De-identification, consent, retention, and patient rights workflows can require both legal input and engineering effort.

The practical takeaway: in medtech, your “SaaS costs” are as much about trust and adoption as they are about servers.

What to do next

1. Build a one-page cost model with fixed vs variable costs, then estimate cost per patient/clinician/site per month.
2. Decide your compliance target (HIPAA program, SOC 2 timeline) based on your buyer (clinic vs hospital vs payer) and document what evidence you’ll need.
3. Map integrations early: list required systems (EHR, SSO, devices), protocols (FHIR/HL7), and who owns each interface at the customer.
4. Price for implementation: include onboarding/integration fees or tiered pricing so enterprise friction doesn’t crush your margins.
5. Sanity-check your plan using StartupLaby tools for positioning, competitors, and financials.