This session explores how a serverless approach simplifies the effort to meet compliance needs. After an introduction to the PCI standard, we look at how to build an e-commerce solution using Amazon API Gateway and AWS Lambda. Then, we explore how we can expand that system to include the handling of Protected Health Information (PHI) to achieve HIPAA compliance.