Wednesday, August 10, 2016
"It's amazing how many times clients will say 'this IT vendor or that consultant has been in business for a decade. They must comply with HIPAA.'
Don't rely on experience or a statement on a website saying they are HIPAA compliant. Covered entities need written assurances from business associates, and resources permitting, you may want to request a copy of their HIPAA policy. You can get a flavor for how seriously the vendor takes privacy by looking at a subset of their policies."
— William Roberts, with Shipman & Goodwin in Hartford, Conn., told a recent webinar sponsored by the Health Care Compliance Association.