The following is a conversation with our consultant, Ben Beninati, from Compliancy Group. Compliancy Group (https://compliancy-group.com) specializes in assisting medical organizations meet HIPAA compliance requirements. As an IT service provider, we fall under the Business Associate category, which means that we also need to be HIPAA compliant.
As we go through Compliancy Group’s program, I’m noticing that their policies and procedures are intentionally vague to provide maximum cover from liability. This makes sense, since Compliancy Group’s job is to keep us out of legal trouble.
On the other hand, it’s our job to implement the technology to fulfill the requirements, and having an intentional vague document isn’t exactly helpful for our techs. So just how much detail should we include in the compliance documentation? Listen to the following conversation to find out!