Reply to Message
This is actually one of the focus points of my consulting business, computer security and HIPAA compliance for the small medical practice. I am very careful to make sure that they know I will not take them to compliance, nor are there any guarantees on my recommendations. What I do on the HIPAA side is to do an audit, prepare a Report of Findings, and provide recommendations on how to take care of the areas where there are issues. If they want _me_ to provide them with proper documents and procedures it is a _lot_ more money, and still no guarantee, because ultimately it is their responsibility to comply.