Scrypt, Inc. has released a guide called ‘Five gray areas of HIPAA you can’t ignore.’ With the phase 2 HIPAA audits looming, I know a lot of organizations that need to step up their HIPAA game. Unfortunately many organizations are practicing the “ignorance is bliss” approach to HIPAA compliance. Ask someone who’s been through a HIPAA audit how well ignorance worked for them as a defense. Short answer: It doesn’t.
Here’s a little graphic from Scrypt that highlights briefly the 5 “grey” areas that are covered in their guide: