kmeadows wrote: well they have there own IT dept i am just going to provide them the backbone.
kmeadows
That being the case, it sounds like their IT staff asked you if your service is HIPAA compliant and you're wondering how to respond?
I've responded to that question with a less "on my soap box" version of my above post:
"There is no certification process for HIPAA compliance, but the service we provide uses over the air encryption and (insert more security measure you use here) so the service we provide keeps with the spirit of the HIPA Act, and could be one portion of your compliance."