We have a customer asking about Laserfiche and HIPAA compliance. My take on this is that it is a business process that must be certified as HIPAA compliant. Any software such as Laserfiche is not certified as being HIPAA Compliant. Laserfiche's security and audit trail capabiities in conjunction with other processes around network security and general business practices are what would allow the organiztion to be HIPAA compliant. Are my assumptions around Laserfiche and HIPAA compliance correct?
That's our take also, that compliance applies to processes and products can help with compliance. For HIPAA, you're probably going to be looking at access controls, auditing, and retention policies. The support site has a variety of documents that show how other organizations have approached the problem: https://support.laserfiche.com/search/SearchWF.aspx?q=hipaa