Question: For documentation regarding a breach, do we need to have hard copies (paper) or can all of our documentation be in electronic files?
Answer: Although the HIPAA requirements call for incidents to be properly documented, there is no requirement that the documentation be on paper, according to Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT. “Electronic documentation is just fine.”
In fact, electronic documentation “is preferable because it’s easier for a lot of people to read when it comes to being able to understand what you’ve done for compliance and what various things are going on,” Sheldon-Dean explains. Having your breach documentation in an electronic format is actually handy, so it’s not a problem at all.