GoSpeedRacer
Registered
Greetings,
We are a contract manufacturer of medical devices and I am revising our QMS for 13485:2016. Section 4.2.5 Control of Records (3rd sentence) "The organization shall define and implement methods for protecting confidential health information contained in records in accordance with applicable regulatory requirements" My question is, Do we need to show compliance with HIPAA even though we are not a covered entity or even a Business Associate.
We have zero contact with any Personnel Health Information.
Can we claim an exemption from this section?
Perhaps a statement in our Control of Records section of our Quality Manual stating we will not receive any such information from our clients?
We are a contract manufacturer of medical devices and I am revising our QMS for 13485:2016. Section 4.2.5 Control of Records (3rd sentence) "The organization shall define and implement methods for protecting confidential health information contained in records in accordance with applicable regulatory requirements" My question is, Do we need to show compliance with HIPAA even though we are not a covered entity or even a Business Associate.
We have zero contact with any Personnel Health Information.
Can we claim an exemption from this section?
Perhaps a statement in our Control of Records section of our Quality Manual stating we will not receive any such information from our clients?