HIPAA requires that covered entities have written policies and procedures that address each aspect of the law. Some companies believe that a notice of privacy practices is sufficient to be compliant with this rule, but that is not true. The documents provided must be an accurate reflection of your privacy practices by giving the details of your day-to-day operations. As this is a legal document, this can be difficult for businesses that lack the in house legal expertise to prepare these documents. Since this is the first document most auditors will request when evaluating your compliance, you want to make sure it’s prepared properly.