This has been an interesting day for me.
We have been dealing with a medical software vendor whose product is woefully under-documented. Now, I know that this is a common complaint. Which, paradoxically, is why it shouldn't be. Documentation is vital to understanding just exactly what is going on, and what has been done successfully in the past to deal with whatever problems you may encounter.
It is not enough to tell the end user that "Oh, yes, this is HIPAA compliant" without being able to explain what exactly makes it HIPAA compliant, or even a clear understanding of what HIPAA is. And as users, we should not allow vendors to brush us off in this fashion.
Remember, it is you who is ultimately responsible for compliance. Knowing what is going on with your software, or it at least being possible for your IT people or consultants to advise you based on software documentation rather than personal opinion is a very good idea.
Had a similar experience? Are you a vendor who can explain why your product lacks proper documentation, or wants to brag about how well your stuff is supported? Please let us know in the comments. I promise you will be treated..... gently.