How to Stay HIPAA Compliant

If you’re a company that works with protected health information (PHI), you must ensure that you follow guidelines set by the Health Insurance Portability and Accountability Act (HIPAA). No matter if you provide treatment or handle payments in the healthcare industry, or you’re an associate or contractor who has access to patient information, operational information, or payment details, HIPAA compliance is serious business. Let’s dig in and learn how to stay compliant!

What is HIPAA?

The Health Insurance Portability and Accountability Act serves as the national standard for how companies must protect sensitive patient information. Regulated and enforced by government entities since 1996, HIPAA outlines how protected health information may be legally used and disclosed. Companies related to health care need to protect the privacy and security of protected health information in order to adhere to HIPAA.

What is Protected Health Information (PHI)?

PHI is any information that can be used to identity a person. This could be name, social security number, medical or financial records, or photos. The storage of PHI is also a factor in the standard. Electronic protected health information (ePHI) is regulated by HIPAA, and it covers how PHI transmitted, accessed, and stored electronically.

Who should be HIPAA compliant?

There are two types of organizations that need to be compliant. Covered entities collect, create, or transmit PHI electronically. This includes health care providers and  health insurance companies. Business associates have been contracted to perform some type of work on behalf of a covered entity and therefore encounter PHI through their contracted work tasks. These types of companies include consultants, IT providers, paper shredding companies, cloud storage providers, email hosting providers, accountants, and more.

What’s the penalty for a HIPAA violation?

HIPAA violations are costly! Fines range from $100-$50,000 per incident. So, let’s not mess around, okay?

Are there specific HIPAA rules for document destruction?

Yes, there are! We’re glad you asked. Document destruction is important for any industry that handles sensitive information but HIPAA is especially stringent. There are particular rules specific to HIPAA paper and document shredding, in fact. Any papers or records that contain PHI must be destroyed beyond recognition.


Don’t be scared by HIPAA rules! DataSafe has 35 years of experience and we know how to securely destroy your documents. No matter what privacy regulations you need to comply with, we have the knowledge to get the job done efficiently and securely. Contact us today at 503-620-3423 or Already know what you want? Use our online Shred Estimator! Receive a quote and schedule service – all from the comfort of your phone.


Get Your Quote

"*" indicates required fields

Document Shredding News & Tips