Occasionally, medical and other sensitive records must be transported from one location to another, such as when moving to a new office, closing a location, etc.  Appropriate steps must be taken to safeguard these records whether electronic or paper.  Learn more about what you and your company should  be doing…


HIPAA Security Reminder - Transporting Medical Records

  1. Any electronic media containing Protected Health Information (PHI) must be backed up before it is moved.
  2. Medical records should not be left in an unlocked room or insecure area. Only authorized personnel should have access.
  3. All boxes containing medical records should be numbered and appropriately labeled so as not to misplace them.
  4. Records should never be left unattended, even temporarily, including on pavements or in front of buildings.
  5. An administrator should supervise all aspects of the move to ensure that the movers are aware of exactly what needs to be transported and proper, secure handling of sensitive records at all times during transit.
  6. Once you reach your destination, immediately make sure all items are accounted for, and again, store medical records securely.


Medical records should never be taken from secure medical records areas without proper authorization!

Records moving between facilities must be properly secured and never left alone in vehicles! To ensure adequate security and to protect records against weather, light, pollution and other dangers, vehicles must be:

  • covered
  • locked
  • attended at all times; and,
  • not used for transporting other materials, such as chemicals, that may cause risks to records.

Your company’s and your patients’ PHI must be protected!  Should you ever experience a loss of medical records or other sensitive documents, immediately report it to your supervisor.

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on HIPAA Security and Privacy reminders or HIPAA-HITECH in general, please also consider (all optional!):

Series Navigation<< HIPAA Privacy and Security Reminders – The Perils of P2P File SharingHIPAA Privacy and Security Reminders – Knowing Identity Theft >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.