Question:
I am relocating my office to a new building. Is there any protocol I need to follow regarding HIPAA regulations?
Answer:
Relocating your healthcare practice is exciting—but it also introduces risks to protected health information (PHI). Whether you’re moving across the street or across town, here are the top HIPAA compliance considerations to keep in mind:
7 HIPAA Compliance Tips for Office Moves
-
Secure PHI During Transport
Lock up paper files and encrypt digital devices. Only authorized personnel should handle sensitive records. -
Update Your HIPAA Documentation
Update your Notice of Privacy Practices (NPP), security policies, and facility access controls to reflect the new location. -
Protect ePHI Systems
Back up data, verify encrypted connections, and re-establish secure networks, firewalls, and passwords in your new office. -
Handle Paper Records Carefully
Use locked cabinets and HIPAA-compliant movers. Consider digitizing and securely shredding outdated files. -
Notify Patients (Securely)
Let patients know about the move without disclosing PHI—update your website, voicemail, and online profiles. -
Review Business Associate Agreements
If vendors change during the move (IT, shredding, cloud storage), update your BAAs accordingly. -
Conduct a Post-Move HIPAA Check
Reassess risks, train staff on any changes, and confirm safeguards are working at the new location.
If you would like more information, please refer to this guide.
____
The Real Talk article series includes real customer questions and our answers. Since these are questions directly from actual clinics, practices, hospitals, and businesses, we thought you might have these questions too. We hope that you find this format helpful. Stay tuned for more Real Talk - your question might even be featured!