The Health Insurance Portability and Accountability Act (HIPAA) of 1996 ensures healthcare organizations in the United States will be responsible for the secure handling and storage of “protected health information”.

The HIPAA legislation has three objectives:

1.Reduce healthcare fraud and abuse

2. Guarantee security and privacy of health information

3. Enforce standards for health information

HIPAA Penalties

HIPAA Non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to anyone violating the law – not just the company. Employees, business associates, and others who handle “protected health information” are all potentially liable for mishandling confidential information. A non-conforming organization, or individual, can be subject to severe fines and penalties, litigation and negative publicity. Non-compliance can result in the following penalties:

  • Civil fines up to $25,000 / year
  • Criminal penalties up to $250,000 as well as, up to 10 years in prison (Information Management Journal 2003)

Examples of Items to Shred due to HIPAA:

  • Patient Medical Records
  • Billing Records
  • Insurance Records
  • X-Rays
  • Prescriptions
  • Personal Health Information
  • Computer Disks and Hard Drives

Further information can be found at


This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.