It’s common to believe that HIPAA compliance standards are really only applicable to doctors and medical staff. If you work a 9 to 5 during the business week and sit behind a desk at a corporation; why would laws about healthcare or health insurance apply to your day-to-day? Let’s take a look.


What is HIPAA?

The Health Insurance Portability & Accountability Act (HIPAA) was put into law in order to ensure that all medical information is kept confidential and used only for its intended, legitimate purpose.

Under HIPAA, this medical information is called PHI, or Protected Health Information. PHI includes patient medical conditions, procedures, payment and insurance details, or anything that can be used personally identify the individual. Basically, it is anything that is related to a person’s health or healthcare history. It can even include things as simple as a voicemail appointment reminder.

As a rule of thumb, if the disclosure or use of PHI is not directly related to treatment, payment, or healthcare operations, the patient must give their written consent to the party wishing to access the information. This is true no matter where or how it is stored.

To learn more details about HIPAA and PHI, click here.


How does HIPAA apply to me at my job?

It is clear that hospitals and doctors collect patient information, but many outside that realm don’t realize that they also access PHI. Lawyers, accountants, managers, licensors, IT specialists, secretaries, data processors, storage facilitators, and many others have the possibility of being exposed to confidential medical details. These are called “business associates,” and includes anyone who has access to unencrypted health data.

Knowing what HIPAA does and does not require can be confusing, but the key principles are simple. No matter where you work, the most important things to know are how to store, transmit, and dispose of PHI. There are specific requirements for these within HIPAA. If you don’t know, ask!


HIPAA is definitely not just for doctors and other medical staff; it was created to protect PHI for everyone. Anyone who has access to this kind of data must do all they can to keep that information appropriately confidential. From entry-level assistants to team leaders, if you ever handle confidential medical information in any capacity, you must pay attention to compliance standards.

Kayley Melton

Director of Digital Strategy at SAC
Kayley manages our growing footprint on the web and develops marketing strategies to both keep us current & help us reach more people who might benefit from our message. A professionally trained artist and verifiable “weird girl,” she has 5 pet-children, cooks unbelievably good food, and can out-lift you at the gym.