The Health Insurance Portability and Accountability Act

Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) permanently transformed the way patients’ medical and personal data is handled in an enormous range of different contexts. The purpose of this sweeping law was to ensure that no matter how patient data is used by organizations and individuals, those users must protect it from being exposed to the public, potentially malicious agents, or in fact anyone not authorized to view it.

Since its passing, HIPAA has been the predominant governing influence over the ways that hospitals, clinical trial recruiters, billing departments, private medical practices, marketers, and other organizations use the data related to their patients and customers.

HIPAA Basics

While HIPAA as a whole encompasses a huge variety of activities and regulations, the purpose of HIPAA is simple: to keep patient data private while it is being used in communications between patients and healthcare providers, billing agencies, and other authorized users. This privacy necessitates strict protocols on the storage, use, and disposal of that data.

Spectra and HIPAA Compliance

As a third party provider of printing, mailing, and fulfillment services, Spectra has powerful data security measures in place on every client project. However, when working with healthcare organizations and other clients that are governed by HIPAA security rules, there are even more precautions that our teams must take. In our decades of experience working with clinical trial recruitment, hospital billing, and other healthcare related activities, we have maintained compliance with HIPAA privacy regulations and earned a reputation for reliability in this area.

Some of the most important components of our HIPAA compliance measures involve the storage of patient data while it is in our possession. In order to prevent physical documents containing HIPAA protected information from falling into the wrong hands, only certain Spectra employees have access to them and they are destroyed at the conclusion of the project. For digital databases and mailing lists, storage on non-networked computers ensures that the information does not make its way onto the internet, either by deliberate hacking or by accidental exposure.

Spectra’s representatives are more than happy to explain more about our robust data security measures to potential clients in the healthcare field.

Mailing in Compliance With HIPAA

There are many challenges involved in mailing documents containing data that is protected under HIPAA. Data security protocols help keep data private while it is on site at Spectra, but once a document is mailed, the information inside should not be revealed until the piece of mail reaches its intended recipient. Pressure seal mailing is one example of a technique that is affordable for the client, yet very effective at keeping information out of sight until the document is opened by the authorized recipient. The Spectra team assesses each mail campaign for HIPAA compliance and recommends the best practices for each client.

Accuracy Matters

A breach of HIPAA requirements is not only the result of a malicious action, such as hacking or identity theft. HIPAA data security requirements also prohibit the accidental exposure of protected patient information to unauthorized individuals–even if those individuals never access or use the information in an improper way. One common example of this is a piece of mail containing patient information arriving at the wrong address. Accuracy in mailing lists and address labeling is critical, and at Spectra we conduct numerous quality checks on each campaign to make sure that each piece is destined for the correct address.

End to End HIPAA Adherence

Longtime clients of Spectra know that they can trust our organization with their patients’ data. In project after project we have demonstrated our deep knowledge of HIPAA data security protocol, the technical ability to receive, store, and dispose of patient information securely, and a commitment to quality and accuracy when processing even the largest direct mail campaigns.

With SOC 2 type II certification and a long history of maintaining a very high level of data security across all different types of client projects, the Spectra team has set itself apart as an ideal partner for organizations that need to reach individuals with billing, insurance updates, health related messages, and other correspondence that should not be visible to the general public.


How do I know whether my data is covered under HIPAA?
HIPAA regulates many different types of data, referred to as Protected Health Information (PHI). While it is often clear that a piece of data is PHI and should be treated under HIPAA rules, sometimes it is unclear whether an organization is responsible to treat certain information under HIPAA or not. Your Spectra representative will help you determine what regulations are applicable while handling the data for your specific project.
What’s the difference between PHI and PII?
HIPAA is full of acronyms, and PHI and PII are perhaps the most common ones to be found. Unfortunately, it is easy to get confused between the two, mainly because the same piece of information can sometimes be considered either PHI (which is governed by HIPAA) or PII (which is generally not) in different contexts. If you are not sure whether you need to comply with HIPAA rules, it is best to work with a third party provider like Spectra that has experience and expertise in data security in a wide variety of contexts.
How can digital data be reliably protected while stored on computers?
While we are accustomed to our personal computers being constantly connected to the internet through wireless connections, cloud data storage, and other technologies, sometimes it is necessary to use dedicated servers and/or computers that are independent and not connected to an outside network. When a project calls for data security at this level, Spectra stores client data on a server or computer disconnected from outside networks and closely controls employee access to the equipment for the duration of the project.
What is a common mistake regarding HIPAA?
While the focus is often on cyber crime, hacking, and digital breaches, sometimes the simplest mistakes are the most dangerous. A failure as simple as using an envelope that is thin, translucent, and exposes the HIPAA protected information contained inside it is a serious violation of HIPAA protocols. An experienced HIPAA compliant fulfillment partner can ensure that these simple yet catastrophic mistakes are guarded against.
What if my organization suffers a HIPAA security breach?
Informing patients about accidental exposure of their HIPAA protected data is an unfortunate but critical activity. With awareness of the problem, individuals can take steps to mitigate possible damage and monitor the use of their information to spot irregularities. Spectra can help with the printing and mailing of these types of notifications.