Healthcare organizations and their business associates are entrusted with sensitive information; as such, they have a duty to ensure that all patient records are safe from unauthorized access. In compliance with the Health Insurance Portability and Accountability Act (HIPAA), hospitals, clinics, and their affiliates or vendors need to implement secure document storage methods such as restricting access to documents on a need-to-know basis as well as creating and securing backup copies of electronic and physical records.

With the passing of the HIPAA Omnibus Rule in March 2013 and its subsequent enforcement in September 2013, greater accountability is expected of healthcare organizations and their business associates.