Skip to main content
Get a Free Quote

HIPAA Notice

Effective Date: 04/03/2026

Safeport Medical Delivery (“Safeport,” ”we,” ”us,” or ”our”) is committed to protecting the privacy and security of protected health information (PHI) as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent amendments, including the HITECH Act. This HIPAA Policy outlines our obligations as a Business Associate and our commitment to safeguarding the PHI entrusted to us by our Covered Entity clients.

Our Role as a Business Associate

Under HIPAA, healthcare providers, health plans, and healthcare clearinghouses are Covered Entities. When a Covered Entity hires Safeport to transport lab specimens, medical equipment, prescriptions, or other items that bear PHI (such as patient names, addresses, medical record numbers, or treatment information), Safeport becomes a Business Associate [1].

As a Business Associate, we are legally required to enter into a Business Associate Agreement (BAA) with every Covered Entity client. The BAA defines our responsibilities and makes us directly liable for HIPAA violations that occur on our watch [2].

Permitted Uses and Disclosures of PHI

Safeport may use or disclose PHI only as permitted by our BAA and by HIPAA regulations. Specifically, we may:

  • Use PHI to perform courier services, including pickup, transport, and delivery of shipments bearing PHI

  • Disclose PHI to the intended recipient (lab, pharmacy, hospital, clinic, or patient location) as directed by the Covered Entity

  • Use PHI for internal quality improvement activities, provided no unnecessary disclosure occurs

  • Disclose PHI to government authorities if required by law (for example, in response to a subpoena or health oversight agency investigation)

We may not use or disclose PHI for any other purpose. This means we cannot:

  • Use PHI for marketing purposes

  • Sell PHI to any third party

  • Use PHI to contact patients directly (except as instructed by the Covered Entity)

  • Disclose PHI to any unauthorized person, including family members or other healthcare providers

Safeguards We Implement

To protect PHI during transport and handling, Safeport maintains the following safeguards:

Physical Safeguards

  • All vehicles used for medical deliveries are locked when unattended

  • PHI is never left in a vehicle overnight

  • Shipments are sealed in opaque, tamper-evident packaging

  • Drivers carry spill kits and biohazard cleanup supplies

  • Paper documents containing PHI are stored in locked containers

Technical Safeguards

  • Our dispatch and tracking systems use encrypted connections

  • Mobile devices used by drivers are password-protected and can be remotely wiped if lost or stolen

  • Access to electronic PHI is limited to employees who need it for their job duties

Administrative Safeguards

  • Every driver and employee completes annual HIPAA training

  • Employees sign confidentiality agreements

  • Background checks are conducted before hiring

  • We maintain a written incident response plan

Workforce Training and Accountability

All Safeport employees who may come into contact with PHI receive HIPAA training upon hire and annually thereafter. Training covers:

  • What constitutes PHI and how to identify it

  • Permitted uses and disclosures

  • Safeguard requirements

  • Breach notification procedures

  • Consequences of non-compliance

Employees who violate this HIPAA Policy are subject to disciplinary action, up to and including termination and referral for criminal prosecution if warranted.

Breach Notification

If Safeport discovers a breach of unsecured PHI (including lost, stolen, or improperly accessed information), we will:

  1. Contain the breach immediately to prevent further unauthorized access

  2. Investigate the scope and cause of the breach

  3. Notify the affected Covered Entity without unreasonable delay, and in no case later than 60 days after discovery of the breach

  4. Provide the Covered Entity with the information they need to notify affected individuals and the U.S. Department of Health and Human Services (HHS)

  5. Mitigate any harmful effects of the breach to the extent possible

We will never attempt to conceal a breach or delay notification. Transparency is non-negotiable.

Retention and Destruction of PHI

Safeport retains PHI only as long as necessary to complete the requested delivery and fulfill our recordkeeping obligations under our BAA. Once retention periods expire, we destroy PHI using secure methods (shredding for paper records, secure deletion for electronic files).

Complaints

If you believe your PHI has been mishandled by Safeport, you may file a complaint:

  • With Safeport: Contact our Privacy Officer at hipaa@safeportmedicaldelivery.com or call [Insert Phone Number]

  • With HHS: File a complaint with the Office for Civil Rights at https://www.hhs.gov/ocr/complaints/index.html

We prohibit retaliation against any individual who files a good-faith complaint.

Changes to This HIPAA Policy

We may update this HIPAA Policy as regulations change or our operations evolve. Material changes will be communicated to our Covered Entity clients and posted on our website.

Contact Our Privacy Officer

Safeport Medical Delivery – Privacy Officer
Columbus, Ohio
Email: hipaa@safeportmedicaldelivery.com
Phone: +1(614) 622-4045