Bills, Statements and the Security of Your Customer/Patient Information

In today’s data driven environment, companies and their vendors are handling sensitive files that include personally identifiable information (PII).   What are printing and mailing companies doing to protect your information and mitigate your risks?

First and foremost, you want to partner with a vendor that recognizes and embraces the need to protect your data.  They must be committed to formal information security audits and certifications.  This helps companies demonstrate their commitment to improving and maintain strict guidelines and procedures to protect your valuable information.

The following are two of the most important audits your vendor partner should participate in to demonstrate their compliance:


What is HIPAA?   HIPAA is the acronym used for the Health Insurance Portability and Accountability Act instituted in 1996. The act requires organizations that work with sensitive health-related information to adhere to national standards for code sets, unique identifiers, and data security. This act is in place to protect sensitive information (as related to health and identity) belonging to individuals.

How can your provider be HIPAA compliant?

Third party companies assess current data security and help make corrections to make the organization HIPAA compliant. It is a great way for non-medical industry organizations to show that they understand HIPAA regulations.

  1. Employee Training.

For handling documents with sensitive medical information, employee education is essential. HIPAA training and testing guarantee that staff know and understand the correct ways to handle sensitive information.

  1. Secure Facilities.

The facility must also be secure for printing, assembly, and the mailing of sensitive medical information. The facility must also put an emphasis on keeping passwords, network access, and electronic files safe and secure.


HITRUST CSF (Certification)

HITRUST CSF certification is a security and privacy framework.  It is a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

Achieving this certification demonstrates a high level of due diligence and shows that you are doing everything you can do protect the data for which you are responsible. If you’re managing sensitive data, it’s critical to protect yourself from risk in order to maintain a strong relationship with your clients who are also trying to mitigate their risks. The HITRUST CSF is certifiable and attractive to covered entities because they know it’s a great way to measure, mitigate, and control risks.

Because the HITRUST CSF incorporates elements of other frameworks, it aligns itself nicely with the frameworks that different companies need.  HITRUST CSF was built on the primary principles of ISO 2700/27002 and has evolved to align with a growing number of standards, regulations and business requirements including HIPAA, COBIT, NIST, PCI, ISO, and more.

Unlike a SOC report, a HITRUST report comes with a certification. HITRUST is a much more detailed report with about five times the number of controls, incorporating requirements from the variety of standards (mentioned above) included within the HITRUST CSF framework.


We printed and mailed over 50 million documents with PII in the past year.  Our customers recognize our commitment to quality, accuracy and information security.   For more information about our programs and certifications, contact me at


Comments are closed.

  • Recent Posts

  • Like Us On Facebook

  • Categories

  • Archives

  • Follow Our Blog

    Receive new post notifications via email.
    error: Content is protected !!