Whether you're expanding, downsizing, or relocating your healthcare practice, moving to a new office brings both opportunity—and risk. Amid the logistics and planning, HIPAA compliance must remain a top priority to protect patient information and avoid costly violations.

In this post, we’ll walk through the most important HIPAA considerations during a healthcare office move, offering clear, actionable steps to help your practice stay compliant and secure.

Why HIPAA Compliance Matters During a Move

HIPAA—the Health Insurance Portability and Accountability Act—sets national standards for safeguarding protected health information (PHI). During a move, PHI is at increased risk of loss, unauthorized access, or accidental disclosure, making careful planning essential.

1. Secure the Transport of PHI

PHI can exist in both paper and electronic forms, and both must be protected during a relocation.

What to Do:

  • Lock paper records in secure boxes or containers.
  • Encrypt all laptops, hard drives, USBs, and other devices.
  • Use tamper-evident materials if possible.
  • Maintain a written log of what is being moved and by whom.
  • Allow only authorized staff to handle patient records.

2. Update HIPAA Documentation

A new location requires updates to your privacy and security documentation to reflect the physical changes.

Key Documents to Review:

  • Notice of Privacy Practices (NPP): Must include the updated address.
  • Security Risk Assessment (SRA): Reassess risks in the new environment.
  • Facility Access Controls: Update who has access and how it's secured.
  • Emergency & Contingency Plans: Account for your new setup and location.

3. Safeguard ePHI During Transition

If your practice uses electronic systems (like EHRs, PMS, or cloud platforms), take steps to protect electronic PHI (ePHI) as systems are moved or reinstalled.

Checklist:

  • Back up all data before the move.
  • Use encrypted storage or secure cloud solutions.
  • Re-establish secure internet connections and firewalls in the new space.
  • Confirm device passwords and access restrictions remain intact.
  • Test system access and login controls after installation.

4. Protect Paper Records

If your office still uses paper charts or forms, keep them protected throughout the moving process.

Pro Tips:

  • Avoid leaving files in unattended vehicles.
  • Move records yourself or hire a HIPAA-compliant moving service.
  • Store paper records in locked file cabinets at the new location.
  • Consider digitizing older records and properly disposing of outdated documents.

5. Inform Patients—Professionally and Securely

It’s important to notify patients of your new address, but don’t share PHI in public announcements.

Communication Tips:

  • Send postcards, emails, or text messages with the new office details.
  • Update your website, voicemail, and Google business profile.
  • Avoid including any specific health information in announcements.

6. Review Business Associate Agreements (BAAs)

If you change vendors—such as shredding services, IT providers, or cloud platforms—be sure to update or execute new Business Associate Agreements.

7. Conduct a Post-Move HIPAA Review

After the move is complete, conduct a brief HIPAA compliance check to confirm all safeguards are in place.

Final Steps:

  • Revisit your HIPAA Security Risk Assessment.
  • Confirm that all physical security measures (locks, alarms, access controls) are active.
  • Train your staff on any updates or location-specific procedures.

Final Thoughts

Relocating your healthcare practice doesn’t have to mean compromising compliance. With the right plan and attention to HIPAA requirements, you can protect your patients, your reputation, and your bottom line—while making your move a smooth and successful one.