Every medical courier company claims to be HIPAA-compliant. Very few can explain what that means in the context of a delivery operation — and almost none can tell you what happens if something goes wrong.

If your facility uses a medical courier service to transport anything containing patient health information — a lab order, a specimen with a patient label, a prescription with a patient's name on it — that courier is a Business Associate under HIPAA. And Business Associates carry real compliance obligations.

Here's what HIPAA compliance actually means for a medical courier, and what your facility should be asking before you hand over a shipment.

The Business Associate Agreement (BAA)

A courier that handles PHI must sign a Business Associate Agreement with your facility. This isn't a formality — it's a legal document that defines what the courier can do with patient information, how they must safeguard it, what they're required to do in the event of a breach, and how they must dispose of records.

If your courier hasn't offered you a BAA, they either don't know they need one or don't want one. Neither is acceptable.

What "Safeguarding PHI" Means in a Delivery Context

PHI in medical courier operations shows up in places people don't always consider: the manifest accompanying a lab specimen, the label on a prescription bag, the order form tucked inside a medical supply package. HIPAA doesn't care whether the PHI is the main item being transported or incidental packaging — if it's there, it's covered.

For a courier, safeguarding PHI means limiting access to delivery information to personnel who need it, ensuring manifests and delivery records aren't left in vehicles or public spaces, and having protocols for what happens when a delivery can't be completed as planned.

Driver Training

HIPAA compliance isn't just a policy — it's a practice. Drivers are the operational front line of any courier service. A policy that says "don't leave packages unattended" doesn't mean anything if the driver doesn't understand why, or what to do instead.

Ask your courier: what HIPAA training do drivers receive? How frequently? Who delivers the training and how is completion documented? These aren't trick questions — they're the baseline.

Breach Notification Obligations

If a courier loses a shipment containing PHI, drops it, or delivers it to the wrong address, HIPAA's Breach Notification Rule may be triggered. Your BAA should define the courier's obligations in this scenario — specifically, what they must report, to whom, and within what timeframe.

The 60-day notification clock in HIPAA's Breach Notification Rule starts when the breach is discovered. A courier who waits three weeks to tell you about a misdelivered specimen containing patient information has cost you valuable response time.

What to Ask Your Medical Courier

Before you sign with any healthcare courier service, get clear answers to these questions:

  • Will you sign a Business Associate Agreement?
  • What HIPAA training do your drivers receive, and how often?
  • How do you handle PHI on manifests and delivery documents?
  • What is your protocol for a failed or misdelivered shipment?
  • How would you notify us of a potential PHI breach, and in what timeframe?

A courier that can answer these questions clearly and specifically is one that takes compliance seriously. A courier that responds vaguely, deflects, or tells you it's "not really an issue" in their operation is one whose compliance posture you should treat as uncertain.

The Sameday Logistics Health Standard

At Sameday Logistics Health, HIPAA-aware operations are built into how we work — from driver onboarding through delivery documentation. We sign Business Associate Agreements with our healthcare clients, maintain strict PHI handling protocols throughout our operation, and have defined breach notification procedures that meet HIPAA's requirements.

Healthcare compliance isn't a marketing checkbox for us — it's an operational standard. If you have specific questions about our compliance practices before engaging our services, we'll answer them directly.

Ready to work with a courier that takes compliance as seriously as you do? Contact us for a free estimate.