Well, to start with, there is no such thing as HIPAA certification in the United States. You're either in "compliance" with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule or you're not. You can hire a third party to audit you, but that is not required (although a customer could insist on it). When a printer is handling protected patient information (PPI) for a health care provider or plan it is required to sign an agreement as a "business associate," indicating that it has the necessary safeguards in place to protect the confidentiality of PPI. The compliance requirements from the Department of Health & Human Services (HHS) are extensive, and may seem daunting if you're not already adept at information security. If a company says it's in compliance and isn't, it's taking a risky gamble that it will never have a release of PPI that will expose its compliance failures. In that instance, HHS can audit the company and force a resolution settlement, including a fine. When a printer is handling protected patient information (PPI) for a health care provider or plan it is required to sign an agreement as a "business associate," indicating that it has the necessary safeguards in place to protect the confidentiality of PPI.