Healthcare Compliance with Document Shredding. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. One component of this is the destruction of documents containing protected health information. If you are not in compliance with HIPAA regulations, penalties can be steep. Here are 4 ways to keep your facility compliant when it comes to document shredding.
The HIPAA Act What Information is Protected?
According to the U.S. Department of Health & Human Services
Protected Health Information. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”12
“Individually identifiable health information” is information, including demographic data, that relates to:
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.
Why is document shredding so important?
One of the biggest HIPAA violations is destroying documents with protected health information. The penalty for this can be steep. A data breach can result in hefty fines and more, according to the HIPAA Journal. Which is one of the most comprehensive resource available anywhere on HIPAA regulations. The below is quoted from the HIPAA Journal.
Improper Disposal of PHI
When physical PHI and ePHI are no longer required and retention periods have expired, HIPAA Rules require the information to be securely and permanently destroyed. For paper records this could involve shredding or pulping and for ePHI, degaussing, securely wiping, or destroying the electronic devices on which the ePHI is stored to prevent impermissible disclosures.
Financial penalties issued to covered entities for improper disposal of PHI/ePHI include:
In order to avoid these penalties, you need to have a proper document destruction process in place. A good document shredding service will help you ensure that you are complying with legal requirements and destroying your documents correctly and on-time.
Document shredding is an important part of any healthcare company. It ensures that records are kept confidential and protected at all times. If you need assistance with this process, contact Healthcare Waste Management today, we are always happy to help!
Join thousands of other practices working with HWM.
"The only company you will ever need."