If you want to be HIPPA compliant and safeguard your office from potential lawsuits, you have to properly dispose of paper medical records. Are you compliant with the law? Find out here.
If you run a business that handles the personal health information of patients, you are required by HIPAA Privacy Rule to prevent these records from being improperly disclosed to the public.
Proper disposing of paper medical records helps protect your client's personal information. It also safeguards your business from legal ramifications.
Here are a few ways to dispose of medical records and safeguard your patient's privacy.
How To Properly Dispose of Paper Medical Records
Improper disposal of PHI results in fines. The Office for Civil Rights (OCR) assesses penalties ranging from $100 to $50,000 with an annual maximum of $1,500,000.
HIPAA received more than 182,458 complaints as of the close of May this year. Although these complaints don't calculate the total number of people affected (which is in the millions), they are still too many.
That's almost two-hundred thousand people affected by improper disposal of their personal information.
Don't get caught in this type of situation. Understand that throwing personal health information in the trash or dumpster is a violation. There are a number of secure ways to ensure proper discarding of paper medical records.
Shredding on Site
Most companies offer employees personal trash and recycle bins. To protect personal health information, place over-sized locked recycle bins in secure spaces in the office for paper records.
Then put a system in place in the office that ensures the protection and discarding of all records daily. For example:
- Label each bin to prevent employees from mixing trashing with disposable records.
- Direct all paper, PHI or not, to the secure recycle bins.
- Designate a daily disposal time to office personel under management supervision.
- Shred all records on site.
For large shred jobs use a high-security cross-cut shredder. These shredders are quiet and meet the National Security Agency's standards for disposing of confidential information.
If you operate a smaller office, consider a smaller system with front loading paper feed. The whisper quiet benefit this shredder offers allows it to sit right under a reception desk without notice.
Administrative shredding may be done throughout the day without interrupting the flow of office work. You also still get the NSA assurance of properly destroying private records.
Electronic PHI Shredding
Disposal of most electronic records is rare. But for businesses who store personal health data on flash drives, CDs, or DVDs, the law requires you to discard information on these sources as well.
Before shredding these devices, be sure to delete all private patient data from them. User a shredder with steel cutting cylinders to destroy and dispose of each electronic record.
If at all possible, refrain from storing PHI on media sources such as these.
Invest in a Shredder
Shredding paper medical records provides companies with the assurance of knowing personal health information is safe. It helps keep you compliant with Federal Privacy Regulations.
Having an in-office shredder also builds trust between business offices and patients. People trust your business practices when they know their private health data is secure.
Take a look at the types of document shredding machines we offer.