Have you ever walked into a healthcare facility and noticed the voluminous number of medical records lining the walls? How do facilities manage when these stacks of paper are no longer in use or the time has come to purge certain files? Is there a proper method for destroying them, and how can facilities safeguard this protected information throughout the destruction process?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare providers to regularly shred documents containing information on a patient’s medical history to prevent identity theft. It is imperative that any company collecting or holding medical records ensure that spare copies of those records are destroyed regularly.
What kinds of materials are covered under HIPAA shredding regulations? How do you know whether a piece of paperwork goes into the “to-be-shredded” pile or whether it’s okay to just toss in the trash can?
Under HIPAA shredding laws, documents with any of the following must be destroyed:
Social Security Numbers
This is good practice not just for HIPAA, but as a general rule. SSNs are like gold to identity thieves — if you see a nine-digit number on a form, toss it in the shredder.
Names and Addresses
HIPAA shredding rules state that anything with a name and address is considered “private information.”
Always assume that if a document features a name and at least one other piece of identifying information like a birthdate, it’s covered by HIPAA shredding rules.
Of course, other information includes medical history, medications, tests, and more.
HIPAA’s privacy rule does not include medical record retention requirements, choosing instead to defer to state laws to generally govern how long medical records are to be retained. However, the rule does require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of medical records and other protected health information (PHI) for whatever period that such information is maintained by a covered entity, including through disposal.
Legal Shred is proud to serve the medical community with our routine document shredding, hard drive destruction, and medical waste disposal services through our sister company, Red Bags. Legal Shred is able to offer our clients a significant cost-savings through a combined services package, including paper shredding and medical waste disposal. Our packages include OSHA safety training, to help keep employees safe. Whether it’s HIPAA laws or OSHA requirements, our highly trained staff are prepared to help answer your questions, and create a package that works for your company.