Are You HIPAA Compliant?
Document destruction is an important part of staying HIPAA compliant. Here’s why.
Protecting sensitive information is important now more than ever, particularly in the healthcare industry. Medical records are fountains of data that would be an identity thief’s dream come true; names, addresses, social security numbers, health plan information, and so on.
The Health Insurance Portability and Accountability Act (HIPAA), which was passed by Congress in 1996 contains provisions that may seem complicated, but it is important to make sure that all personnel at health care practices understand HIPAA compliance issues.
HIPAA standards have changed with the advent of digital record keeping; compliance rules for the security of electronic health information was published in the Federal Register in February of 2003, and it specifies a series of administrative, technical, and physical security procedures that must be leveraged to protect the confidentiality of electronic health information.
Do you need to be HIPAA compliant? The short answer is this: if you handle protected health information (PHI), then absolutely yes, you need to be HIPAA compliant. You open yourself up to potential civil and criminal penalties as a result of violations.
Understand why security is important
Why is security, both for physical and electronic documents, so important? Digitally, computer security is needed to protect the privacy of those whose information you store and manage. It is also needed to protect you and your practice from the risk of penalty and legal liability if private information is used or released by your practice.
Some of the main requirements of the HIPAA Compliance Checklist include:
- You must put safeguards in place to protect patient health information.
- You must reasonably limit use and sharing of protected health information to the minimum necessary to accomplish your intended purpose.
- You must enlist procedures to limit who can access patient health information, and training programs about how to protect patient health information.
The easiest way to maintain HIPAA compliance can be achieved in five simple steps:
- Put someone in charge.
- Keep PHI secure and private.
- Set up office policy, implementation procedures, and training for your staff.
- Inform patients of their rights and absolutely support those rights.
- Limit access of patient information to businesses outside the practice.
Of course, medical record retention is an important aspect of HIPAA compliance. HIPAA privacy and security rights requires medical records to be retained by a provider for at least six years after either the later of the date of creation or the date when last in effect. State laws may require longer holding periods.
Keep patient files and charts locked up when not in use. When it is time to remove old files, shred documents that contain PHI. Do not throw these away or dump them in the recycle bin.
Working with a certified document destruction specialist like Legal Shred can help you maintain HIPAA compliance. With routine service and employing the use of one of our locked security bins in your office, Legal Shred can provide a document maintenance and disposal program that meets HIPAA destruction requirements.