Handling the Document Destruction of Medical Records in the Transition to an Electronic System

The transition to Electronic Health Records (EHRs) and Electronic Medical Records (EMRs) have left many hospitals and clinics with paper documents that are no longer necessary. However, improper disposal can lead to violations under the Health Insurance Portability and Accountability Act (HIPAA). Fortunately, document destruction services are available to ensure compliances with the Privacy Rule.

Ever since the HIPAA was enacted in 1996, the healthcare industry has undergone numerous changes. EHR and EMR have become widely adopted, which benefits patient diagnosis and treatment process. This change has also improved the security and privacy of patient information.

In recent years, its various provisions and the addition of related regulations, such as the Health Information Technology for Economic and Clinical Health (HITECH) Act, have begun to take effect. Currently, medical institutions are attempting to comply with Stage 1 Meaningful Use Objectives, which promotes the employment of certified EHR technology. In other words, paper-based records are being digitized and transitioned to compatible, interoperable technologies that can be conveniently accessed by the healthcare industry for use in treatment, payment, or healthcare operations.

As the healthcare industry adopts EHR and EMR, archived paper documents are being becoming less important in industry operations. However they cannot be destroyed or disposed irresponsibly.

HIPAA’s Privacy Rule, which came into effect in 2003, still applies to Protected Health Information (PHI) found in hard copies. The law does not mandate when or how document destruction occurs. That is usually left to the discretion of the state. For example, physicians in New York are required to keep medical records for six years, except for children’s records which must be retained until a year after the child turns 18. However, if personal data was thrown in the garbage where anyone can see and misuse the information, the Department of Health and Human Services or the Department of Justice can take action.

To avoid negative consequences, medical institutions can employ document destruction services to ensure the secure disposal of sensitive records. They can shred, pulp, and recycle the unnecessary hard copies of patient data. Trusted employees oversee each stage of the process to ensure that no one can take an unauthorized copy. For added security, on-site shredding ensures that the papers are already destroyed before the papers are taken to the destruction facility.

To ease the transition, hospitals can start digitizing with their current patients while keeping the older records in storage facilities that have scanning and document destruction services. When the old records are needed, the service can digitize the PHI then securely dispose the paper afterwards. When the medical records have not been needed for a given number of years, they can then be safely destroyed.

Legal Shred
235 Apollo Beach Blvd #507
Apollo Beach, FL 33572
813-445-7301