A Look at HIPAA-Compliant Shredding
Even in the digital age, when electronic medical records are the norm, doctors, dentists and other healthcare professionals still handle and store paper documents that contain protected health information (PHI). With medical identity theft on the rise, tossing documents with PHI in a trash can or recycling bin should never be an option. In fact, it’s against the law to do so. The Health Information Portability and Accountability Act (HIPAA) levies stiff fines on healthcare providers who fail to dispose of PHI securely. In this blog, we describe HIPAA-compliant shredding.
What HIPAA Says
HIPAA states that health care organizations and their business associates should “maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information (PHI).” As a result, your document disposal methods must prevent unauthorized access to PHI. Fines for unauthorized disclosure range from $50,000 to $1,500,000.
Who HIPAA Applies To
HIPPA provisions not only apply to medical practitioners, but also to businesses offering services that involve access to PHI. As a result, if you’re a contractor or vendor to a healthcare organization, HIPAA rules and requirements apply to your business.
Outsourcing your shredding to a National Association of Information Destruction (NAID) AAA Certified partner is reliable way to ensure the routine, secure and documented shredding of PHI. NAID AAA Certified shredding companies must meet strict security regulations verified by an independent Certified Protection Professional (CPP), accredited by the American Society for Industrial Security International (ASIS). CPPs assess the following areas during scheduled and unannounced audits:
• Employee screening processes
• Operational practices
• Security procedures
NAID requires all paper to be destroyed with a cross-cutting shredding process that reduces it to a 5/8” particle size or less. These requirements significantly reduce privacy risks to PHI.
Locked collection containers are placed in your facility to facilitate secure, prompt disposal of documents and data. On a scheduled basis, a bonded, security cleared destruction professional collects the contents and destroys your information on-site with a mobile shredding vehicle. After shredding, you’re given a Certificate of Destruction noting the time and date of destruction.
If you have more questions about HIPAA or other state and federal privacy laws, please contact us by phone or complete the form on this page.
Quote - Contact Us
We would love to hear from you! Please call us at 877-5-ASK-ADS or complete this form and we will get in touch with you shortly.
My staff and I had the pleasure of participating in an ADS Consulting Shredding & Storage Workshop in April 2011.As a new business, it was critical for us to get off to a good start. The workshop provided us with useful information and practical applications that helped us do that. The ‘hands on’ training experience we received in a successful, working document destruction and storage business environment was invaluable.Renee and her staff were very personable and helpful and continue to be valuable business partners to this day.I highly recommend the ADS Workshop to both new and existing businesses
Rob Giannini, C.O.O.Commonwealth ...