PHI Medical Document Shredding Service
Under the HIPAA Privacy and Security Rules, covered entities are obliged to observe proper methods of disposing protected health information (PHI), of any form. Appropriate measures of disposal are required to prevent and limit any unauthorized use and access to the information. Furthermore, covered entities handling electronic PHI are required to impose policies and procedures to facilitate the removal, termination and final disposal of PHI in electronic format including the storage media housing the information.
Common Misconceptions Regarding HIPAA
- State laws always supersede contrary provisions in HIPAA. Fact: MA State laws only supersede HIPAA when a state’s statutes are stiffer.
- Hospitals and insurance companies are exempt from HIPAA Fact: With extremely few exceptions, all hospitals, health plan administrators, clearinghouses, service providers, and all medical professionals are subject to HIPAA
- HIPAA regulates only electronically transmitted data. Fact: HIPAA applies to all forms of communication: written, verbal, and any form of electronic transmission
- Under HIPAA, the unintentional or accidental release of data cannot be treated as a criminal act. Fact: Like any accident, the degree of negligence assigned to the act, as well as the defendant’s intent determine whether criminal or civil penalties apply.
- Information stored in archives by third parties is exempt. Fact: The use of third-party bailment agents does not relieve or exempt the responsible parties from their HIPAA duties and obligations.
- Not all practicing physicians are subject to HIPAA Fact: All practicing physicians are subject to some degree to HIPAA oversight.
- Dentists, optometrists, nurses, and pharmacists are exempted from HIPAA regulations. Fact: All healthcare professionals who handle or create patient records are subject to HIPAA and other privacy statutes.
- Recycling is an acceptable form of disposal under HIPAA. Fact: The practice of shredding medical records creates an anticipatable risk to both patient privacy and security, and is, therefore, a potential violation of HIPAA.
- In-house shredding programs prevent HIPAA-related compliance issues from arising. Fact. In-house shredding programs potentially create more HIPAA concerns than they resolve, because document destruction cannot be independently certified, and because proper security protocol is rarely practiced.
- HIPAA rules do not pertain to healthcare clearinghouses. Fact: All such non-medical institutions serving the medical industry are subject to HIPAA.
- The verbal release of patient information is not a HIPAA violation. Fact: Unless authorized, verbal communication of medical information is subject to HIPAA, as is all written and transmitted data.
- If the improperly released information is not exploited, there is no violation of the law. Fact: Improper release is in itself a violation of HIPAA. The act of failing to take reasonable care in protecting individually identifiable health information is likewise a violation.
- The release of individually identifiable information already in the public domain is not a HIPAA violation. Fact: The release of a patient’s most innocuous and publicly available individually identifiable information by a medical professional such as a license number or address can be interpreted as a violation of HIPAA.
Medical Documents (PHI) Destruction Service
Okay, Doctors et al, so maybe you’re still not convinced. Consider experiencing the following legal colonoscopy, sans anesthetic: The maximum fines and penalties for failure to comply with the law is $250,000 and 10 years imprisonment. This, of course, doesn’t take into consideration the additional civil judgments and penalties that surely follow a criminal conviction.
What’s the best way to avoid a problem with the HIPAA police?
If you reside or have a Business In or near Boston MA, Acton, Concord, Harvard, Cambridge, Waltham MA, Lowell MA, Andover MA, Haverhill MA, Methuen, Lawrence or Tewksbury MA, Worcester, Framingham, Natick, Nashua NH, Portsmouth NH, then you should consider our affordable medical document destruction services. Not only that we have the lowest rates in the Metro Boston and Southern New Hampshire, we offer the strongest Chain Of Customdy for your PHI protected documents. We shed your medical files often the same day and we send you a letter of HIPAA Compliance in the form of a certificate of destruction for your records. To get started on protecting your Client’s data and shred your PHI documents, call us today at (978)636-0301 or click below.
What Is HIPAA
HIPAA stands for the Health Insurance Portability and Accountability Act. It is a U.S. law passed in 1996 that provides standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. It applies to all forms of protected health information, whether electronic, written, or spoken. This includes but is not limited to doctors, hospitals, health insurance companies, and other health care providers.
HIPAA violation fines can vary depending on the nature and severity of the violation, as well as whether it was committed knowingly or unknowingly. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing HIPAA regulations and can impose fines for violations.
Here are some examples of HIPAA violation fines:
- A violation due to reasonable cause and not due to willful neglect can result in a fine of up to $100 per violation, with an annual maximum of $25,000 for identical violations.
- A violation due to willful neglect but corrected within the required time period can result in a fine of up to $50,000 per violation, with an annual maximum of $1.5 million for identical violations.
- A violation due to willful neglect that was not corrected can result in a fine of up to $50,000 per violation, with an annual maximum of $1.5 million for identical violations.
It’s important to note that these fines are subject to change as per the current laws and regulations.