What Are HIPAA Shredding Requirements?
The HIPAA Privacy Rule requires appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. See 45 CFR 164.530(c). This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information. In addition, the HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI or the hardware or electronic media on which it is stored, as well as to implement procedures for removal of electronic PHI from electronic media before the media are made available for re-use.
Medical Shredding Service Choices
A Medical Practice official must decide which procedures and equipment will best prevent unauthorized, and inadvertent disclosure of your patient’s protected information (PHI). For storage for examples, you will need to use locked office doors and cabinets, computer firewalls and computer passwords. For final recycling, you will need a complete destruction of the medical records. No one should be able to dumpster dive and misuse the information.
You will have a variety of record destruction equipment. Medical document shredders come in all sizes, speeds, and capacities. In general, you will face three basic choices:
- Personal Deskside shredders: Available at any office supply store. Available on casters for portability, can shred roughly 4 to 20 sheets at a time. Shredder’s price can range from $100 to $500 depending on features and streghth. This is convenient for small offices with relatively few documents to destroy.
- Departmental Shredders: Larger facilities with more documents to dispose of may install industrial shredders that can handle 20-50 sheets at a time.
- Centralized Shredders- A heavy-duty shredder can handle up to 400 sheets at a time and destroy bound reports and thick stacks of paper.This is usually held at a warehouse or large vacant space due to the excessive noise and paper dust. This large volume of medical files is often contracted to a third party company that offers off-site shredding services or Monthly services.
HIPAA Shredding Service
After selecting the shredder models for your medical practice, you will need a protocol for managing shredded paper waste. A large majority of large and small medical firms in the Massachusetts and New Hampshire area opt to hire a third party company to handle the entire process, this has proven to cut down their labor cost and capital investment in shredders. Due to the competitive nature of the shredding and Paper Recycling industry, contracting your shredding service will often result in 20 to 60% Cost reduction.
Shredding plants are equipped with giant shredders that are powerful disintegrators that use rotary blades systems to reduce high volumes of books, X-rays, binders, paper bundles and other bulk materials to tiny particles. These machines even pulverize CDs, thumb drives, DVDs, media discs, credit cards, ID badges, backup cassettes and computer Hard Drives. Chopping them into indecipherable fragments at the rate of up to two tons per hour. At the end of the process, the media is taken for final incineration.
Why Take The Risk?
HIPAA Violation fines range from $100 to $50,000 per violation, it is a big risk to take and not doing the right think will often result in small business bankruptcies and imprisonment. Have a plan in place that is well documented showing how your office handles PHI documents and how it destroy them at the end of the life cycle. You will be doing yourself a big favor and protecting your patient’s data. The most cost effective way to discard the patient’s files is to contract the service to a trustworthy service provider. They have the expertise and the insurance backing to safeguard the data until the final destruction. They will often provide a Certificate of destruction, a legally binding statement that all Medical files and X-rays have been properly destroyed and shielding your practice of future liability.