HIPAA: To Shred or Not To Shred?

In 1996 the US government enacted and signed into effect the Health Insurance Portability & Accountability Act; known otherwise as HIPAA. The act was amended largely to modernize the movement of healthcare-related information, and also to protect personal information from fraud and theft. In HIPAA, this was done by managing how and when personal information should be handled and managed.

HIPAA impacts almost any organization operating in the health sector; from hospitals and medical practices to other businesses in the healthcare industry that handle sensitive personal and patient information (referred to as protected health information – PHI).

The act provides specific guidelines for affected organizations on how long certain information needs to be held onto for, how it should be destroyed, and what information should be held onto and / or destroyed.

What Comprises PHI?

Protected health information can include documents that include information such as;

  • Names
  • Dates
  • Social Security Numbers
  • Beneficiary Numbers
  • Phone Numbers
  • Email Addresses
  • Medical Record Numbers
  • Vehicle Identifiers & Serial Numbers
  • Web URL’s
  • Full face photos and / or bio-metric identifiers

The Department of Health and Human Services states that a properly destroyed piece of PHI should be unreadable, indecipherable and non-reconstruct-able.

When Does PHI Need To Be Destroyed?

The duration of which PHI must be kept on record can vary by state. Both state laws and HIPAA include regulations for how long medical records must be kept. In some cases, state laws have mandatory retention periods that are shorter or longer then those in HIPAA (6 years);

  • When they are shorter; HIPAA regulations supersede state laws.
  • When they are longer; State regulations supersede HIPAA retention regulations.

Make Sure Your Document Shredding Service Is HIPAA Compliant

Shred-A-Way offers secure shredding services that always ensure that clients in the health sector are within regulation of HIPAA destruction guidelines. We offer a wide range of secure shredding services that make it easy for affected organizations to not only receive secure shredding services, but also ensure that it is done to spec as needed.

Shred-A-Way offers services both on and off-site, making it easy for healthcare organizations to get the services they need to protect their patients. From on-site scheduled services to off-site purges, we can do it all no matter the size of the job. Don’t need documents destroyed? No problem: we offer record storage services to help clients fulfill their storage needs with state of the art archiving technology and building security.

Get in touch with us today to find out how our services can help protect your patient’s information, and keep your organization in line with HIPAA.

Share This Post

Scroll to top