HIPAA Compliance and Shredding

What Has to be Shredded for HIPAA Compliance?

If your organization has access to clients’ protected health information (PHI), you are required to be compliant with that information from the moment it is created to its final destruction. The Health Insurance Portability and Accountability Act requires that when sensitive information is no longer needed, it must be “rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed.”

In 1996, the federal government implemented the act to protect sensitive patient health information from being disclosed without the consent or knowledge of the patient. The act consists of a list of standards that must be followed by healthcare providers, consultants, attorneys, CPAs, and third-party businesses who have access to PHI. Non-compliance will result in fines or criminal charges.

Protected health information includes records in physical or electronic form or spoken information. This information could be health records, histories, lab test results, medical bills, medical bracelets, prescription bottle labels or any other patient information identifiers. Individual identifiers include names, social security numbers, full face photos, geographical locations, phone numbers, email addresses, dates, beneficiary numbers, account numbers, certificate and license numbers, and medical record numbers and more.

How HIPAA-Compliant Shredding Works

When PHI records are no longer needed, they must be destroyed so there is no chance of reading, deciphering, or reconstructing them. This includes files in both paper and electronic forms (hard drives, tapes, x-ray films). The protection of a patient’s personal information is your full responsibility.

While PHI can be burned, pulped, or pulverized, a common means of destroying this information is shredding. When considering shredding, ensure your in-house shredder meets HIPAA standards.

Those who dispose of PHI should be trained in your organization’s information destruction policy and procedures. Using a NAID AAA Certified provider to destroy your secure data in compliance with information protection laws offers peace of mind. Ask for a Certificate of Destruction to prove your compliance with the legal requirements.

Apex Shredding is NAID AAA Certified and HIPAA compliant. We are Northern Colorado’s solution to the secure and proper destruction of Protected Health Information. To ensure your company is HIPAA compliant, please contact us at 970-532-5007 or complete the form on this page