Your Shredding Vendor Should Help with HIPAA Compliance

What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of standards of regulations that outline the required use and disclosure of Protected Health Information (PHI). HIPAA compliance is a culture that health care organizations must implement into their business for the purpose of protecting the privacy, security, and integrity of PHI.

What is PHI?

PHI is any demographic information that can be used to identify a patient or client. Examples of identifiers are:

1. Name
2. Geographical elements (address, zip code)
3. Dates (birth, admission, discharge, death)
4. Phone numbers
5. Email addresses
6. Social Security Numbers
7. Medical record numbers
8. Health insurance beneficiary numbers
9. Account numbers
10. Certificate/license numbers
11. Vehicle identifiers
12. Device attributes or serial numbers
13. Digital identifiers, like website URLs
14. IP addresses
15. Biometric elements (finger, retina, voice)
16. Full face photos
17. Other identifying numbers

How Do I Stay Compliant?

When HIPAA became law, the Privacy Rule required entities handling PHI to “apply appropriate administrative, technical, and physical safeguards to protect the privacy of PHI, in any form.” By handling PHI, it is your legal responsibility to regulate how and with whom you share protected information—and avoid incidental disclosure of it. You are required to have policies and procedures in place for the disposal of PHI and ensure your employees are trained and kept up-to-date with these policies and procedures.

When disposing of a medical record, it should be rendered “unreadable, indecipherable, and otherwise unable to be reconstructed.” This is why it is vital to secure a reputable shredding company to help you keep your business HIPAA compliant.

Things Your Shredding Company Should Offer

1. Pre-Shredding: PHI should be disposed of immediately into on-site locked bins or consoles for medical documents. These bins protect PHI from being seen or stolen by unauthorized individuals. Can your shredding company provide these?
2. Shredding: Destruction of your PHI can take place on- or off-site. On-site shredding takes place at your location with a mobile truck, your documents never leave the premises undestroyed, and you can witness them being shredded to HIPAA standards.
3. Post-Shredding: Knowing what happens to your medical documents is important. When it comes to the environment, it would be great to know that your paper documents were 100% recycled. For compliance purposes, you should be able to request a Certificate of Destruction so you have documentation that the records have been destroyed and you have followed compliance rules.
4. NAID AAA Certification: Choosing a National Association for Information (NAID) AAA Certified shredding vendor ensures they meet the highest security standards in the shredding industry. By using the services of a NAID AAA Certified company, you can be confident that your documents will be shredded properly and in compliance with HIPAA requirements.

Apex Shredding offers Northern Colorado healthcare organizations on-site, HIPAA-compliant, NAID AAA Certified mobile shredding services. For more information or for a quote, call us at 970-532-5007 or complete the form on this page. Our friendly experts are waiting to assist you!