We have all heard about HIPPA, the Health Insurance Portability and Accountability Act that was passed in 1996 but do you know what it says about the destruction of protected health information (PHI)? The first rule is the HIPPA Privacy Rule and it stipulates that…
We have all heard about HIPPA, the Health Insurance Portability and Accountability Act that was passed in 1996 but do you know what it says about the destruction of protected health information (PHI)? The first rule is the HIPPA Privacy Rule and it stipulates that covered entities must apply ‘appropriate administrative, technical and physical safeguards to protect the privacy of protected health information in any form’ and PHI should be destroyed in a manner so it cannot be reconstructed. The second is the HIPPA Security Rule and it applies to electronic PHI and requires policies and procedures to be implemented that define what happens to electronic protected health information and the hardware it is stored on when either the information or equipment has reached its retention. The Privacy and Security Rules do not require a particular method of disposal for either type of information but you must take reasonable steps to ensure the information cannot be accessed by an unauthorized person or entity.
One of the accepted methods of destruction is shredding and can be done in house or outsourced to another entity. Underground Vaults & Storage provides both mobile and offsite document shredding for recurring service or one time projects through our Document Resources Division. We also shred non-paper media and Hard-Drives and recycle E-waste. Our destruction services are NAID certified meaning you are doing your due diligence to find a service provider that has high security standards. You will be provided with a contract that spells out safeguards against breaches, indemnification for the organization, provides for loss due to unauthorized disclosure, and requires the business associate to maintain liability insurance at all times.
On top of the HIPPA requirements, it is also suggested by the American Health Information Management Association (AHIMA) that health care providers document the destruction of information. For this reason, we also provide an agreement of service the day of service that documents the method of destruction and a certificate of destruction once the material is destroyed documenting the date of destruction. For more suggestions from AHIMA check out their article “Retention and Destruction of Health Information”
Review your policies and procedures to see if UV&S can help you with your destruction needs!