Go to Content

HIPAA Compliant Medical Document (PHI) Shredding Guide

Understanding Guidelines for Shredding Medical Records

If you’re in the healthcare industry, you are probably well acquainted with HIPAA regulations. Industry and federal privacy regulations are on the rise, and protecting people's privacy is becoming the norm. You and your practice cannot afford to get lax with following them or overlook opportunities for protected health information (PHI) to fall between the cracks. HIPAA compliance is required not only for healthcare providers but for any entity that transfers health data, according to the Department of Health and Human Services (HHS). If you are a health practitioner or manage a health organization and meet the criteria, it’s always a good idea to review the guidelines, especially those related to destroying or shredding medical records.

HIPAA Compliant clipboard.
HIPAA requirements on a document under a magnifying glass.

What Does HIPAA Require for Medical Record Disposal?

When HIPAA came into law in 1996, an important element was Section II, the Privacy Rule, also known as Standards for Privacy of Individually Identifiable Health Information. It requires entities handling PHI to “apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.”

If you handle PHI, you have a duty to not only regulate how and with whom you share protected information, but you also need to avoid “incidental” disclosure of PHI, including during disposal. It is your responsibility to set forth policies and procedures that dictate how you dispose of electronic media containing PHI (ePHI). It is also your responsibility to train employees in these policies and procedures.

A properly destroyed medical record or piece of PHI is defined, according to HIPAA, as being rendered “unreadable, indecipherable, and otherwise unable to be reconstructed.” PHI cannot and should not be abandoned in dumpsters or public containers, including recycling bins. Although HIPAA doesn’t require a particular disposal method, shredding is listed as a proper method for disposing of PHI in the forms of both paper and electronic waste.

HIPAA Violations for Improper Records Disposal

In the case of HIPAA noncompliance, the entity has 30 days to make changes or face penalties. After 30 days, they can be charged with civil money penalties at an amount determined by the secretary of the HHS. HIPAA fines range from as low as $100 for an unknowingly committed violation, corrected within 30 days, to $50,000 for willful neglect. 

Criminal charges are also a possibility for individuals and covered entities who violate HIPAA regulations. Penalties range to a $100,000 fine, with up to 5 years in prison, and even more if there was intent to use or sell the private information, as in identity theft.

Most HIPAA violations occur as a result of neglect or lack of awareness, not criminal intent. To avoid a violation, make sure to understand what is required of your company and that you’re correctly disposing of medical information.

HIPAA Violation document.
Medical professional putting documents into a shredding console.

When Should Medical Documents Be Destroyed?

HIPAA requires that you keep medical records for ten years from the date of their creation or last use, whichever comes later. States have additional requirements for record retention. If the state requires that you keep a record longer than six years, their law supersedes HIPAA. Conversely, HIPAA supersedes any state document retention laws of less than six years. After the allotted time, if you no longer need the record, properly destroy the information itself along with any electronic storage that houses it.

What Types of Medical Records Should Be Shredded?

The HIPAA Privacy Rule concerns protected health information in all formats, including paper and electronic forms.

You must destroy any documents that contain individually identifiable health information, which includes:

Paper medical records filed neatly.
  • Names
  • Birth Dates
  • Geographic Identifiers
  • Phone Numbers
  • Fax Numbers
  • Email Addresses
  • Medical Record Numbers
  • Biometric Identifiers
  • Photos of Faces
  • Social Security Numbers
  • Health Plan Beneficiary Numbers
  • Account Numbers
  • Certificate/License Numbers
  • Vehicle Identifiers and License Plate Numbers
  • Device Identifiers and Serial Numbers
  • Web URLs
  • IP Addresses
  • Unique Identifying Numbers, Characteristics, or Codes

Also, shred any records relating to an individual’s past, present, or future health or condition, including:

  • The provision of healthcare to the individual
  • The past, present, or future payment for the provision of health care to the individual
  • Information for which there is a reasonable basis to believe it can be used to identify the individual

 

How Should You Handle the Accidental Loss or Destruction of Medical Records?

Lost patient records, or lost medical records, can have an impact on your patients' right to privacy and can put your practice at risk of a HIPAA violation. It's important to check your company's data destruction and retention policies in light of such episodes. Additionally, data breaches, compared to a violation, require covered entities to submit a notice to different agencies, such as the United States Department of Health and Human Services (HHS).

For more information on how to handle this situation, check out this guide by Gazelle Consulting.

Medical shredding company employee putting papers into a bin.

How Do HIPAA Compliant Shredding Services Work?

Secure document shredding makes sense in all industries and for personal use, but some shredding services specifically address HIPAA compliance.

There are three stages to medical record shredding.

1. Pre-Shredding

Records can be disposed of at your employees’ convenience using on-site locked bins or consoles for medical documents.

2. Shredding

Shredding can take place at your location or off-site. With on-site shredding, a mobile shred truck visits your location and shreds the documents there. They can visit for a one-time, single cleanout of sensitive documents or you can schedule regular pickups. With off-site shredding, a business can drop off documents at a central location.

The method of shredding matters for PHI. Cross-cut shredding is used to meet the HIPAA requirement of making the information irrecoverable.

3. Post-Shredding

It’s important to know what happens to your medical documents after shredding, both for environmental and compliance reasons. Typically, the shredded waste is recycled. A reputable medical record shredding company should provide you with a Certificate of Destruction (COD) to document the disposal for your compliance records.

Who Needs Medical Document Shredding?

Any “covered entity” that deals with medical information must comply with the HIPAA Privacy Rule. This includes:

Shredding employee and nurse shaking hands.

Healthcare Providers

These include:

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies

Health Plans

These include:

  • Health insurance companies
  • HMOs
  • Company health plans
  • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs

Healthcare Clearinghouses

These are entities that process nonstandard health information they receive from another entity into a standard (e.g., standard electronic format or data content), or vice versa.

Need HIPAA Compliant Shredding Services? Get A Free Quote Today

HIPAA standards are high. If you’re an entity subject to the Privacy Rule, you need a shredding service provider who understands all the ins and outs of medical record shredding. Proshred®️ Security has extensive experience with the destruction of personal health information in paper and electronic forms, including hard drive and product destruction. We are the only ISO 9001 Certified by NSF-ISR  secure on-site shredding company system in North America. Your HIPAA compliance and your patients’ privacy are our top priorities. Contact us today to arrange medical document shredding services for your business.

HIPAA compliant shredding requires you to shred documents and hard drives so that they are not only unreadable but also can't be recreated. That means using a professional service like ours, since home and office shredders don't achieve those goals.

Yes, to protect the privacy of your patients, documents containing PHI should be shredded, using a professional shredding service.

What Are People Saying About Proshred®

Steve M.
They are very professional. The drivers are very polite and friendly. They do not rush the service of on-site shredding. Had a new driver Nate. He just started with Proshred and was very knowledgeable. Thank you for a job well done.
Pat F.
We recently sold a business and had many boxes of papers to shred. Spoke with Mara in the a.m., by 3:30 all 30+ boxes were shredded. Everyone was pleasant to deal with. Thank you PROSHRED! Highly recommend!
Jay R.
Outstanding service from Lamont and Steven.

Today, Tuesday, 1/10/23, at 2:00 PM, I went to Pro Shred located in Elmsford to drop off two bags of papers. I was not aware that they did not accept cash or Apple Pay.

I am a first time customer, so I did not know the payment method. Met with Lamont, who explained they did not accept cash, however, he did look into the Apple Pay. This is when I met with Steven, who, like Lamont, spoke in a friendly and professional manner. Steven explained an alternative way, which I’d gladly accepted. Overall, the friendly and professional service I received from Steven in Lamont was exceptional. Thank you very much!

I was very pleased to know that they were NOT Dallas Cowboy fans!

Go Giants!

Jay Romano
Amy G.
I had a very large shredding job with Pro Shred. From the time that they quoted the job through the end of the shredding process they were beyond professional, knowledgeable, and fair. I've dealt with a lot of shredding companies over the years. The industry seems to be filled with companies that do what I call a bait and switch. They quote you the job based on the number of boxes and then when they get to the site it changes to the amount of materials that fit in a large rolling garbage bin.

When contract a job I am very specific about wanting to be charged what I am quoted. Usually I can't even get past the quoting when other companies start saying they will do it by box and then start talking about bin size on the phone. Pro Shed and Tara who quoted the job, did not play any games with me. They quoted a box price and then honored the box price. Not only was Tara grear, but when the guys showed up to do the shredding, they were professional, friendly, confident, and hard-working. Everything went as planned straight through the payment. I would refer anyone to this company at any time, because I feel comfortable that they did a good job for me and would do a good job forgrade,

I needed a little more shredding done, a very small job, just a little residual from the big job at a later date, and they are handling that great as well. I spoke to the manager today about them coming out on Monday for the residual and told him how pleased I was with the service. Unfortunately I can't remember his name but he was so professional as well and I'm so glad that I deal with this company. Don't use anyone else use a class act. ProShred gets 5 starts in all categories.
Kim D.
Thank you so much for all of your help and quality service. We couldn't be happier with the service we have received from you. Our contact Alicia Babin has been outstanding to work with. Highly recommend this company!
Robin R.
ProShred came highly recommended to me for a recent fundraising event. Now I can highly recommend them based on their excellent service, professionalism and assistance in helping with our event. Their personnel were excellent to work with and they gave us great guidance as we put our program together. Thanks to ProShred for a job well done.
Krista S.
Positive experience from beginning to end. I had a consultation and less than a week later Pro Shred was out at my company. Very courteous with their reminders and follow up. The guys were great - came in and introduced themselves, letting us know about the whole process, asking if we had any questions. Can't beat their customer service. And the price was unbeatable!
Aaron P.
Pro-Shred is the best thing since sliced bread, and a must for any work-from-home professional. Stop wasting time and money on those forever-jamming dusty and noisy paper shredders. Let Proshred deal with all.
Dave W.
ProShred is easy and inexpensive.

I have limited need for shredding services--every year or two, I need to shred some old credit card slips and bank statements and such. It is always very easy to load 8-10 boxes of stuff in the back of my station wagon, drive it over to ProShred and then unload it into a bin, pay the fee and I'm on my way. Easy peasy. The staff is aways friendly and cheerful; they will do my shredding for the foreseeable future.
Rosanne Paluszewski F.
Excellent, timely and professional service. But, that's not all: this is a company that GIVES BACK to our communities - by being an active and supportive MEMBER of the Midstate Chamber of Commerce AND they also go above and beyond and host special COMMUNITY shredding events throughout the year, and some of those benefit charitable organizations. That deserves more than 5 stars...
Carol D.
The greatest company very pleasant customer service. Made my appointment,received a follow-up call with delivery time. I was given a 2 hour window and they arrived very early within that window. The two men who came were incredibly kind and very fast. I will recommend Proshred Security to everyone one. Thanks for putting my mind at ease when getting rid of my personal documents.
Elaine H.
Pro-Shred is the greatest thing ever, best $$$$ ever spent. The guy who shredded my documents was courteous, friendly and professional. Years of paper clutter was gone within minutes, as I stood and watched. Thank you Pro-Shred!
js_loader
1-877-767-4733

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.