While shredding services are essential for every business, medical offices or companies that deal with privileged medical information must follow strict rules to stay compliant with the Health Insurance Portability and Accountability Act (HIPAA). While these rules can seem overwhelming, Proshred® is here to teach you everything you need to know about HIPAA regulations.

What is HIPAA?

HIPAA is a federal law that took effect in 1996 in order to protect an individual’s medical information from being disclosed without their consent. Another goal of HIPAA is to encourage the flow of medical information that allows patients to receive personalized care for their needs. In order to find a balance between patient privacy and the flow of information, HIPAA has a Privacy Act that implements strict guidelines about which organizations can share patient information and what kinds of information can be shared.

What Information Does HIPAA Protect?

HIPAA regulations revolve around a patient’s confidential health information, also known as protected health information (PHI). Since documents like health records, lab test results, and medical bills often contain a patient’s most sensitive information, they are considered PHI and are protected by HIPAA. Along with those documents, HIPAA regulations protect a variety of documents that contain 18 identifiers including:

  • Names
  • Phone Numbers
  • Email Addresses
  • Social Security Numbers
  • Health Insurance Account Information
  • Photographs/X-Rays

What Organizations Must Comply with HIPAA?

HIPAA regulations apply to individuals and organizations that deal with PHI documents, and these organizations are often referred to as covered entities. HIPAA states that covered entities include healthcare providers, health plans, healthcare clearinghouses, and business associates that carry out healthcare functions.

Healthcare Providers: Possibly the most well-known covered entity, healthcare providers are subject to HIPAA regulations if they submit electronic transactions that contain healthcare information. Some of these transactions include referrals, premium payments, and claims status.

Health Plans: Since health plans are forms of insurance that cover medical costs, they must follow HIPAA regulations. Common health plans include health insurance companies, health maintenance organizations (HMOs), and employer-sponsored health plans. Government programs such as Medicaid, Medicare, and veterans’ health programs are also subject to HIPAA regulations.

Healthcare Clearinghouses: As an intermediary between healthcare providers and health insurers, clearinghouses regularly receive medical billing information, which makes them subject to HIPAA guidelines. Since they act as third parties, clearinghouses must ensure that their files are properly secured and examined for errors before being sent to another party.

Business Associates: Covered entities may need to work with a business associate to carry out their activities. While normal businesses aren’t subject to HIPAA regulations, they must sign a written contract that requires them to comply with HIPAA when working with a covered entity. Healthcare providers, health plans, and clearinghouses can also be considered business associates if they assist other covered entities.

HIPAA compliant shredding
Medical office receptionist shaking hands with a document shredding professional.

What Can You Do To Ensure HIPAA Compliance?

While HIPAA doesn’t specifically state how to handle PHI documents, there are many common practices that your business should implement to stay HIPAA compliant. When dealing with paper documents, ensure that sensitive documents are securely locked in cabinets or a records room that only essential employees can access. It’s also important to print PHI documents in a location that’s out of view from patients or customers. Finally, make sure that all of your PHI documents are properly shredded when they are no longer needed.

For digital records, it’s necessary to establish limits on which employees and which workstations can have access to PHI. Many covered entities store their PHI on databases that will need to be properly secured and exited before leaving your workstation. When your business no longer needs to hold onto PHI, ensure that the documents are properly deleted and the computer’s hard drives are disposed of when getting replaced.

What is the Best Way to Dispose of Medical Records?

Now that you know more about HIPAA regulations and how to protect your business, it’s important to learn how to properly dispose of your physical and digital PHI documents. For physical documents, you should hire a HIPAA compliant shredding company, like Proshred®, for secure medical record shredding. While many people believe deleting files on your computer is safe, that data is still being stored on your hard drive. To properly dispose of your digital information, you need to hire a shredding company to destroy your old hard drives, so the data is unrecoverable.

If you’re looking for a shredding company to properly dispose of your old PHI documents, Proshred® Orange County is here to help. With drop-off locations and mobile shredding trucks, our equipment can handle your old documents and hard drives with ease. Our goal is to protect your business and help you stay HIPAA compliant. For more information on our HIPAA compliant shredding services, call us today!

Medical Record Shredding