Our Comprehensive FAQ library is designed to help you navigate waste disposal, treatment and handling
requirements in line with regulations. If you don’t see what you’re looking for, please reach out and one of our
experienced waste experts will be able to assist you.
How do I correctly dispose of PHI documents?
Under HIPAA, covered entities must follow a set of regulations designed to safeguard PHI. These regulations were put in place to limit incidental and prohibited exposure of PHI, including when that information is set for disposal. Certain policies and procedures must be followed to guarantee PHI are properly destroyed, including:
Shredding, burning, pulping, or pulverizing the records so PHI becomes unreadable, indecipherable, and cannot otherwise be reconstructed.
Maintaining labeled prescription bottles and other PHI in opaque bags in a secure area
Using a disposal vendor as a business associate to pick up and shred or otherwise destroy the PHI.
Overwriting PHI stored on electronic media with non-sensitive data
Using a strong magnetic field to disrupt recorded magnetic domains urging
Destroying the electronic media used to store PHI through disintegration, pulverization, melting, incinerating, or shredding
How do I avoid HIPAA violations?
As a pharmacy or primary care facility, part of your job is to keep your patients’ protected health information (PHI) secure and private. This helps ensure you are in full HIPAA compliance. If you are disposing of pill bottles in any capacity, all sensitive patient information (including prescription number) must be adequately obscured or removed. This can involve scratching the numbers or information off, blacking it out with permanent marker, or covering it with duct tape. Following these practices means your practice is not vulnerable to the fines or other punitive actions associated with HIPAA violations.
What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act. Congress passed this legislation in 1996, and it largely has to do with measures and protocols to protect private and sensitive patient information. This can include general information, such as name, date of birth, and social security number, but it also entails medically related information, such as any conditions you have, treatments you’ve undergone, and so on.
The law and various regulations dictate many facets of privacy in the medical arena, and mandatory HIPAA compliance is a large piece of that.
Why does a HIPAA Violation Matter?
First and most important, HIPAA is in place in order to protect the privacy of your patients and ensure their total safety. If their PHI was stolen or revealed due to your negligence, you have compromised the integrity of your facility and the safety of one of your patients. Additionally, you are looking at potential financial ramifications.
Patients will be less likely to trust you and your ability to keep their information safe, meaning your patient numbers could go down.
If you underwent an OSHA audit and were found to be noncompliant, you could be subject to any number of OSHA fines.
The patient whose information was compromised could take legal action against your facility.
Transport and Disposal
Can I perform document shredding in house?
In short, yes. However doing so comes with some risk as well as a cost consideration. When document shredding is done in-house, there are some hidden costs. Firstly, staff members have to set aside work hours to separate paper, remove paper clips and staples and actually carry out the shredding. Secondly, using office strip-cut shredders makes it easy for confidential documents to be pieced back together, therefore rendering the business exposed to a data breach that could end up costing the business thousands of dollars.
How do I prepare my documents for destruction?
We request that you remove all documentation and paperwork from metal-ring binders and plastic covers. Paper clips, staples, wiring, and any other metal materials holding your paper together are permitted.