Document shredding is an important part of ensuring the protection of sensitive patient information and overall HIPAA compliance. This makes shredding vitally important to your medical facility for two reasons. One, proper compliance protects the patients you care for, making them more likely to trust your facility’s professionalism and keep returning to you for their medical needs. Two, proper compliance means you get to avoid all the OSHA fines you’d be liable to pay if you weren’t strictly following regulations.
How Proper Document Destruction Can Help You Avoid HIPAA Violations
What Is HIPAA?
First things first, what exactly is HIPAA, and why is it relevant to medical facilities?
HIPAA stands for the Health Insurance Portability and Accountability Act. The policy was enacted in 1996, and it’s essentially a series of regulations aimed at ensuring the privacy of sensitive medical and personal information of patients. All this information falls under the umbrella of protected health information (PHI).
Obviously, protecting your patients from compromised PHI matters to every medical facility. Failing to comply with HIPAA puts your patients at risk, and if there is compromised information due to your lack of compliance, you will lose credibility with both your existing and potential patients. There will also be the fallout (financial and otherwise) from any HIPAA violation.
HIPAA Violations: What’s at Stake?
If you are noncompliant with HIPAA policy, you open your medical facility to fines and, depending on the severity of the offense, even more severe consequences, such as loss of licensing.
Also, an individual whose information has been compromised due to noncompliance has legal ground to sue or take other legal action against your medical facility.
The stakes are extremely high, and not being aware of what you needed to do to be compliant is never a legitimate excuse or way to avoid these consequences.
What Is Document Destruction, and How Does It Help with HIPAA Compliance?
Document shredding is the process by which every piece of paper or document that contains any identifying information about a patient (whether that means name, medical history, address, and so on) is destroyed in such a way that no unauthorized person can then use that information for any purpose.
This process is an integral part of HIPAA compliance, and any medical facility that produces these documents needs to comply.
Improper PHI Protocol: What Can’t Medical Facilities Do?
Even if your medical facility has largely moved to electronic documents and the majority of your patients’ PHI is stored online, it’s still very likely you will produce at least some physical documents containing this sensitive information.
Everybody in your medical facility who has contact with these documents should know what is not allowed to do:
- Never throw these documents away in the office wastebins or any external dumpster.
- Never leave these documents out in the office or exposed where they are accessible to the public or any unauthorized person.
- Never forget to lock the cabinets or drawers containing these documents. They should be kept under lock and key at all times.
Why Work with Qualified Waste Management Companies for Your Document Destruction?
A knowledgeable, experienced waste management company will offer this paper shredding service to ensure your HIPAA OSHA compliance, but you must be certain the company is actually both knowledgeable and experienced.
That company should:
- Be entirely familiar with all HIPAA protocol. If they don’t know what HIPAA entails, they can’t confidently ensure your compliance.
- Be knowledgeable about different forms and types of document destruction. For example, there are pulping or pulverizing options, but shredding tends to be the easiest method that still produces effective results.
- Be knowledgeable about their responsibilities as the medical waste management company. For example, anyone who supervises the actual shredding process must also go through a full training.
- Keep your document shredding cost as low as possible. This often entails transporting these documents from your facility in order to perform the shredding and disposal.
- Provide the relevant paperwork to you, should you ever be subject to an OSHA audit. This includes an official certificate of destruction after the shredding.
Remember, as the medical facility, you are ultimately responsible for these documents and ensuring your total compliance and patient protection. Even if you work with a third party, the responsibility and liability still fall back on you, the medical facility. Therefore, do your due diligence when selecting this company. Be confident in their industry knowledge and their ability to keep you fully in compliance.
For more information about document shredding and how your medical facility can stay fully compliant, please feel free to contact a representative of MCF Environmental Services, a full-service waste management Atlanta company.