Today, let’s do some trash talkin’ – and take a look at the HIPAA compliant
way to dispose of papers that contain Protected Health Information (PHI).
Even if much of your PHI is now in digital form
(ePHI) and your office is well on its way to becoming paperless, chances are
you still need a shredder every now and then. Whether it’s a stack of old color-coded
files that have been recently scanned or last week’s patient sign-in sheets, HIPAA
requires that PHI on paper be safely disposed when it’s no longer needed.
Paper records containing PHI should never be tossed
in the dumpster with your staff’s yogurt cartons or toted to the recycling bin
with last month’s issues of People
magazine. The safest and easiest way to destroy PHI is to shred it.
For HIPAA compliance, all paper shredders are not created equal.
Some healthcare offices opt for shredding services
– businesses that do the shredding for you. While these save time and effort, they
can also be costly and, in some cases, not completely secure. More and more, independent practices are
finding that having a quality business-grade shredder on site is a better way
to go in terms of cost, convenience, and the security of patient information.
What kind of shredder? Count on a cross-cut shredder to best fulfill HIPAA’s requirements
for the safe disposal of PHI. These little workhorses turn paper into “confetti”
that’s impossible to piece back together. They offer a higher level of security than
strip-cut shredders, whose ribbon-like strips can be re-assembled by a
determined crook with the patience of a saint.
So if you’re in the market for a shredder, I
recommend a cross-cut model, not only for the security it provides, but also
for the confetti that could come in handy in the future — like when you
celebrate passing your HIPAA audit.
(Photo courtesy of Muffet)