Healthcare providers in New Jersey and Pennsylvania holding patient-related information are legally bound to maintain the privacy of those they serve. It is also a sign of respect. No one would want their medical chart available to anyone looking inside a dumpster. TITAN Mobile Shredding can destroy unwanted and unneeded medical records, so the hassle of storing them and the possibility of leaked information is no longer a concern.
Legal Requirements to Keep Information Secure
The federal Health Insurance Portability and Accountability Act (HIPAA) creates guidelines for protecting Protected Health Information (PHI) in the HIPAA Privacy Rule. PHI is individually identifiable health information transmitted or maintained by electronic media or in any other form or medium (such as on paper) held or transmitted by a covered entity or its business associate.
Individually identifiable health information is information relating to:
- A person’s past, present or future physical or mental health or condition
- The provision of health care to the individual, or
- The past, present, or future payment for providing health care to the individual
The information also identifies the person explicitly, or there’s a reasonable basis to believe the information can be used to find the person’s name. This may include addresses, birth dates, and Social Security numbers.
A “covered entity” subject to HIPAA includes hospitals, doctors, pharmacies, health plans, medical billing companies, and any other business entity involved in the healthcare industry with this information must comply with this law.
Information Must be Kept Under Control
Under HIPAA’s Privacy Rule, a covered entity can’t use or disclose protected health information, except either as the rule permits or requires or as the individual who is the subject of the information (or their personal representative) allows in writing. Shredding or destroying information is a safeguard against unauthorized disclosure of records that are no longer useful or required.
Any organization handling medical information should have policies and procedures for destroying records and confidential documents. A destruction program should document how you comply with your policies and include the creation of an audit trail and a destruction schedule. Utilizing a NAID AAA-certified company such as TITAN Mobile Shredding makes compliance easy.
Medical Records Must be Kept for a Time But Eventually Securely Destroyed
Pennsylvania and New Jersey laws differ on how long medical records should be retained. It is seven years for all healthcare providers in Pennsylvania. In New Jersey, for doctors, it is seven years from the date of the most recent entry. For hospitals, it is ten years following the most recent discharge for adults, for minors it is ten years following the most recent discharge or until the patient is 23 years old (whichever is longer). All discharge summary sheets must be kept for 20 years after discharge.
Covered entities can’t abandon PHI or dispose of it in a way that makes it accessible to the public or someone unauthorized to access it. HIPAA doesn’t require specific disposal methods, but covered entities must look at their situation and decide what is reasonable to protect PHI through disposal, and come up with and implement policies and procedures to carry out those steps.
The federal Department of Health and Human Services (HHS) makes these suggestions on the secure disposal of PHI:
- Shredding or pulverizing paper records so the PHI is unreadable, indecipherable, and can’t be reconstructed
- Maintaining labeled prescription bottles and other PHI in opaque bags in a secure area and using a disposal vendor to pick up and shred or destroy the PHI
- Destroying electronic media through disintegration, pulverizing, or shredding
If you are found to violate the privacy rule, you risk HHS fining you $100 to $50,000 (potentially more) with a cap of $1.5 million annually.
Prevent Possible HIPAA Problems and Get Peace of Mind by Using TITAN Mobile Shredding
Many of our clients shred medical records and information kept on paper documents, media, and computer hard drives. As a NAID AAA-certified company, TITAN Mobile Shredding’s focus isn’t on destruction, it’s on creating peace of mind for our customers. That includes the knowledge that outdated medical information no longer poses a threat of accidental release.
If you have any questions about how we can shred medical records that you want to be destroyed, please call us at (866) 848-2699. We can discuss your needs and how we can meet them. We can come to your location when it is convenient and set up a regular schedule to keep your company clear of any material you want out of the way.