IntelliShred is your NAID-certified vendor, ready to destroy medical records to protect your business and to give you and your patients peace of mind. If your work involves medical records, it’s essential to understand why, when, and how to destroy it securely.
Here’s our guide to medical records destruction to help you make the best, informed decisions for your organization and your patients’ needs.
Why Must Medical Records Be Destroyed Securely?
The destruction of medical records is mandated by the Health Insurance Portability and Accountability Act (HIPAA). Part of its reason for being is to protect access to health data and to ensure its integrity and confidentiality. This critical act was enacted in 1996 and if your business involves medical records, it must comply. It’s your business’s responsibility to keep medical records secure, but that doesn’t mean you have to do so alone.
Businesses such as IntelliShred are specialists in destroying sensitive data, so that you can rest assured that you comply with legislation. Ensuring the secure destruction of medical records will help you avoid fines, as well as ensuring that that your business, clients, and patients are safe.
What Constitutes Protected Health Information?
HIPAA states that protected health information (PHI) must be secure and disposed of securely. It’s worth examining your records or consulting with a professional data destruction firm, because the HIPAA considers many elements as sensitive information that must be protected.
PHI includes patient histories regarding surgery, immunization, and family history, as well as data about physical examinations that have taken place. PHI also means orders and prescriptions, allergies, and growth charts or other developmental history.
Within these records and elsewhere, you may also have such details as fax and phone numbers, email addresses, URLs, IP addresses, and device serial numbers that can identify people. Other identifying data include social security numbers, certificate or license numbers, account numbers, and vehicle identifiers. Photos, geographic data, and dates, and many more elements also make up PHI.
This is why it’s critical to have medical information destroyed securely. If there is any chance that data or physical copies can be retrieved and pieced back together, this puts your organization and your patients at risk.
When Should I Destroy Medical Documents?
While some medical records, such as patients’ birth certificates or a register of surgical procedures need to be kept permanently, others can be destroyed after a recommended delay. Diagnostic images should be kept for five years. Patient health records should be stored for ten years after its last use. A physician index or disease index ought to be kept for ten years. Get in touch with our specialist team to learn more about when you should destroy PHI.
If the files have not passed their retention times, it might still be time to destroy records if a) the organization is transitioning from paper records to a paperless or electronic health records (EHR) system or b) the medical records contain administrative errors requiring new records to be created.
Whatever the case, old medical records should not be disposed of haphazardly. Even if they contain errors, they still constitute PHI as described by HIPAA and must be destroyed securely.
How to Destroy Medical Records Securely
While HIPAA states that organizations must dispose of their old medical records securely, it’s up to those organizations how they achieve this. Medical documents must be shredded or destroyed electronically.
IntelliShred destroys medical records using one of two 100% effective methods to suit you and your needs.
- Mobile Shredding:our trucks come out to your location, destroying medical records while you watch. We provide certificates of destruction that detail project specifics.
- Off-Site Shredding:trucks will come out to your location and pick up medical records. These are stored in locked bins and taken to an off-site facility for destruction.
The destruction of old medical records is a legal requirement, but it doesn’t have to be a worry. Our courteous, industry-certified staff is knowledgable and will take care of your medical records and your compliance with HIPAA regarding destroying old medical records.
We make it easy for you to protect your organization and your patients. Contact us today to learn more.