HIPAA, the Health Insurance Portability and Accountability Act, was signed into law in 1996. It was created to help safeguard confidential information, stored within companies, from getting into the wrong hands. There are always updates to these important regulations and it’s necessary for companies to understand what changes have been made in order to continue to protect themselves against theft.
In order to maintain HIPAA compliance, companies that store protected health information (PHI) must have a process in place to cover the security of that information. More specifically, covered entities (individuals or businesses that provide treatment, payment, and healthcare operations) and business associates (anyone who has access to confidential patient information) must meet HIPAA compliance.
In the past, there have been some major HIPAA updates since it was signed into law, but as of 2019, there are issues that must be reviewed and changed. HIPAA updates are handled by the Department of Health and Human Services (HHS) will usually seek feedback on aspects of HIPAA regulations which are problematic or, due to changes in technologies or practices, are no longer important.
When the HHS has considered the issues at hand, they submit a notice of proposed rulemaking followed by a comment period. The comments are collected from healthcare industry stakeholders and must be considered before a final rule change occurs. HIPAA-covered businesses are given a grace period to make the necessary changes and become compliant, before the regulation updates are enforceable.
HIPAA laws were followed by something called the Health Information Technology for Economic and Clinical Health (HITECH) Act. This Act specifically addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
As we are in the midst of a digital age, and most health care providers and other entities dealing with PHI have moved to computerized operations. While digital records are more effective, efficient and more flexibility, they also drastically increase the security risks facing healthcare data.
The Security Rule is in place to protect the privacy of individuals’ health information, while at the same time allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. The Security Rule allows a covered entity to implement policies, procedures, and technologies that are suited to the entity’s size, organizational structure, and risks to patients’ and consumers’ e-PHI.
Implementing HIPAA updates places a significant burden on covered entities and considerable time and effort was required to introduce new policies and procedures to ensure continued compliance.
There have been some issues with HIPAA due to advances in technology and significant changes in working practices. The government has issued HIPAA guidelines to clear up any misunderstandings with HIPAA compliance requirements.
Whatever volume of shredded material your business generates, an experienced professional shredding service will set a schedule to collect and shred it onsite at your premises. Documents should be shredded in accordance with NAID AAA standards and a Certificate of Destruction will verify the process has been completed correctly.
IntelliShred has had years of success with handling professional shredding for a variety of businesses. We are able to provide you with efficient and secure shredding services for paper and even digital media storage devices. Contact us today for answers to all of your shredding questions