The Health Insurance Portability and Accountability Act – HIPPA – is a law designed to safeguard patients’ privacy. All “individually identifiable health information” is protected, whether it is in paper or digital format. HIPPA strictly limits disclosure of health records and requires providers to inform patients when and with whom information is shared (e.g. insurance companies, specialists, etc.). Healthcare organizations, clearinghouses, pharmacies, and plans must comply – at the risk of stiff fines (and, for willful violations, potential jail time).
As a professional in the healthcare field, it is incumbent on you to comply with HIPPA regulations. Part of this is ensuring records are properly disposed of. The law requires that documents be destroyed so that there is no possibility for reconstruction or recreation, and it outlines acceptable disposal methods.
For example, appropriate methods for destroying paper records include shredding, pulping, pulverizing, and burning. Appropriate methods of disposing of computer data and hard drives include overwriting data or reformatting the disk and destroying all of its contents. Media is not considered completely destroyed until the backup are also overwritten.
When a covered entity (i.e. organization or individual who must comply with HIPPA) outsources to a service to destroy records, they must specify the following in the contract:
- Method of disposal or destruction. It must comply with methods outlined in the law.
- The time between the acquisition of the data and its destruction.
- Which safeguards are taken against confidentiality breaches.
- Proof of destruction. Your service should provide a Certificate of Destruction. A proper chain of custody is maintained throughout every step of the process, ensuring that there is no potential for breaches.
Patients deserve the utmost privacy; safeguard their confidentiality with credentialed, experienced information security specialists.