Skip navigation

HIPAA - Health Insurance Portability and Accountability Act

healthcare shreddersProtecting data and information in Medical Facilities is more critical today than at any time in history. Privacy laws like HIPAA, increased threats of identity theft, more stringent enforcement and increased exposure to liability leave no room for error. Security Engineered Machinery is the world's leading authority  on techniques, procedures and equipment for destruction of sensitive data in Medical Facilities regardless of its form. From paper to x-rays, to optical and magnetic media, flash drives, thumb drives, presciption pads, even all of its forms from paper to computer hard drive and everything else.

 

GUIDELINES FOR PAPER SHREDDING AND INFORMATION DESTRUCTION IN HEALTHCARE FACILITIES AND DOCTOR'S OFFICES


As healthcare organizations endeavor to comply with privacy and security standards mandated by the Health Insurance Portability and Accountability Act (HIPAA), there is growing interest in effective and efficient ways to manage protected medical records - and how to destroy them once they become obsolete.

Neither HIPAA's privacy standards for paper documents nor its security standards for electronic records dictate specific means of compliance. However, the preamble to Section 164.530 does cite a few examples of appropriate safeguards, such as locking file cabinets that contain protected documents and shredding such documents prior to disposal. For electronic media, Section 164.310 ("Physical safeguards") requires covered entities to address the "final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored" and to implement procedures for "removal of electronic protected health information from electronic media before the media are made available for re-use."

Each group's appointed privacy official must decide which procedures and equipment will best prevent unauthorized, unnecessary and inadvertent disclosure of protected information. For storage, this means locked office doors and cabinets, computer firewalls and passwords, etc. For disposal, it means destroying records. No one should be able to dig trashed records out of the dumpster and misuse them. Discarded medical information often is still confidential.

 

Destruction equipment abounds The market offers a variety of record destruction equipment. Paper shredders come in all sizes, speeds, horsepowers and capacities, but there are three basic choices:

  • Personal - Deskside shredders, available on casters for portability, can shred roughly six to 20 sheets at a time. This is convenient for offices with relatively few documents to destroy.
  • Departmental - Larger facilities with more documents to dispose of may install shredders that can handle 20-50 sheets at a time.
  • Centralized - A heavy-duty shredder can handle up to 400 sheets at a time and destroy bound reports and thick stacks of paper

 

paper shredder comparison

Whatever shredder models your practice selects, you will need protocols for managing shredded waste. Some companies offer regular pickup, transporting the trash to landfills or recycling facilities.

 

Also on the market are powerful disintegrators that use rotary-knife systems to reduce high volumes of books, binders, paper bundles and other bulk materials to tiny particles. Depending on the model, these machines even pulverize CDs, DVDs, floppy discs, microfilm, credit cards, ID badges, tape cassettes and circuit boards, slicing them into indecipherable fragments at the rate of up to two tons per hour. Other machines, designed specifically for optical media, can completely remove databearing surfaces from CDs and DVDs. Because they leave inner disc hubs intact, the hubs serve as proof of destruction, eliminating the need for detailed logs and witnesses where certification of destruction is required.

 

Old computers can tell tales Security may become an issue when a practice donates old computers to a school or some other organization. Most people don't know that when a digital file is "deleted," the information actually remains on the computer's hard drive or a formatted diskette, as do deleted e-mail messages and records of online activity. This information is recoverable with sophisticated tools. Disk-wiping software can prevent unauthorized recovery by overwriting entire drives/disks - or particular sections of them -before these magnetic media are discarded or reused. Overwritten areas should be unreadable, but look for a software brand that meets or exceeds the Department of Defense standard for permanent erasure of digital information. When you require absolute certainty in erasing magnetic media, certain degaussers remove all recorded information in a single pass, allowing hard drives, diskettes, audio and video tapes, and four- and eight-millimeter data cartridges to be reused many times with no interference from previous use. Hand-held degaussing wands erase both floppy and hard computer disks. For both electronic and paper records, the variety of equipment on the market today enables a medical practice to tailor record-disposal to its particular needs.