How the Right Shredding Company Can Help with HIPAA Compliance
Our CEO just walked in the door with what he calls, “the bargain of century.” He said Frank’s Office Shed had a massive sale on old stock and he bought six buy-one-get-one-free paper shredders so that we could not only save money, but shred documents immediately upon discarding them. Our medical office staff were a bit horrified.
Fortunately, our CEO is also my husband, and in my role as COO, giving him some insight is standard practice for me. His intentions are admirable, but he doesn’t realize he could have put our practice in serious jeopardy with his purchase. He hasn’t been happy with the shredding company we have been using, so he thought DIY shredding would be an improvement. I told him the solution was to switch to a better shredding company. A local, reputable company with top-notch security that can help us stay compliant with the Health Insurance Portability and Accountability Act (HIPAA). Suddenly, I had his attention.
Trading a shredding company for a shredding machine isn’t going to help with HIPAA compliance or any of these critical considerations:
- Complying with data privacy laws. Your shredding company should be knowledgeable about state and federal laws governing when medical records should be shredded. Records should never be destroyed prematurely, and should never be kept beyond their required lifetime.
- End-of-lifecycle document destruction. HIPAA-compliant shredding requires that documents, hard drives, and other electronic storage media containing Personal Health Information (PHI) be shredded in a way so that the PHI is not only unreadable, but impossible to reconstruct. Your shredding provider should have industrial-strength shredders that are capable of securely shredding paper documents and destroying hard drives and other electronic storage media. A compliant shredding company also has the capability to destroy x-rays and recycle the materials.
- Chain of custody. A good shredding company will help you protect your medical records from the moment you discard them to the time they are destroyed beyond recognition. They will supply locked shred collection containers documents can be dropped into to keep them secure until your next scheduled on-site shredding service appointment.
- Being NAID AAA Certified verifies that the shredding company meets the strictest security and accountability standards in the industry, established by the National Association for Information Destruction (NAID). In order to maintain AAA Certification, the shredding company is subject to surprise audits checking that their employees are background-screened and well trained, that their shredding process and chain of custody keep information secure, that they have adequate insurance coverage, and other key aspects of their operation.
- Your shredding company should always be able to provide a Certificate of Destruction. This formal document provides you with proof that your paper documents, hard drives, and other electronic storage media have been destroyed in compliance with HIPAA.
Partnering with the Right Shredding Company
When you partner with the right shredding company, you get far more than just shredding. Your shredding machine can’t offer you proof of HIPAA compliance, and it will only consume expensive person-hours that should be spent working in your practice. Do your organization a favor and partner with a professional, reputable shredding company.
ShredPro Secure provides HIPAA-compliant, NAID AAA Certified shredding services to healthcare clients in East Tennessee and Southwest Virginia. We can provide you with the peace of mind that the PHI and ePHI your organization is responsible for will be securely destroyed beyond recognition. If you’re looking for help with HIPAA compliance at the end of the information lifecycle, call us at 865-986-5444 or complete the form on this page. One of our friendly experts is standing by to help.