The HHS says shredding, burning, pulping, and pulverizing are the only way these records should be destroyed.
Did you hear about the Texas hospital fined for their PHI-filled microfiche found in a park dumpster? What about Eureka Internal Medicine’s janitorial service that mixed recycled papers containing PHI with the regular trash?
Or the four pathology groups in Massachusetts forced to pay $140,000 because their business associate abandoned thousands of medical records at the dump?
Making sure PHI is correctly disposed seems like a no brainer, but I wouldn’t be blogging about it if it weren’t a serious issue.
Paper or other physical copies of PHI should NEVER be thrown away in a dumpster, recycle bin, or office trashcan. The HHS says shredding, burning, pulping, and pulverizing are the only way these records should be destroyed.
What about labeled prescription bottles? Do you use a business associate to dispose of waste? The HHS says you should keep the bottles in opaque bags until a business associate picks them up to destroy them. If you don’t have a business associate, then individually ripping off the labels and shredding them works too.
For electronic media containing PHI (like an old hard drive or backup tape), the HHS recommends using software or hardware products to overwrite media with non-sensitive data, exposing the media to a strong magnet, or physically destroying the media (disintegration, pulverization, melting, incinerating, or shredding).
Hard drives make excellent target practice!
See also: How to stay off the HHS naughty list
.svg)
