HIPPA and HITECH

Mar 12, 2020 | Uncategorized

KelShred understands how easy it is to forget that shredding paper properly is actually a legal requirement for healthcare businesses. While a lot of personal information breaches happen online or in cyberspace these days, physical documents still pose a security risk for the healthcare industry. Patients and clients can sue providers, and providers can also face other severe criminal penalties if sensitive information is compromised.

There are two major laws governing privacy protection in the United States that may impact your business: HIPPA and HITECH. Here’s how they came to be, and how KelShred can help you stay compliant.

HIPPA

President Clinton signed the Health Insurance Portability Act (HIPAA) into law in 1996. Lawmakers created the policy to help workers moving from one job to the next by making health insurance coverage both more accountable and portable. Privacy standards varied from state to state and institution to institution, and they were further complicated when distinct healthcare organizations attempted to communicate or move these records.

In summary, Personal Healthcare Information (PHI) was finally given the same high-priority safety consideration that patients expected from healthcare providers. KelShred regularly services healthcare businesses required to adhere to HIPPA standards.

HITECH

But what did this mean for administrators with document management strategies? What does it mean for your team today?

Progress towards due privacy did not stop with HIPPA in the healthcare industry. After 2003, one part of the Health Information Technology for Economic and Clinical Health Act (HITECH) confused many healthcare professionals with its wide-reaching language regarding information protection. HITECH requires: “covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information.”

If you gather any sort of health information, the law considers you a “covered entity.” KelShred specializes in assisting covered entities destroy this personal health information. Any other providers or partnering healthcare professionals that get copies of, or access to, PHI have to also destroy their copies.

Specifically, this law on shredding says paper shall be “rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed.”

Shredding Options and Solutions

How can your business meet these requirements?

The Department of Health and Human Services states it is ok to use professional vendor for recurring shredding needs. Onsite shredding provides convenience and immediate piece of mind. From both an efficiency and security standpoint, recurring shredding provides your organization with locked bins, along with other benefits.

KelShred delivers locked bins for the sensitive PHI documents that need to be destroyed. Once paper is deposited, locked bins prevent both document removal and tampering. Driver-technicians from KelShred will then come to your workplace for either on site shredding or offsite shredding.  Onsite shredding is more secure because you can witness the destruction when the truck arrives, and KelShred performs onsite document destruction quickly when you work with us.

You can also see other benefits with our recurring shredding service for 30 days, free of charge. During that time, you’ll experience the time and effort that a professional shredding service can save your organization. Employees will no longer be required have to manually shred one sheet at a time. Your place of work will be clutter free from old documents piling up; furthermore, KelShred recycles all of your shredded paperwork. Your organization will be doing its part to reduce its carbon footprint.

Next, KelShred will provide you with a certificate of destruction (COD) to show your organization’s shredding procedure meets HITECH compliance. CODs provide evidence that your business took all required steps to properly destroy PHI. Employees manually shredding sensitive information do not provide CODs, and they would have to record every document destroyed in a supervised log to equal a COD. This becomes another time-consuming procedure. 

Does your organization have an efficient, reliable, HIPAA compliant recurring shredding strategy? Contact KelShred for a free facility review to

Source Notes: https://www.hhs.gov/hipaa/for-professionals/faq/575/what-does-hipaa-require-of-covered-entities-when-they-dispose-information/index.html