Healthcare facilities that possess patient medical records have a legal duty to secure and destroy these records. HIPAA regulates guidelines about how and when to destroy patient medical files. Documentation that needs to be destroyed includes patient medical charts and any medical reports that include confidential patient health information.
Shredding Your Paper Records
HIPAA requires paper files are shredded, pulverized, or burned. These methods ensure your patients’ records can’t be reconstructed or readable. This destruction is to protect the patients’ confidentiality.
Medical records are kept for at least six years from creation or last use. Some states have their own data retention laws. For those states whose laws are shorter than HIPAA’s, the HIPAA guidelines prevail. For states whose laws are longer than HIPAA’s, the state guidelines prevail.
Destroying Online Records
In a virtual era, more patient records are being saved online. This makes them more susceptible to hacks and breaches, which is why proper destruction is imperative.
HIPAA recommends overwriting record files or destroying the computer’s hard drive. Data should also be encrypted to add an extra layer of protection. If your encrypted data is stolen, the hackers will also need to steal the encryption key to read your encrypted data.
MedPro Disposal’s Data and Document Shredding Services
At MedPro Disposal, we offer data and document destruction services. We ensure all destruction is carried out properly and we meet HIPAA guidelines for both paper and electronic data destruction. After destruction, we provide our customers with a certificate of confirmation that their data was destroyed.
HIPAA and federal laws mandate proper data destruction. Violation can result in penalties, including fines, revocation of licenses, the closing of practices, and even jail time.
Written by: Grace Alley