Table of Contents
Among the wide category of wastes, the topic of medical waste is one that has surfaced a lot in the past year. With healthcare facilities such as hospitals running at an almost-full if not full capacity, it is no wonder that there has been a sharp increase in the number of medical wastes that are being disposed of.
Medical wastes can roughly be described as any kind of waste that comes from healthcare facilities. However, the category could be further classified into subcategories. The World Health Organization identifies eight types of healthcare wastes.
These wastes often come from facilities such as healthcare facilities, laboratories and research centers, mortuaries, blood banks and collection services, and nursing homes.
The types of wastes listed above pose risks to the environment and the human body. For instance, exposure to cytotoxic, chemical, or radioactive wastes can cause permanent damage to one’s body such as chemical burns and other forms of irritations across the body. These risks depend on the level of exposure as well.
One of the most cited risks of medical waste is probably sharps-related injuries. According to OSHA, with the amount of sharps administered and dealt with by healthcare workers on a daily basis, there is a relatively high risk of exposure to it. These sharps may carry bloodborne pathogens that contain diseases such as:
From 2010 alone, the World Health Organization recorded about 33,800 new HIV infections that stemmed from sharps-related injuries. The statistics for Hepatitis B and C does not fare well either as the former reached about 1.7 million and the latter about 315,000. Take note that this is only considering infections that are sourced from sharps injuries.
About 16 billion injections are administered on a daily basis and the only real protection that healthcare workers and facilities have is proper medical waste management.
Proper medical waste management covers how you handle, transport, and dispose of medical wastes. OSHA and the FDA have several regulations regarding how these types of wastes can be dealt with. Important protocols considering medical waste disposal by these regulations include:
This refers to the color-coding of waste bags as well as how sharps are stored in sharps disposal containers.
Recommended universal color-coding marks highly infectious wastes as yellow. Radioactive wastes typically vary per country and regulating body, but these bags are supposed to be marked with the universally recognized radioactive symbol. Meanwhile, hazardous medical waste is either red or yellow. In the United States, the officially sanctioned color for hazardous medical waste is red.
According to the recommendation of the World Health Organization, sharps must all be collected together and stored in a leak-proof and puncture-proof container. In the absence of sanctioned sharps disposal containers, individuals can use sturdy or high-density plastic containers.
The World Health Organization outlines that transportation equipment must be disinfected on a daily basis with sanctioned disinfectants. Furthermore, the vehicle that is to be used to transport medical waste should have no other function but to transport medical waste.
To prevent mishandling and injuries, healthcare workers that are transporting medical wastes from hospitals to disposal facilities must be OSHA-trained.
Incineration used to be the most popular way to get rid of medical wastes. However, environmental protection gave birth to alternatives such as thermal and chemical treatment, autoclaving, and other methods of removing infectious agents from medical waste. These procedures often deactivate the harmful properties in various kinds of medical waste.
However, there are wastes that require destruction due to their incredibly dangerous properties. One of the examples would be chemotherapy wastes which are often incinerated.
The word hazardous waste has been thrown around a lot when it comes to the topic of waste management. In its most straightforward sense, a lot of waste can be virtually considered hazardous – when they carry properties that could harm people. However, hazardous wastes have a particular standard and criteria to be considered hazardous which is often relevant when it comes to matters like waste segregation.
Practically, hazardous wastes could be officially recognized as hazardous if they meet the criteria to be classified as hazardous wastes. Wastes that are listed as hazardous usually come from:
These wastes are often regulated by the Resource Conservation and Recovery Act or the RCRA. However, wastes that are hazardous and also radioactive is called a mixed waste. Mixed wastes are regulated by both the RCRA and the Atomic Energy Act.
There are two types of categories that are used to classify waste. These would be listed wastes and characteristic wastes. Basically, a waste could be considered hazardous if it belongs to the listed waste category or if it carries one of the characteristics in the characteristics waste category.
There are subcategories that exist under Listed Wastes. These are the F, K, P, and U lists.
Meanwhile, the K list refers to sources that are specific towards fitting into one of the categories in order to be classified as hazardous. These industries include industries that operate in categories such as:
Though healthcare facilities, nursing homes, and research facilities are the top generators of sharps, there are several households that utilize sharps on a regular basis. Family members with diabetes who need to inject insulin, or just require medication that must be administered through syringes or needles often generate medical waste through sharps.
In these cases, there is a likelihood that households might be less cautious than healthcare facilities when it comes to disposing of sharps. The cycle of medical waste disposal is not something that is embedded in traditional household cultures. However, literacy regarding the proper disposal of sharps is still a factor that contributes to the overall safety from the hazards that medical sharps pose.
Hence, these are the guidelines for the disposal of sharps to make your household and environment much safer!
All medical sharps must be stored in a sanctioned sharps container. These are usually sold online, in hospitals, and pharmacies. However, if a sanctioned sharps container is not available; the recommendation is to store them in heavy-duty plastic containers. The point is to ensure that they are stored in containers that are leak-proof, puncture-resistance, and inaccessible to animals and young children. It is important that these containers are not re-used, or filled past ¾ of its storage capacity.
Some of the recommended things to do for proper sharps disposal are:
Before doing these, households must ensure to not recap, bend or break, clip their needles without a clipper prior to disposal as this increases the risk of injury and exposure. Furthermore, households must avoid disposing of these needles in any other way. Throwing them into regular waste or recycle bins, flushing them down the toilet is not only discouraged but prohibited as well.
Having a safe storage is only half the battle when it comes to sharps disposal. The other half involves how it could safely get to medical waste management facilities to be appropriately rendered safe. Fortunately, there are several ways to access sharps disposal even though a household is not a large medical facility.
There are a lot of companies out there that you can find by googling ‘sharps disposal near me’. However, location is just one consideration when picking which company’s service you would like to engage with. It is important to consider how safe these companies’ procedures are as medical waste disposal is a high-risk business.
One of the few considerations would be their compliance to:
The most basic aspect of waste management is segregation. Commonly and universally recognized categories are the segregation of regular waste through paper, glass, and plastic. In other variants of segregation, there are biodegradable bins, recyclable bins, and others. These are to safely dispose of waste and make the process of recycling a lot easier for various societies. Though this added process regarding waste disposal can be an adjustment, and at time, cost-heavy, the long-term benefits of proper waste management is undeniable.
It is not only eco-friendly when it comes to sterilizing and reintroducing recyclable wastes back to society, but a lot of harms can be prevented from segregation. In fact, segregation is one of the most important processes when it comes to dealing with hazardous waste management.
Color-coding is the first step towards a good system of waste disposal. Different types of waste carry different types of hazards that must be addressed separately and appropriately. Hence, color-coding properly separates these types of wastes in such a way that they can be handled easily.
Other colors that one might encounter in healthcare-related settings are:
Often, waste disposal and healthcare facilities require the efficient process of transporting and disposing waste. Having to handpick everything and segregate things separately is not only time consuming, but it is also dangerous. Just imagine the hazards of picking up a blue-colored bin only to realize that it contains infectious wastes? This spells danger for a lot of people involved.
Moreover, these colors indicate how these sets of wastes are to be processed in the facilities. For instance, trace chemo wastes that are typically stored in yellow bags or bins must be completely incinerated. There is no other way to render these items harmless. Whereas other wastes can simple be sterilized through autoclaving or disposed of through a different manner.
It’s almost certain that the word biohazard has gained popularity from mass media. The biohazard symbol seems to have simultaneously amassed recognition from zombie and disease-premised films like Resident Evil. However, the biohazard concept and symbol is something that is very real. You may even encounter it on a daily basis if you belong to work environments that interact with healthcare wastes.
That is because biohazard simply refers to biological materials that may be harmful to animals, individuals, and other living things. These are products that are highly likely to be contaminated with either bloodborne pathogens or other potentially infectious materials.
Though there are four broad categories of biohazardous wastes, which are: solid, liquid, sharp, and pathological biohazardous waste; specifications are important to clarify which items are ones to be avoided. Some of the notable examples to clarify what exactly a biohazard waste is:
There are four classifications that are used to escalate how harmful a particular biohazard waste is. There are four levels to biohazard wastes:
Healthcare waste is often generally defined as any kind of waste that is generated from healthcare facilities. Several regulatory bodies such as the Environmental Protection Agency and the World Health Organization even simplifies this idea by identifying them as “any healthcare waste that might be contaminated by blood, body fluids, or other potentially infectious materials.”
While this unpacks the idea of “medical waste” pretty well, medical wastes are further categorized into different sections. The categories that have been identified by the World Health Organization are:
For a lot of people, these can be a lot to remember, especially that some of these categories share attributes. Individuals or households who do not encounter the various types of waste mentioned above. Even then, this needs to be balanced with the reason as to why there are those categories of waste anyway. Given that these wastes differ in terms of how they are grouped and disposed, as well as how they are either sterilized or destroyed. Hence, while it is important to differentiate each category of waste, you would need to start somewhere.
This list will explore four of the most important and broad categories of medical waste, what they are, and how they are handled and disposed of in the context of the United States.
What are examples of major types of wastes?
General wastes are non-hazardous hospital wastes and comprise about 75% of the total healthcare waste generated in the entire world. These wastes do not pose any hazards of a biological, physical, radioactive, or chemical nature. Most general hospital wastes go to landfills similar to ordinary wastes. Through these, some of these wastes could be recycled.
Wastes that could spread infection to the body are considered as infectious wastes. Because hospitals are hotspots for disease, it is probably a given that a portion of the wastes generated would be from patients with communicable diseases. These refer to the simplest things found in the hospital such as masks, cotton swabs, and other items that have been contaminated by blood, bodily fluid, or other potentially infectious materials.
These can be found virtually anywhere, and there is a possibility that general healthcare wastes could have been contaminated by infectious elements. Hence, it is very important to stay aware of where the wastes come from and tiny details that may indicate that a waste is infected.
Hazardous wastes are not dangerous in the way that infectious waste and radioactive wastes are, however, they are injurious. Primarily composed of discarded equipment and sharps, hazardous waste can cause physical harm to individuals.
In fact, one of the leading risks associated with healthcare waste are sharps-related injuries. OSHA cites a statistic from the Centers for Disease Control and Prevention that points towards 385,000 sharps injuries happening annually to healthcare workers. Being injured alone or abraded from hazardous waste is already alarming in itself. However, open wounds could increase the risk for bacteria and infection to enter the body.
Attached to sharps-related injuries are numerous cases of Hepatitis B/C infections or HIV. Hazardous wastes such as medical sharps have dedicated sharps containers that are officially sanctioned for safe disposal.
Generally speaking, these are materials that are in itself radioactive or materials that are contaminated with radioactivity. There are three classifications for radioactive wastes which determine the risks associated with them. These are:
In our daily lives, waste and its management tend to become an afterthought. Once you consume a certain product, the focus is so often on the consumption of the product rather than the disposal of non-essential parts of it: such as wrappers, plastics, boxes, and even things such as syringes.
However, waste management is crucial to the ecosystem of life. As much as creation and consumption fulfills our needs, the decomposition and disposal of objects ensures that the environment and our bodies are safe.
Attached to waste management are environmental and health consequences that will make or break the world around us. Every year, the environmental condition is worsening and a huge part of it is associated with how we deal with wastes around us. Some of the problems associated to ineffective waste management are:
|Pollution||The contamination of the air, water, and soil has been one of the primary problems associated with improper waste disposal. Wastes containing heavy metals, nitrates, and other harmful chemicals can seep into waterways, soil, or get released into the air. This can spell death for aquatic and land life as they become exposed to toxic elements.|
|Extreme Weather||Greenhouse gases are released into the environment through two waste-related processes. First, is through decomposing wastes; and second, is through the mindless incineration of wastes. Without effective alternatives to incineration, this process can cause things such as acid rain, hailstorms, or contribute to global warming.|
|Health Damages||One of the most prominent human damage associated with waste management are the toxic elements released into the air by landfills. Commonly, these are reported to have caused:
These toxic elements can also cause pests such as rats to carry over disease towards humans and more.
Furthermore, stray hazardous wastes can potentially injure people and introduce dangerous pathogens into the body.
As the name suggests, liquid wastes are wastes that create liquid residue that are harmful for humans and nature. These wastes do not necessarily have to be fluid, as liquid wastes can carry sludgy or solid-like properties. These are your usual inks, dyes, pesticides, and harmful substances that are often found in septic tanks, wash waters, waters that are oily, etc. Often, these types of waste come from laboratories or even simple facilities that require cleaning such as houses or restaurants.
The real risk when it comes to liquid wastes are chemical wastes. Some of these include:
Dealing with harmful substances in liquid wastes often requires professional work as the cleaning of oily surfaces and waters can go awry and harmful so fast!
According to the official definition of Resource Conservation and Recovery Act, solid wastes are garbage or sludge that originate from:
These are often materials that land on these facilities that primarily come from industrial facilities that generate tons and tons of waste. The properties of solid wastes are not very far from liquid wastes as they can be semi-solid, liquid, or sometimes even gaseous, solid wastes contain solid portions of garbage. The main difference lies too in how these wastes are stored. Solid wastes can be stored in bulk through stacking. Often, this process is observed in landfills. Whereas liquid wastes are stored in tanks, drums, or other appropriate containers.
Recycling is probably the most cost-efficient and environmentally friendly method of dealing with wastes. Sometimes, certain non-biodegradable wastes can be turned into new types of materials that prove to be useful for the world. Some of the benefits of recyclable waste are reducing:
Through the process of recycling, materials can be turned into useful products such as:
These are also known as biodegradable wastes, which are wastes that can decompose over a reasonable period of time. Often, these come from:
Organic wastes, if not disposed of immediately to facilities, are sometimes used for compost to enrich soil.
There are numerous benefits associated with a proper management of medical waste. Consequently, there are also many risks associated with the improper handling of these as well. Medical waste typically refers to wastes that are generated by healthcare facilities such as:
The sound of these facilities already ring bells of hazard to most ears, right? That is correct, more often than not, these facilities will generate potentially harmful wastes that can cause various damages to the environment and the human body. The immediate thought when thinking about the risks associated with healthcare waste is infection. While this is true, there are definitely more hazards to the improper disposal of medical waste than what meets the eye.
|Sharps-related injuries||About 5.6 million healthcare workers are exposed to sharps on a daily basis and run the risk of being abraised or injured by these sharps. In fact, the statistics for sharps-related injuries that do happen is at 385,000 injuries annually.
Apart from the pain of having to deal with an injury, some sharps carry the potential to transfer bloodborne pathogens. The most common infections related to this type of injury are:
|Toxic exposure||Exposure to cytotoxic drugs, heavy metals such as mercury, or corrosive and flammable substances can cause permanent damages to the human body. These can cause:
|Infections||Pathological and infectious wastes carry disease-causing viruses and bacteria, and are very common in hospital settings. Wastes such as face masks, cotton swabs, and generally objects contaminated by blood or other potentially infectious materials carry the possibility of transferring the pathogens in these objects to the one who is being exposed.|
|Soil, water, and air contamination||If improperly processed or thrown into regular landfills, some toxic liquid waste can seep into the soil and waterways – therefore contaminating drinking, surface, and ground waters. This can potentially harm the cleanliness of the water that we drink, as well as the ground from which trees grow from.|
|Antibiotic resistance||Through the inappropriate flushing of pharmaceutical wastes such as antibiotics, antibiotic resistance across aquatic life can be reinforced. Which generally lowers the effectiveness of antibiotics against diseases and infection.|
|Air pollution||Sometimes, the lack of alternatives when it comes to treating medical wastes resort to waste disposal facilities just using incineration. This can release greenhouse gases as well as chemical substances that are highly pollutive to the environment. In some cases, inhalation of such can cause major complications to the lifeform surrounding said disposal facility.
Moreover, the ash residue from incineration has been proven to cause adverse health effects as these residues are carcinogens that can cause cancer.
Given these, it is not only adequate for individuals to dispose of their waste but to do so properly. Proper disposal, transportation, and treatment is highly crucial when it comes to medical waste as they carry hazardous implications.
Usually, in these cases, there are two important things to consider.
As previously mentioned, incineration was the normative way of dealing with medical wastes in the past. But because of air pollution and the environmental destruction it causes, alternatives were employed to either sterilize or deactivate harmful agents from these wastes.
Some of these methods are:
Proper sharps container disposal is one of the most important etiquettes around waste disposal. Every year, OSHA recorded that there are at least 385,000 injuries that result in either mere injury or the introduction of bloodborne pathogens that causes diseases such as HIV, Hepatitis, or Malaria. These are often sharps found lying around landfills, garbage bags, and random locations due to illiteracy regarding sharps disposal. Because of this, there is currently a strong emphasis by OSHA and the FDA to use safe and authorized containers disposing of sharps, as well as safe methods to do so.
Firstly, prior to everything, the manner surrounding the disposal of sharps towards containers must be considered.
|Manner of throwing sharps (e.g., needles, syringes, etc.)||Dos||Don’ts|
|Use an FDA-approved sharps container||✓|
|Keeping needles out of reach from pets and children||✓|
|Try to remove needles from the clipper||✓|
|Tamper with needles that have been used by another patient/individual through removing it, bending it, breaking it, or recapping it||✓|
|Flush needles towards the sink or the toilet||✓|
|Put the sharps in the recycling bin||✓|
|Carry portable disposal containers especially when you have a household member that needs it||✓|
|Only fill sharps disposal containers to a third of its capacity||✓|
|Only remove needles through a needle clipper, or use needles with blunting technology||✓|
There are a lot of restrictions and protocols regarding the disposal of sharps, that is because of how frequent the injuries are and how lethal they could become to the human body. Dedicated and authorized sharps containers too, as much as possible, have to be purchased online or from hospitals or pharmacies to ensure that they are safe. With the lack of access to these, regulatory bodies suggest that households use thick plastic containers that are leak-proof and puncture-proof.
The precaution does not stop here. Where these sharps container disposal are sent to is half the battle. If you are new to sharps waste management, then there are a few locations, facilities, or services that you may want to consider as they are usually the ones that accept sharps containers.
Pharmacies are not usually hotspots for taking back the sharps that are sold to customers. That is because these establishments are not legally allowed to take disposal containers from customers or the local citizen. However, it would be wise to ask your local pharmacy if there are available mail-back kits and prepaid mailing labels, as these are usually the most accessible way to mail back sharps if you want to do it through pharmacies. These are called sharps mail-back disposal program and these programs can also be found on the internet.
Though it is accessible to consult nearby healthcare establishments about whether or not they accept sharps containers, it will be rare to find a facility that will accommodate you. Like pharmacies, hospitals often engage with third party medical waste disposal services and therefore pay for transportation and disposal of the wastes that they generate. As it is incredibly taxing for hospitals to shoulder paying for the disposal of sharps containers outside of their own facility, they usually just do not accept them.
One of the common advices too is to seek out fire stations or police departments and while there is a chance that they would take it, it is as similarly slight as healthcare establishments.
Several collection programs and facilities that are associated with HHW often accept sharps containers that come from households. More often than not, the issue with HHW facilities is not that they do not accept sharps containers but whether or not there are programs or facilities near you. A quick google search could usually solve this problem.
There are certain communities that have residential waste pick-up programs that offer the collection of sharps and sharps containers right from your doorstep. Though these are paid services, similar to most of the other services you can find regarding sharps container disposal, residential waste pick-up programs are incredibly efficient and safe. That is because these programs are often run by facilitators and employees that have been trained and certified by the Occupational Safety and Health Administration.
Though it is already a given that the hospital is a place of sanitation despite the fact that it is also a hotspot for disease, the ecosystem of cleaning isn’t as simple as throwing waste away. As it is widely known, hospitals and other healthcare facilities generate special types of wastes known as “medical waste” or “healthcare waste”. These are wastes that might be:
Apart from non-hazardous general wastes, each of these wastes and more are dangerous in their own right. Exposure to them can cause temporary and at times, permanent damages to your body, not just through physical injury but through illness as well. Hence, not only are there existing requirements for the storage and segregation of these types of waste, but there are also various ways in which they are disposed of.
Incineration is and was probably the most prominent way of getting rid of disease-causing wastes. This is almost a given as bacteria, viruses, and harmful substances attached to healthcare wastes are clearly going to die alongside the objects when put under intense fire. What incineration does is that it destroys medical waste by burning it within a controlled environment.
Usually, the process of incineration used to involve merely burning wastes out in the open. However, there are environmentally damaging repercussions attached to waste incineration. Mainly, it releases pollutive gases such as:
These emissions can be massive pollutants that destroy the environment, and since then, the Environmental Protection Agency has drastically limited the use of incineration due to its pollutive effects. More recently, in-site incineration has been more of a thing in order to curb make use of the energy created by this process.
The evolution of incineration can be found in its various methods.
|Burn Pile & Burn Barrel||Although highly discouraged, and in certain places, sanctioned, burn piles are still common in certain communities. It is the process of compiling a mound of trash and burning it in the open air. |
Meanwhile, burn barrels are a little bit similar, but more controlled. It involves placing the waste into a metal barrel with an exhaust, which prevents the all-out spread of emissions during windy seasons. .
|Moving & Fixed Grate||These are typically found in incineration plants for common waste facilities. These involve placing waste on mechanized grates that facilitates combustion of dangerous gases and simultaneously cools itself.|
|Rotary-Kiln||A two-chambered incineration facility that can dispose of most kinds of wastes, operates at high heat, and seamlessly mixes waste.|
|Fluidized Bed||Cheap incineration alternative through a simply designed furnace that can burn various fuels and reduce harmful emissions.|
While it still utilizes heat through a closed-chamber and pressurized system to pre-treat and sterilize waste, autoclaving is dubbed as a safer alternative for several types of waste. This includes a wide range of wastes such as sharps, medical tools and equipment, and blood-contaminated materials such as gowns and bandages. Generally, if it is potentially infectious, it most likely would go through the autoclaving process. These wastes are often identifiable through their “red bag” storage.
However, there are two main types of waste that cannot go through the autoclaving process and must go through an incineration process instead.
These two types of waste cannot be rendered safe through sterilization, as they will still cause the initial harms that they could cause when they are thrown into a landfill.
Other than that, the autoclaving process is much cheaper than incineration and is an environmentally friendly method of reducing the repercussions of medical waste disposal.
One of the most frequent violations of HIPAA protocols comes in the form of proper risk assessment or analysis. In fact, many of surmounting fines that easily reach above a million dollars are related to insufficient risk assessment by covered entities and related organizations.
An example of this is the case that the HHS’ Office of Civil Rights launched against Advocate Health. The settlement cost an overall of $5.5 million as it involved about 4 million patients under the violation of “willful neglect” when it came to dealing with three months’ worth of data breach. From this case alone, it is evident that there is a great emphasis placed on risk assessment when it comes to HIPAA compliance.
The official definition under HIPAA’s Security Rule is that it is an accurate, thorough, and careful assessment and auditing of a company’s safeguards to locate and identify vulnerabilities and risks to the integrity of Electronic Protected Health Information or ePHI. These audits target three specific areas:
|Description & Purpose||Scope|
|Administrative Safeguards||These safeguards often occur at the category and level of administration. This often refers to policies and procedures that are implemented across the company and its offices, how they’re enforced, and how it trains employees.|
According to HHS’ page, these include “the selection, development, and implement, and maintain security measures that exist to protect ePHI and to facilitate the conduct and behavior of the employees of a covered entity”.
|Security Management ProcessThis is a process of identifying and analyzing possible risks, extending towards the implementation of appropriate security measures that mitigate risks and manage vulnerabilities to an appropriate degree.|
Security PersonnelThe administrative safeguards must designate security officials that are accountable towards the formulation and execution of said protocols.
Information Access ManagementThis function makes it so that access to information is limited according to the minimum necessity. Only those who are authorized to view certain ePHI must do so appropriately and conservatively.
Workforce Training and ManagementCompanies or businesses must operationalize protocols by authorizing the supervision of the employees that primarily deal with ePHI. This body shall be responsible for enforcing compliance, including respective sanctions for the violation of ePHI protection protocols.
EvaluationThis is the assessment of how well the company meets the requirements of the security rule.
|Physical Safeguards||Quite literally, these are physical types of protection that are used to guard ePHI, the equipment that contains it, and all that it encompasses. This is primarily in place to restrict and limit access to locations where protected information is stored. Often, these also refer to protocols that are in place to separate and distance ePHI storage from workers.||Facility Access and ControlThis refers to the restriction around facilities, locations, and buildings that hold pertinent patient data. It is advisable for companies to limit those that can access these sites to an extent where it is ultimately necessary. Examples of this are:Locked doorsLabels of restrictionOn-site securityID badgesSurveillance cameras|
Workstation and Device SecurityThere must be security controls in place when it comes to devices that store ePHI. This also covers protections regarding the transfer, removal, disposal, and re-use of electronic media.
|Technical Safeguards||These are safeguards that are meant to electronically protect ePHI through systems that restrict access. While the first two safeguards dealt with externalities when accessing data such as physical security and policies, technical safeguards refer to internal systems that limit access to software and implement accountability metrics.||Access ControlThese refer to executing technical protocols that limit authorization such as:Setting an employee login and passwordDeveloping mechanisms to protect data during power outagesEncryption|
Audit ControlsThese are systems that monitor records and activity regarding the access of ePHI. Audit controls usually survey: Logins and logoutsFile accessAudit trails of disclosures
Integrity ControlsControls that ensure that protected information is not misused, improperly altered, or destroyed. Usually, companies can:Update policies whenever changes happenIdentify measures of safety to confirm ePHI status
Transmission SecurityImplementation of technical security measures that prevents unauthorized access to electronic protected health information that is in the process of transmission over an electronic network.
Risk assessment is critically tied towards how well a covered entity can execute security protocols. As it diagnoses the vulnerabilities, gaps, and possible risks within systems that are holding Protected Health Information (PHI).
Under HIPAA’s Security Rule, covered entities such as healthcare providers, healthcare clearinghouses, and health plans must comply towards a protocol that enforces them to evaluate the existing protections.
The principles of the Security Rule exist to be able to enforce a flexible and reasonable standard of protection towards covered entities. It is born from the understanding that different health care establishments have varying capacities, circumstances, and challenges. Hence, the baseline compliance required by HIPAA are standards rather than direct requirements.
A covered entity will be compliant if it meets the following principles:
As seen, there is a large emphasis towards targeted mitigation of risks. This is where the significance of doing security risk analysis and assessment comes into play.
Of course, it’s almost a truism to say that the assessment is important because it solves the problem. Practically, the assessment is what allows covered entities to avoid the surmounting and overwhelming fines that can come from non-compliance.
In fact, the most notorious cases of HIPAA violations come from the organizational failure to conduct appropriate and encompassing risk assessments. Some of those that have unfortunately been on the sanctioned side of HIPAA are:
|Covered Entity / Company||Fine||Violation|
|Premera Blue Cross||$6,850,000 settlement||Risk analysisRisk management failuresOther potential HIPAA violations|
|Excellus Health Plan||$5,100,000 settlement||Risk analysisRisk management failuresOther potential HIPAA violations|
|Oregon Health & Science University||$2.7 million settlement||Insufficient risk analysis for the whole enterprise|
|Cardionet||$2.5 million settlement||Risk analysisRisk management failures|
|Cancer Care Group||$750,000 settlement||Insufficient risk analysis for the whole enterprise|
The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, was created to ensure the protection of sensitive patient data. The HITECH Act, under the 2009 American Reinvestment and Recovery Act (ARRA), extended the coverage of HIPAA rules to include business associates in 2009. It also underscored the significance of the procedures and structures that protect electronic health information.
HIPAA is a series of regulations that safeguard the privacy and security of protected health information (PHI). PHI is health-related information that may be used to identify an individual such as medical histories, test results, and insurance information.
Significant HIPAA rules include:
The Health Information Technology for Economic and Clinical Health (HITECH) Act promotes the adoption of electronic health records (EHRs) and the improvement of healthcare data protection through financial incentives and increased penalties. It implements the following:
The HIPAA Security Rule prescribes covered entities and business associates to conduct a risk assessment of their healthcare organization. A risk assessment ensures compliance with HIPAA standards and reveals gaps in the security and protection of PHI.
While there are no specific procedures mandated for risk analysis, the HSS recommends an organization should:
On top of this, organizations are also called to conduct and document ongoing risk analysis which:
It is necessary for organizations to conduct and faithfully document a risk analysis for them to be granted Meaningful Use funds.
Monetary incentives are granted to organizations that can meet and complete the standards of EHR and the Meaningful Use program. However, Meaningful Use funds may also be rescinded in the event of lacking documentation.
There have been cases of organizations being forced to return funds due to incomplete documents. In one such case, a community hospital was asked to repay over $500,000.
This is why HIPAA regulations specify that organizations should “periodically evaluate the effectiveness of security measures.” In line with this, the OCR HIPAA Audit Program calls for the annual documentation of an organization’s risk assessment.
Privacy protection is not only taken seriously in principle, but also by penalties. Numerous occasions where companies had to pay millions of dollars for HIPAA violations exist, and they have not only had monetary penalties but reputational consequences as well. The failure to identify risks costs huge money, and disincentivizes patients from engaging with the organization due to a lowered trust. As it is with healthcare, prevention is better than cure. When security risks are exposed and remediated during assessment, then the risk of data breach, fines, and distrust is significantly lower.So who’s responsible for the heft task of security risk assessment? The simple answer is that it is the responsibility of the covered entity and their respective business associates in question to conduct their own risk assessment.
It is usually not only important to know whether or not an establishment is a covered entity, but to know other categories related to it as well. One of the preliminary requirements of HIPAA that a lot of organizations fail to comply with is entering a Business Associate Agreement (BAA), which is or can be part of a contract with entities that will have access to electronic Protected Health Information(e-PHI).
|Covered Entities||These refer to organizations that offer goods and services that are targeted towards medical treatment or organizations that collect information about health. It is important to note that the sharing of Protected Health Information between covered entities do not require BAAs.||PhysiciansDentistsHealthcare insurance providersHealthcare clearinghousesHealth plan providersOptometristOphthalmologist|
|Business Associates||They are organizations or entities that have functions that involve the use of e-PHI in place of covered entities. This is due to the fact that most covered entities do not usually carry out all of the necessary functions of healthcare by themselves and often seek the help of third parties.||Medical billing companyInformation technology companiesEmail encryption servesTranscription servicesLaw firms / AttorneysAccounting firms / Accountants|
|Business Associate Subcontractors||Another step that branches further out into third parties, sometimes, business associates deal with external organizations. Hence, business associates will have to enter into a BAA with subcontractors as well to seal all of the parties involved with HIPAA’s guidelines. Failure to do so could land all of the parties in hot water.||File sharing companiesInformation technology companies/supportAccounting firms / AccountantsLaw firms/AttorneysEncryption servicesShredding companiesWaste disposal companies|
Risks that are to be discovered and mitigated shall be categorized under three separate categories. This is to aid covered entities with regard to what they will look at and investigate when it comes to performing an assessment.
Physical Safeguards. Personal access to facilities or workstations that house software and hardware e-PHI fall under the physical safeguard category. Restricting these areas through identification cards, security guards, and surveillance camera are usually methods to strengthen physical safeguards.
It is important to do thorough risk assessment. One of the most common offenses are simple things that can easily be overlooked and yet have simple solutions. Here are some of the most common HIPAA violations that can commonly arise from a lackluster security risk assessment.
Join our mailing list to get the latest news and offers from MedPro Disposal and our partners!