How Can a Shredding Service Help with the HIPAA Omnibus Rule?
The HIPAA Omnibus Rule is a rule that impacts every business that is charged with the storage of health-related customer data. This rule became effective in 2013 and modified a number of existing rules, with plenty of its own additions.
The new rule provided a single, extensive document that detailed all of the requirements for complying with HIPAA and HITECH. While we won’t be covering these requirements in detail, it’s important to know that they outline exactly how health information must be stored – and destroyed.
When it comes to destroying health-related customer information, a shredding service can help. Let’s take a look at the ways that a professional shredding service can help you to stay in compliance with these important regulations.
When Should You Destroy Medical Records?
Whether you’re dealing with physical or digital records, there will likely come a time where records are no longer necessary. HIPAA requires that medical records be retained for six years from the date of their last use or from the date of their creation, whichever is later.
Before destroying any documents, you should check local and state laws for additional requirements about retention. If there is a state law that calls for your business to maintain the documents for a longer period of time, then that law supersedes HIPAA.
Employ a HIPAA-Compliant Shredding Service
There are some specialty businesses that cater to medical document destruction specifically. They market themselves as being HIPAA compliant, and they focus — often exclusively — on safely destroying medical documents.
A specialty business like this will make sure that your documents are secured up until the very moment at which they are properly destroyed.
There are two primary types of shredding that are both within HIPAA compliance. These include:
Most hospitals and doctor’s offices use mobile shredding services so that they can physically see the documents being destroyed. With this method, a truck that has been equipped with an industrial shredder will come out to your location. Once it’s there, documents will be shredded in front of your eyes. This provides the assurance that many health care providers are after.
With this method, a truck arrives to pick up all of the medical records and deliver them to the shredding facility. This method is much more cost-effective than mobile shredding. Locked bins are always used to ensure security during transportation.
Whichever method you use, the medical records will be shredded using a machine that does cross-cut shredding in order to meet HIPAA’s specific requirements. Providers will offer locked bins for use in your office in between your shredding appointments. This will provide a place for employees to put documents that need to be shredded, while making sure that they are still secure in the meantime.
A HIPAA-compliant shredding service will also provide you with a certificate of destruction. This certificate is important for many internal processes that health care providers have, and it’s also vitally important if there are any legal disputes. The certificate will include a statement of who completed the shredding, when it was completed, and where it was completed.
A HIPAA-Compliant Shredder
If you’re concerned about compliance with the HIPAA Omnibus Rule, you need to work with a shredder that is fully HIPAA-compliant.