What is PHI?
PHI stands for Protected Health Information, and is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals.
PHI not only refers to medical information contained in patient files, but also to any note, document or record related to a patient’s treatment, including lab and insurance reports, billing and coding information, appointment times, notes and phone messages. It includes anything that could disclose any information about a patient’s relationship with the practitioner. The laws are becoming more and more broad as to what constitutes PHI.
New HIPAA Requirements
As of September 2013, amendments to HIPAA (Health Insurance Portability and Accountability Act) went into effect. Compliance with the updated regulations requires medical practices to:
- Conduct a risk analysis to determine the vulnerability of electronic protected health information (PHI) to loss or theft, and document that they have done so.
- Create and review policies and procedures for what to do if PHI is lost, stolen, or inappropriately disclosed.
- Train employees on policies, procedures and protocol as it relates to PHI and HIPAA.
- Review contracts with vendors and other “business associates” that have access to PHI to ensure that the vendors have proper safeguards in place to secure patient PHI.
HIPAA Compliance Solution
All Points Mobile Shredding is your one-stop solution to providing secure, on-site document destruction and providing HIPAA compliance training. Our goal is to offer solutions for your organization that lower costs and virtually eliminate risk. Here’s how:
1. Lower Costs/Increased Employee Productivity
If your office is really destroying everything it should, outsourcing destruction is less expensive than operating an office shredder. Office shredders are slow, inefficient, and require employee time. We make shredding easy and simple, which allows employees the freedom to concentrate on their core job duties. It also eliminates the worry that employees are improperly disposing of confidential documents to avoid spending time hand-feeding the office shredder. All Points Mobile Shredding offers compliance resources that would otherwise cost you hundreds of dollars.
2. Compliance and Risk Management
Hiring a qualified shredding vendor provides your office with a record of compliance. Even if your employees shred everything they should be shredding, you have no proof that it happens regularly. A receipt from a shredding service, called a Certificate of Destruction, gives you a compliance audit trail, which is part of your proof of HIPAA compliance. Ultimately, the advantages of a qualified shredding vendor are that employees are more likely to comply with the destruction program, you have an audit trail to back it up, and it costs less than destroying information yourself.
3. Training: The Risk Eliminator
According to regulators, training employees on proper PHI disposal and giving them simple written instructions insulates healthcare organizations from most fines. All Points Mobile Shredding is NAID AAA Certified and we are HIPAA compliance experts. We offer training for your employees that includes:
- An All Points Mobile Shredding Information Security Expert discussing proper document destruction and procedures under HIPAA
- Employees viewing a 15-minute NAID Employee Information Destruction video presentation on proper HIPAA compliance
- Providing employees with written instructions on the organization’s specific information destruction procedures; as your service provider, All Points Mobile Shredding can help you prepare this document
- Verifying that employees have participated in the training, viewed the training video, understand the written destruction instructions, and agree that ongoing compliance is a condition of their employment
For more information or for a quote, please contact us by phone or complete the contact us form on this page.