All Points Mobile Shredding Blog

HIPAA Compliance: Shredding & Destruction of Medical Records

A Guide for Your Healthcare Facility

Healthcare facilities of all sizes and types are familiar with the 1996 HIPAA law and understand the importance of safeguarding protected health information (PHI). Following the mandates of HIPAA is crucial to protect patients from breaches that could compromise their identity and put them at risk for breaches. But in addition, all healthcare organizations must also ensure that they follow HIPAA guidelines for proper disposal and protect PHI throughout the destruction process. Here’s a quick guide to HIPAA medical records shredding and destruction.

What Types of Medical Records Should Be Shredded According to HIPAA

According to HIPAA, there are not only rules about storing and maintaining medical records, but also about proper disposal and destruction. The Department of Health and Human Services (HHS) requires that certain medical records must be permanently destroyed so that they are unreadable, indecipherable and are unable to be reconstructed. The following records, documents and information are considered to be PHI and must be protected under HIPAA and destroyed appropriately:

  • Names
  • Addresses
  • Social Security Numbers
  • Phone Numbers
  • Email Addresses
  • Medical Records Numbers
  • Account Numbers
  • Health Plan Beneficiary Numbers
  • Biometric Identifiers
  • Full Facial Photos
  • IP Addresses
  • Web URLs
  • Certificates /License Numbers
  • Device Identifiers and Serial Numbers
  • Geographic Identifiers
  • Unique Identifying Numbers or Codes

HIPAA Compliant Shredding & Destruction

To protect your patients and staff and ensure that your facility is in compliance with HIPAA rules, it’s imperative that you are shredding your medical records with a HIPAA compliant shredding company. Your HIPAA shredding and destruction provider will perform shredding services that are in accordance with the HIPAA regulations to protect you from the risks of non-compliance.

  • Providing Secure Locking Collection Bins

These bins are placed throughout your facility and provide a secure way for staff to deposit records and documents. Once placed into the bin, these documents cannot be removed.

  • Perform On-Site Shredding & Destruction

Your Shredding and Destruction provider will come to your facility to perform shredding onsite. Their shredding trucks are equipped with industrial equipment that can easily and effectively shred all documents so that they are permanently destroyed. You will receive a certificate of destruction to provide peace of mind that you have done what is required under HIPAA law to protect the PHI of your patients.

  • Provide HIPAA Compliance Training

Human error is one of the key ways that medical facilities fail to comply with HIPAA rules. Your HIPAA shredding company should provide online training to ensure that all staff understand and follow all mandates, which protects your organization from violations and hefty fines.

All Points Mobile Shredding is NAID AAA certified and are HIPAA compliance experts. We are committed to helping our customers remain compliant with HIPAA rules and provide full-service shredding and destruction and online HIPAA training. A family-owned and operated company in Stuart, Florida, we serve South Florida medical facilities from Okeechobee County to Broward County. Give us a call today or fill out this form to learn more.

Dawn Connelly

Dawn is the vice president of All Points Mobile Shredding. All Points Mobile Shredding is a family-owned and operated on-site document destruction company that has been serving the Treasure Coast, Palm Beaches, and surrounding areas since 1994.

Get Your Quick Quote

Ask about Our
Guaranteed Pickup Times!

  • This field is for validation purposes and should be left unchanged.