By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
While the world is moving to electronic storage as a standard, there are still physical documents within healthcare that need to be protected and fall under HIPAA regulations. Let’s take a look at how that should be handled.
As paper can pile up, how long do you have to store HIPAA documents? And what do you do with them when they expire?
There isn’t an easy answer to this, because rules are governed state by state, and then an even further breakdown occurs when it comes to what type of document it is. But according to HIPAA guidelines, six years is the standard. If your state laws indicate a shorter time period, HIPAA prevails, if longer, then follow the state mandate.
How should I dispose of old documentation?
Assuming that you’ve scanned the documents to store electronically, and met the term mandate for keeping the documents, then you can safely shred them. It is highly recommended to use a professional service to do this. A reputable company will provide a certificate of destruction that confirms that they have met all legal requirements with their process. This will be invaluable if an audit should occur.
Can I destroy copies earlier if I have scanned them?
If all documents have been properly scanned, and we recommend that you verify that this has been done, as well as backed up, the physical records can be destroyed.
Will I really get caught?
Do you really need to ask that? There is always a chance that through a patient, employee, or perhaps an audit, unsafe practices and security risks will be discovered. It is ALWAYS best to engage with a company that knows HIPAA compliance and all of the regulations to ensure that your healthcare practice is doing everything correct. While this information is correct today, changes occur and you should always refer to your HIPAA vendor and the U.S. Department of Health & Humans Services website on HIPAA for the most up-to-date information.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE