Health Information Compliance Alert

Security Tip:

DEFEND PATIENTS' PHI WITH SHREDDERS

Put shredder where it will be utilized most.

If an identity thief nabs some of a patient's protected health information (PHI) because your practice did not properly dispose of old documents, you may be facing a lawsuit.

If a patient's PHI is inappropriately disclosed, "laws and regulations are a significant concern; there is also the patient to consider," explains Beth Hjort, RHIA, CHPS, a professional practice manager with the Chicago-based American Health Information Management Association.

When a leak occurs, the "practice should be concerned about the impact on the individual when the private information was shared," she says.

"We know [the PHI leak] can never be taken back, so we have an ethical obligation to protect PHI," explains Hjort.

Best bet: Medical offices that want to take an extra step to ensure that PHI doesn't fall into the wrong hands should consider purchasing a document shredder or two for their facilities. That way, any sensitive information that you are no longer using can be destroyed immediately--making the possibility of ID theft via paper records virtually nil.

Destroy Info That Connects Identity To Sensitive Info

When considering what types of documents need to be destroyed, you should shred anything that contains both identifying information and private information about an individual, says Hjort.

For example, a superbill that contains Patient X's Social Security number and information about her bursitis treatment is ripe for destruction.

The question you need to ask yourself in the above situation is "'Can someone connect sensitive info to the patient?' If the answer is 'Yes,' you need to destroy the document," says Hjort.

Tip: If you are unsure about a document's sensitivity, and you are planning on recycling it anyway, go ahead and shred it. This simple security measure might save you miles of trouble down the road.

Providers should "be concerned with any [document] containing sensitive health information and the patient's identifying information or identifiers that could be traced back to the patient's identity," Hjort reminds.

Other examples of documents that you should shred include:

•  any documentation of the history of the patient's medical problem that is not needed for the permanent medical record.

•  any nursing notes on the patient that are not needed in the medical record.

•  any copies of test results on a patient that you may receive by fax.

•  any documentation with credit card information on a patient.

Remember: When shredding documents, don't shred items that may be needed for the permanent medical record. If you're unsure whether or not a document should be destroyed, check with other staff before shredding it.

Try this: When placing your shredder, location matters. Put a shredder right beside the office's paper recycling bin, recommends Hjort. That way, every time you have a piece of paper to throw away, the shredder will be handy.


Other Articles in this issue of

Health Information Compliance Alert

View All