Medicare Compliance & Reimbursement

HIPAA:

Defend Patient's PHI With Shredders

Put your shredder where it will be used most If an identity thief nabs some of a patient's protected health information (PHI) because your practice did not properly dispose of old documents, you may be facing a lawsuit. If a patient's PHI is inappropriately disclosed, "laws and regulations are a significant concern; there is also the patient to consider," explains Beth Hjort, RHIA, CHPS, a professional practice manager with the Chicago-based American Health Information Management Association. When a leak occurs, the "practice should be concerned about the impact on the individual when the private information was shared," she says. "We know [the PHI leak] can never be taken back, so we have an ethical obligation to protect PHI," says Hjort. Best bet: Medical offices that want to take an extra step to ensure that PHI doesn't fall into the wrong hands should consider purchasing a document shredder or two for their facilities. That way, any sensitive information
that you are no longer using can be destroyed immediately -- making the possibility of ID theft via paper records virtually nil. When considering what types of documents need to be destroyed, you should shred anything that contains both identifying information and private information about an individual, says Hjort. For example, a superbill that contains Patient X's Social Security number and information about her bursitis treatment is ripe for destruction. The question you need to ask yourself in the above situation is "'Can someone connect sensitive info to the patient?' If the answer is 'Yes,' you need to destroy the document," says Hjort. Tip: If you are unsure about a document's sensitivity, and you are planning on recycling it anyway, go ahead and shred it. This simple security measure might save you miles of trouble down the road. Providers should "be concerned with any [document] containing sensitive health information and the patient's identifying information or identifiers that could be traced back to the patient's identity," Hjort says. Other examples of documents that you should shred include: • any documentation of the history of the patient's medical problem that is not needed for the permanent medical record. • any nursing notes on the patient that are not needed in the medical record. • any copies of test results on a patient that you may receive by fax. • any documentation with credit card information on a patient. Remember: When shredding documents, don't shred items that may be needed for the permanent medical record. If you're unsure whether or not a document should be destroyed, check with other staff before shredding it. Try this: When placing your shredder, location matters. Put a shredder right beside the office's paper recycling bin, recommends Hjort. That way, every time [...]
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more