Protecting Paper Medical Records from Abuse and Misuse

confidential hipaa regulated paper medical records protect from misuse identity theftDue to the massive amount of personally identifiable information (PII) that paper medical records contain, identity thieves often salivate at the possibility of laying their hands on these sensitive documents.

Used for a number of nefarious wrongdoings such as falsely collecting health benefits, obtaining credit, or even selling personal information online to other digital criminals, the protection of medical records has become all the more critical to the healthcare industry.

In order to ensure proper protection of medical records and that heavy HIPAA fines will be avoided, many healthcare providers have stepped up their security game—adopting secure document destruction processes for the shredding of their paper medical records.

Here, we take a closer look at the lurking threat of identity theft in healthcare, and provide practical strategies for ensuring that your practice’s medical records are protected from unnecessary risk.

How ID Thieves Get Their Hands on Medical Records

how identity thieves get hands on medical recordsAlthough an individual misplacing their driver’s license or other piece of personally identifiable information could send a potential identity thief on a path leading to stolen medical records, they can also be just as easily taken from medical practices and healthcare providers.

In just one instance, a former Alabama hospital employee was sentenced to a two year prison term for his contributions to a tax fraud case involving the theft of patient paper medical records.

With these, he and others used the PII the medical records contained to file more than 100 fraudulent tax returns in an effort to defraud over $500,000 from the IRS.

While security experts in both the healthcare and privacy industries can really only suggest a more in-depth background check and evaluation process to potential employees before hiring to ensure specific protection against inside jobs such as these, providers can also help to close security gaps using alternative strategies.

By stressing the importance of taking every precaution to limit the number of hands that sensitive information in medical records passes through, this in turn drastically reduces the odds of internal abuse from an employee.

To do this, many healthcare providers implement record retention schedules to accompany the secure storage of their medical records, which carefully track each individual medical record and help providers ensure that they are properly disposed of and no longer another potential item for an ID thief to lay their hands on.

Typically, state laws will govern the required period of time that medical records must be retained, but providers should nevertheless keep the Health Insurance Portability and Accountability Act (HIPAA) in mind.

According to HIPAA, covered entities are required to keep medical records for six years from the date of its creation or its last use, whichever comes later. Additionally, healthcare providers should also note that if a state’s retention laws are shorter than HIPAA, HIPAA retention requirements will preempt state laws.

Once a paper medical record has reached its required retention period, it is no longer of use to a provider, and should be properly destroyed in order to protect patient privacy and prevent the chances of a provider’s medical records being stolen or misused by identity thieves.

The US Department of Health and Human Services formally defines proper medical record destruction as “rendered unreadable, indecipherable, and impossible to reconstruct.”

In order to ensure the proper destruction of their paper medical records, one of the best options for hospitals, small medical practices, and other healthcare providers is to shred those sensitive documents to bits, leaving them insusceptible to potential abusers.  

Protect Paper Medical Records With Secure Shredding Services

medical confidentiality protect paper medical records secure document shredding servicesGenerally speaking, strategies for shredding paper medical records come in two flavors, either mobile shredding or offsite shredding, which can be scheduled for monthly, weekly, or even bi-weekly service:

Mobile Shredding

Conveniently making the trip directly out to a healthcare provider’s curbside, box trucks equipped with industrial shredders are able to shred sensitive paper medical records while a provider witnesses their destruction.

This process—known as mobile shredding—works similar to the way garbage trucks work, lifting locked bins containing documents into the shredder so that the medical records never need to come in contact with an employee of the shredding company.

Offsite Shredding

For healthcare providers like hospitals that manage the medical records of thousands of past and present patients, offsite shredding services are often an ideal option, as their more cost-efficient pricing tends to be especially advantageous for large-scale shredding needs.

With offsite shredding, a shredding truck will come directly to you to collect your documents. Afterwards, the documents are then transported to a secure offsite facility to be shredded. Because the truck doesn’t need to stay on-site to perform the shredding, the project requires less time, which means the project also requires less money.

Despite assurances from shredding companies, many healthcare providers still worry about things like ensuring chain of custody and secure storage of the medical records right up to the moment they pass through the shredder.

That’s why at Shred Nations, each and every one of our shredding partners will provide a formal certificate of destruction upon completion of their service.

Certificates of destruction guarantee that the service provided was fully compliant with all HIPAA and FACTA standards for paper medical record destruction, and provide the full details of the shredding service including date, location, amount, and the type of medical records that were shredded.

Get Free, No-Obligation Quotes on Medical Record Shredding

When it comes to the security of paper medical records, it is incredibly important healthcare providers take into account not just the damage a stolen or misplaced medical record can cause to patient privacy, but also the impact to themselves as well.

At Shred Nations, we partner with a nationwide network of shredding providers who take compliance with state and federal document destruction laws like HIPAA seriously. Offering a range of services like mobile or offsite shredding which provide various advantages like convenience or cost-efficiency, we’re certain we are able to meet all your medical record shredding needs.

To get started scheduling either mobile or offsite shredding services for your paper medical records, just give us a call at (800) 747-3365, or simply fill out the form to the right of your screen to request free quotes on secure shredding near you!

Additional Medical Record Resources

Mishandling Medical Records—A Guide to Preventing Disaster

Considering the massive amounts of personal information that patient medical records contain, they often fall into the crosshairs of identity thieves, making it essential that the healthcare industry emphasize the importance of their proper management and storage right up to the record’s destruction. In this in-depth white paper, we explore the potential implications of mishandling both paper and electronic medical records and provide secure strategies for ensuring that medical records are protected from data breaches and identity theft.

Protecting Electronic Personally Identifiable Information (PII)

Personally identifiable information—or PII—is the key to an individual’s identity, and many people enter this information willingly using the internet. In this article, we explore the world of PII, covering topics which range from defining the information that make up PII, to the best strategies companies can take to protect this information.

Proper Protected Health Information (PHI) Disposal

When it comes time to dispose of your paper medical records and the protected health information (PHI) they contain, many might wonder what the proper methods of destruction are. Luckily, this article takes a closer look at the management of PHI and medical records, outlining what PHI is, the best ways to dispose of it, and the potential implications of improperly storing and destroying patient medical records.