Medical records contain troves of private information including names, birthdates, addresses, account numbers, health plan numbers, social security numbers, and more. Because they have such a high volume of personally identifiable information, these files are commonly targeted by criminals and identity thieves.
Because medical records are highly sought after by criminals, they require extra attention when it comes to protection. Records should be stored safely for their entire lifecycle and destroyed properly when they expire.
Here we will cover best practices for managing medical records while they are in your possession and provide some tips on how to safely and responsibly destroy medical records.
Protecting Medical Records in Your Possession
To protect the private information of your patients and to abide by local and federal information security laws, it’s important that all organizations that handle medical records have records management policies and procedures in place.
The goal of the procedures should be to:
- Clearly define your organization’s stance and policies
- Clearly outline procedures and steps
- Clearly define repercussions for not following procedures
Examples of effective security procedures include:
- Establish record retention guidelines
- Establish document access levels
- Create sign in/out sheets file access and modifications
Be clear and concise and stress the importance of following these rules. IBM found that in 2016, 23% of breached data was made vulnerable by negligent employees. Employees are more likely to adhere to strict rules when they understand the importance of the task at hand.
Circulate and post these rules around the office and train employees regularly to refresh their memories and keep these policies at the forefront of their minds.
Remember to regularly audit these systems to make sure they continue to produce the expected results overtime. Make sure employees understand procedures and are following them thoroughly, and make adjustments to procedures when necessary.
Medical Record Retention Laws
Medical record retention schedules help keep organizations streamlined and organized throughout their information security processes.
Each state has their own laws regarding how long organizations should keep certain types of medical records. You can use this state by state guide on medical record retention laws to learn more specific information for your state.
The purpose of retention laws is to ensure the timely disposal of expired documents. Storing records past their retention period not only wastes storage space and clutters the office, but it puts the private information in that file at unnecessary risk. If a file exists when it could otherwise be shredded and destroyed, it leaves that information vulnerable to a breach.
Not all documents expire at the same time, which makes ongoing document destruction services a suitable option to ensure medical records that require destruction are safely destroyed in a timely manner.
Medical Record Shredding
Most medical records expire at some point, and it is your duty to ensure the proper destruction of each record once it reaches its expiration date.
Document shredding is the best way to ensure your documents are thoroughly destroyed.
If you are small practice you might invest in a small office shredder, but if you regularly produce private documents that require secure destruction, shredding services provide an excellent solution.
When it comes to shredding services you have a few options:
In both cases the shreds are baled and recycled, adding an extra layer of security while remaining environmentally conscious.
To make the shredding process easier, you can partner with a local document shredder to set up ongoing shredding services. With ongoing services you set up a shredding schedule, fill up bins throughout your office with documents that need to be shredded, and the shredding professional stops by on a regular schedule to destroy the contents of the bins.
Need to Find a Reliable Medical Record Shredding Provider?
Shred Nations partners with trusted shredding service providers throughout the U.S. If you need to find a shredding provider in your area who can handle your shredding needs, call us at (800) 747-3365 or fill out the form on the right for free quotes from several providers in your area.
Keeping your patient’s information secure should be a top priority. We’ll help make it easy.