HIPAA – Tips from an Expert

HIPAA definition

HIPAA was enacted in 1996, and stands for the health insurance portability and accountability act. It’s one of the most important pieces of legislation to ever deal with personal identifiable information (PII) in healthcare. We’ve already written about HIPAA extensively in the past, but we thought we’d take it one step further.

We spoke to a Licensed Clinical Social Worker in the state of New York, Eileen Moran about HIPAA and ways to stay compliant. Eileen has over 26 years of experience in the field, and began her career before HIPAA was implemented. In addition to her professional career, Eileen also teaches future medical professionals at a nearby university. We sat down with Eileen to learn more about this law, and how to stay compliant. Watch our video interview below:

What is HIPAA?

Shred Medical Records Past Their Retention Period

As we mentioned, HIPAA is one of the most robust laws to ever deal with PII in any capacity. In a nutshell, HIPAA protects your private medical information from anyone other than you or an authorized representative. Medical records contain a wealth of personal information that we all want managed to the highest possible standards. HIPAA simply creates a guideline of standardized practices, protected by law.

HIPAA also provides a way for workers to continue receiving health insurance coverage if and when they leave a job. It helps create a set of industry-wide standards for billing and processes—specifically electronic billing. It mandates the protection and confidential handling of certain documents, and most importantly, it aims to reduce health care fraud and abuse.

Before & After HIPAA

HIPAA isn’t just for paper records, it also includes digital records and hard drives. Eileen mentions that before HIPAA was enacted, the way records were handled was a little less stringent. “Before I became a social worker, I worked at a hospice. We used to be able to discuss patients’ progress, or discuss treatment with family members over the phone.” Once HIPAA came to pass, that was no longer a simple phone conversation. “Unless family members are authorized by the patient to receive that information, we can’t really discuss anything over the phone.”

Over shoulder view of old grandparents couple patients video calling virtual doctor using laptop at home. Online telemedicine chat meeting. Seniors ehealth, telehealth consultation, tele medicine.

Eileen even mentions that it changed the way her and her colleagues dealt with paperwork. It’s actually quite similar to the clean desk policy we wrote about earlier this year. “Anytime you got up from your desk, it became second-nature to flip papers over, or put them back into their folder. We even started locking our computer screens to make sure no one could see what we were working on.”

Now with things like telehealth and virtual visits, requirements to HIPAA needed to be updated and revamped for changing times. “In the beginning of the pandemic, there really wasn’t much guidance regarding HIPAA and telehealth. We were waiting for then Governor Cuomo to tell us what to do. Later, he said it was OK to use telehealth and virtual meetings for our patients and he signed it into law.” Eileen does mention that not all platforms offer the same level of protection, so be sure to go with the most reputable meeting services available. And to be sure that your provider is using a secure service.

Penalties for Violating HIPAA


Violating HIPAA regulations is a very serious matter. Penalties can range from anywhere between $100 to $50,000 per violation, based on the severity. Depending on the violation, it’s even possible to be sentenced to jail time. These are just a few reasons it’s better to hire a professional shredding operation. Aside from the amount of time it takes for employees to shred documents, hiring a professional takes away the risk of improper disposal. Any NAID certified destroyer can help with compliance, and give you a certificate of destruction for your records.

Eileen mentions that for many, the financial penalties are the least of their worries. “For me personally, I would be worried about my reputation. I would never want to be seen as someone who wasn’t honoring confidentiality. That would do irreparable damage to the relationship with my patients.” She teaches all of this in her college course, and emphasizes never leaving anything to chance.

Shred Nations can Help with HIPAA Compliance

In addition to having malpractice insurance and business associate agreements (BAA) in place, it’s also critical to make sure any sensitive documents are stored and destroyed according to strict standards. This is where Shred Nations comes in.

At Shred Nations we partner with a network of medical records shredding providers located throughout the nation—working to provide document destruction services like mobile and off site shredding in order to help the healthcare industry find secure strategies for disposing of PHI.

For more information on any of our available services or to begin comparing quotes from HIPAA compliant shredding providers in your area, just give us a call at (800) 747-3365, or simply fill out the form at the right of your screen to get free and competitive medical records shredding quotes today!