PHI (Protected Health Information) is an extremely confidential set of information. Hence, the disposal of such information is to be carried out very thoroughly through meticulously secure channels. For, health information, which includes customers’ most delicate and detailed information, is something that can wreak havoc in a person’s life if leaked or if someone is able to gain unauthorized access to it. One method of ensuring complete destruction of sensitive information is Protected Health Information Paper Shredding.
PHI and the New HIPAA Requirements
Protected Health Information or PHI includes medical information contained in patient files, medical notes, documents, lab reports, insurance records, bills, memos, coding data, appointments, messages, or anything at all that relates to a customer’s medical history, a patient’s current medical status, or the relationship or discussions a patient may have or had with their practitioner (which includes a nurse, doctor, consultant, or anyone who holds some level of medical authority). This is how HIPAA officially defines ‘PHI’.
The ‘New HIPAA’ is a recently amended version of HIPAA. The purpose of the amendment was to raise its execution regarding the disposal of such protected health information. As per the mandates of the new HIPAA, improper disposal methods will end with compulsory fines being levied against the offending party – with the maximum limit of such fines being increased to 1,500,000 dollars (from where it had previously been 25,000 dollars).
Improper disposal complaints and other related complaints regarding PHI will now also require an obligatory investigation under the new HIPAA. Plus, if there is a data breach or a case of improper disposal that may lead to a potential data breach, a data breach notification will be required to be given to the relevant (affected) patients and the concerned authorities.
Destruction of Information on Paper and Hard Drive Records
Protected Health Information Paper Shredding – whether that information is contained on hard drives or on paper, has to be thorough. By that, it means that the information stored in these media should be destroyed so that no one will be able to reconstruct it from the residue of destruction (shreddings). Hence, the paper should be shredded beyond physical reconstruction. And it is not enough to simply delete or format hard drives, as that does not necessarily destroy the data but merely clears the hard drive’s memory space to add more data.
Someone who knows what they’re doing and with enough technical know-how would still be able to recover such deleted and formatted data if they got their hands on the actual media. And the same can be said about regular shredding: Someone with the patience and know-how would be able to put the document back together and collect sensitive information from these files if they reconstruct enough back together. Hence the need for certified and reliable information destruction services.
Thus, a corporate, institution, or any medical entity that falls under the HIPAA (and it’s practically impossible to find one that doesn’t), or rather, any business entity that has obtained protected health information or PHI from their customers or patients, are obligated to ensure the secure and thorough disposal of such information to avoid the leakage of such information into dangerous hands. Consequently, such institutions and businesses are required by law to use reliable, qualified and certified information destruction services when they decide to dispose of sensitive information. A failure to do so would lead to legal action taken against them.