What Healthcare Providers Should Look for in a Shredding Company

If you’re partnering with any outside organization to outsource your work, you want to use the best, especially when it comes to relinquishing healthcare information. Some may not consider shredding an integral part of healthcare, but the truth is that it’s a vital part of protecting a patient’s private health information. If any information is leaked, it could be costly and damaging to both the patient and your practice. So, in your pursuit of a shredding company, here are some important factors to consider.

1. Knowledge & Experience

Your practice is required to comply with all applicable data privacy laws, and your shredding company must do the same. Choose a shredding company that complies and is knowledgeable with the law, starting with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Why is a complete understanding of HIPAA requirements so important? One of the key components of HIPAA is protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Three main rules of HIPAA are:

1. HIPAA defines the circumstances under which a person may disclose or use protected health information (PHI).
2. HIPAA sets out the minimum standards for protecting electronic health information (ePHI).
3. Breach Notification. In the event of a data breach, the Department of Health and Human Services (HHS) must be informed within 60 days of its discovery.

Failure to adhere to these three HIPAA rules can result in civil and criminal penalties, a damaged reputation for your practice, and depending on the circumstances, a loss of employment for yourself and your staff.

2. Chain of Custody

You track your patients’ data closely, making sure that it is protected from the time it is created or given to you until it is disposed of. You are aware of the retention periods for this information and adhere closely to the final disposition dates. That chain of custody continues when you pass the documents on to a professional shredding company for destruction. You want a shredding partner that you not only trust, but one that documents the transfer and continues to track the PHI until destruction is complete and they provide you with a Certificate of Destruction. The Certificate provides the following information:

• Date of destruction
• Your business name and address
• Workorder number that references the workorder you received on the day of service with the location, date, time, and initials of the driver that performed the shredding service

State and federal privacy laws require a certificate of destruction upon completion of shredding. It proves compliance with privacy laws like:

• HIPAA
• HITECH
• FACTA
• GLBA

3. Accountability

Your choice of shredding company can either leave your practice vulnerable to data breaches or protect it. Here are two key factors when making that choice:

1. Technicians must be background checked and receive regular training in the requirements and restrictions associated with all state and federal laws.
2. The shredding company should be NAID AAA Certified, proving that they meet the highest security and ethical standards in the industry, verified by an independent third party.

Richards & Richards is Nashville’s NAID AAA Certified shredding company. Our screened technicians are experienced and trustworthy and handle your sensitive information with care. Call us at 615-242-9600 or complete the form on this page for our expert assistance with shredding service for your healthcare organization.