Many people think that the Health Insurance Portability and Accountability Act of 1996, or HIPAA, only counts for people in the health care line, such as doctors, dentists, hospitals, or health insurance companies. While it is true that HIPAA directly affects the way that they deal with the protection of information, it can actually affect any business. The protection and destruction of personal information covered by HIPAA can include any employer. If your business offers any form of health insurance, it is likely that you have applications on hand. Any injury reports on file are considered protected information. As a business, you are considered a small covered entity.
As a small covered entity, you are required to handle this information according to their guidelines. HIPAA defines Protected Health Information (PHI) as medical, such as diagnosis, billing, and medical history. But it also includes phone messages, images, claim forms, or any copies of forms. The list of PHI also includes notes, appointment memos, and insurance information. If you stop and think about it for a moment, does your business have anything related to health care on record? If so, you are responsible for protecting that information according to HIPAA.
Keeping the information secure includes how you dispose of that information. Paper shredding, media destruction, and disposal are all issues under HIPAA. You can’t simply throw the papers in the trash, crack CDs in half, or toss them in the dumpster. Instead, you must completely destroy the information. There are different methods for paper and media destruction that HIPAA outlines.
Paper
Destruction of paper can include shredding, burning, pulping, or pulverizing the papers. It is important to render the papers essentially unreadable, indecipherable, and impossible to reconstruct.
Media
Use other methods to destroy the electronically contained information. For example, you can clear it by overwriting the media with non-sensitive data. Use degaussing or exposing the media to a strong magnetic field to do purging. Or you can destroy the media. However, this destruction needs to meet HIPAA standards, such as pulverizing, melting, incinerating, or shredding the media.
While you may not directly connect to a medical profession, there is a good chance that your business handles personal information covered by HIPAA. Creating a plan on how to deal with this protected information is important to protect your employees and your business. For more information on how to handle the media destruction of protected information, contact us. Our products met and even exceeded HIPAA standards.
