A well-designed document retention and destruction policy has three primary benefits for all businesses, including those in the medical field: efficiency, safety, and peace of mind. It also keeps your organization compliant with state and federal standards.
The COVID-19 health crisis continues to disrupt business operations and many organizations have been partially or fully shut down as more employees work from home. Medical facilities may be seeing fewer patients and offices are working with skeleton crews. The workday lull created by the pandemic is a good opportunity for taking care of the backlog of records and document disposal that may have been put off during busier times.
TriHaz offers medical and non-medical offices and facilities secure media destruction and document shredding services. We’re currently offering area businesses free labor for the proper and secure disposal of all customer, client, and patient records containing sensitive, personally identifying information.
Document Retention & Disposal Best Practices
Personal identifying information is routinely collected by government, medical, and commercial business and is stored in both digital and paper formats. The rules for retaining and disposing of these records are set out by a number of regulatory bodies.
The Federal Trade Commission’s Disposal Rule was written to protect the privacy of consumer information and reduce the risk of fraud and identity theft. The rule applies to nearly everyone who collects consumer information including employers, government agencies, insurers, and more.
HIPAA privacy and security rules require medical entities to apply appropriate safeguards to protect the privacy of protected health information (PHI) in any form. The agency requires medical records to be retained for six years from the date of their creation or last use, whichever occurs later.
The majority of states and Puerto Rico also have document retention and disposal laws but if their retention time is shorter than HIPAA’s, federal law preempts the state’s law. Alabama’s Data Breach Notification Act of 2018 contains a section that covers disposal of records containing sensitive personally identifying information that states:
“A covered entity or third-party agent shall take reasonable measures to dispose, or arrange for the disposal, of records containing sensitive personally identifying information within its custody or control when the records are no longer to be retained pursuant to applicable law, regulations, or business needs. Disposal shall include shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any reasonable means consistent with industry standards.”
Finally, the rules and opinions set out by the Alabama Board of Medical Examiners & Medical Licensure Commission of Alabama recommend a retention “rule of thumb” of 10 years for both paper and electronic medical records but do not mandate a particular time period because different medical practices or other businesses may have varying regulations they must comply with.
Time for a Data and Document Cleanse
Most business offices and medical facilities have large volumes of stored paper and electronic files. Because it’s a typically a big job, keeping them in order and disposing of them when the time is right tends to get delayed or put off altogether. Paper files may be difficult to get to or move, staff resources may be limited, and electronic records may be stored on multiple types of hardware.
Why is timely data and document disposal so important? There are several risks that come with putting off this important task.
- Did you know that nearly 90% of all identify theft begins with confidential data taken from a recycling bin or the trash? The personal client, customer, or patient information you’re holding onto puts that data at risk of a security breach. Many people’s records contain their social security number, date of birth, and employer information, all valuable information to a hacker intent or stealing their identity.
- Outdated files and data have a negative effect on productivity. Disposing of these no longer needed records ensures your staff doesn’t waste time wading through irrelevant documents and information.
- Non-compliance with privacy and confidentiality laws and regulations can put your business or facility at risk of hefty fines and other penalties.
Safeguarding and properly disposing of client, customer, and patient personal information protects their privacy and your reputation. From paper to hard drive, microfilm, and tape destruction, using a professional records disposal service lets you track the document destruction process and meet compliance regulations. And moving forward, scheduling regular disposal dates helps prevent future backlogs.