It’s more important than ever to make sure your business, especially if it relates to the medical industry, properly shreds all documents prior to disposal.
On October 4, 2010 the University of Tennessee Medical Center became aware of a “daily administrative report” that was disposed of through the hospital’s regular trash as opposed to proper shredding.
Contained within the report was “certain patient-related information, including the patient’s name and social security number.”
As a result, 8,000 patients had to be notified of the potential privacy breach as required with the HIPAA/HITECH health data breach notification provision.
Early next year (February 18th to be exact), this same breach in patient information could lead to fine’s reaching a potential maximum of $1.5 million. This new HITECH mandatory fine structure kicks into effect if it is determined that the information breach is a result of “willful neglect.”
The UT Medical Center’s West Knoxville billing office also reported a computer stolen in August 2005. The hard drive on stolen computer contained “patient names, Social Security numbers, and birth dates.” Letters from the hospital were sent to the people who’s information was believed to be on the hard drive.
In either event, with the new HITECH laws and fines coming on-line in the coming year, it’s extremely important for health organization to have proper document/information handling and destruction policies in place.
Step 1: Make sure you have a written document destruction policy in place.
Step 2: Make sure all employees are properly trained on your companies policies.
Step 3: Make sure someone at your organization is responsible for implementing and auditing your companies policy and training.
If you ever have any questions with regard to setting up a proper document destruction policy and training program, please feel free to contact us and I’d be glad to help.
Until next time…
Keep Totally Secure,
Head Shredding Guy