Total Secure Shredding | (619) 295-5474

Tag Archive | "Shredding Services"

Desk scene

Tags: , ,

HIPAA Compliance in Document Shredding

Posted on 07 July 2015 by Total Secure Shredding

Desk sceneWhen it comes to privacy, nothing is more valuable than a patient’s medical records. Medical practitioners have the responsibility of protecting the data of their patients–not just from an ethical standpoint, but from a legal one too. Obtaining, storing, and destroying medical records must be done in a way that keeps patient privacy a priority, and that aligns with the regulations that oversee proper treatment of patient medical information.

What is HIPAA law?

The Health Insurance Portability and Accountability Act, or HIPAA, is a national set of standards that medical professionals must follow to keep the information of patients private. It first emerged in 1996 and it is intended to keep patients both informed and protected from information being used for non-medical purposes, or without their permission. HIPAA takes into account that reasonable information-sharing rules must be in place to benefit the patient. In other words, the act is designed to keep medical information private but still allow for timely, quality care for patients.

What is a Practitioner’s HIPAA Responsibility to Patients?

There are two HIPAA-allowed reasons a practitioner would disclose information to an entity on the part of a patient. The first is to the individuals themselves when they want to see their records, or to their designated representatives (who are chosen in writing). The second is when the U.S. Department of Health and Human Services is conducting a review or investigation that may lead to enforcement access. Beyond that, a practitioner must have written consent to share that information.

The law was written before the internet was commonplace, so some patients and healthcare providers complain that it needs updating to accommodate electronic convenience. To stay in keeping with the original outlines of the law, however, practitioners still require permissions in writing and stay away from e-mailing things like medical records to their patients.

How Can Documents be HIPAA-Compliant When Shredded?

Though much of the permissions to share medical records must still be done the “old fashioned” way, HIPAA does not prevent practitioners from digitizing their own documents in-house. When this digital transfer takes place, it means that healthcare professionals have handwritten duplicates of the information that is now available to them in an electronic format. Getting rid of the remaining written records is often a step these practitioners are eager to take, both to eliminate the duplication and to provide an even higher level of privacy to patients. There are also certain medical records that can be disposed of after a certain time frame, but once again, these need to be destroyed in a way that aligns with HIPAA.

Clearly just throwing away medical records is not a smart move, and it is certainly not HIPAA compliant. Shredding the documents is a safer route, but even then, vigilance in how the records are destroyed is necessary to keep the medical information out of the wrong hands. There are no HIPAA specific rules when it comes to shredding medical documents, but to stay in compliance, the American Health Information Management Association suggests that practitioners:

Have a Uniform Shredding policy.

Healthcare organizations are urged to create a document shredding policy that is the same every time. This ensures everyone has step-by-step instructions and that there is an outline of what should be done each time. If a medical organization decides to outsource document shredding to a third-party, they should ensure that this type of policy is in place and that is aligns with the tenets of HIPAA.

Keep good shredding records.

If a medical facility chooses to have a contractor shred its records, it is important to obtain all of the following information from that contractor to keep on hand at the practice. This should include:

  • Method of destruction

  • Date of destruction

  • Statement that basically explains why the records were shredded

  • Description of what was destroyed that includes the date ranges

  • Signatures from anyone involved in the shredding decision making and in the actual destruction process.

Contractors AND medical facilities should keep these records handy. This documentation should be kept somewhere that is available to both regulators and the medical practitioner clients.

Protect themselves when using third-party contractors.

If a medical facility does decide to hire a contractor to destroy medical records through shredding, they should take a few additional steps to protect themselves. Those include:

  • A contract that indemnifies the facility from unauthorized disclosure.

  • Choosing a contractor that maintains liability insurance.

  • Insisting that the contractor provide documentation and proof of the destruction process. This should also include the method of destruction (in writing) and the estimated time that will lapse between obtaining the records and destroying them.

Is shredding the only approved way to destroy medical records?

Shredding is the smartest way to get rid of paper documents, but not all medical records are in a paper format or are easily shredded. To ensure that there is no chance of a record being reconstructed, a practitioner should follow these guidelines for destroying information based on its format:

Microfilm and Microfiche.

These can both be destroyed through recycling and pulverizing.

Laser disks.

Any of these that are in write once-read many formats (also referred to as WORM) can’t be altered or used more than once, so pulverization is the recommended way to destroy them.

Computerized data.

Without getting too technical, the best way to protect computerized information is to make the data there unrecoverable. This can be done by shredding or degaussing the computer hard drive. To shred a computer hard drive it must render the drive completely useable and be cut into several pieces.  Degaussing leaves the data on magnetic media, scrambled or in random patterns that make it impossible to read or put back together in a way that makes sense. Some think that overwriting files makes them impossible to read but in truth, a file can be overwritten six times and still be recovered. To really get rid of this information the degaussing process needs to be implemented.

Magnetic tapes.

Degaussing, as opposed to overwriting, is also preferred for magnetic tapes (and for the same reasons listed above).

In the end, properly shredding medical documents protects patients, practitioners, and contractors. Take the time to do it correctly or hire the right company to meet your HIPAA compliant shredding needs. Remaining HIPAA compliant is non-negotiable, and destroying records in the right way keeps patient privacy intact.

Comments (0)

Computer at desk

Tags: , , , ,

What To Expect When You Hire A Shredding Company To Destroy PHI

Posted on 30 June 2015 by Total Secure Shredding

PHI, or “Protected Health Information”, is the personal health information used to identify an individual. Often, this data is demographic in nature, and reveals facts that relate to the individual’s mental or physical health, as well as their provision of health care, how they pay for that health care, and a variety of general identifiers including the person’s

  • Full name

  • Date of Birth

  • Address of Residence

  • Phone Numbers

  • Social Security Number

As sensitive information, all PHI must comply with the Health Insurance Portability and Accountability Act standards (HIPAA). According to the HIPAA, all covered entities will be required to dispose of PHI properly and securely, with proper proof of shredding. A reliable method that most organizations use to do this is to hire a shredding company that will destroy all of the PHI off site in a manner consistent with the security and privacy rules and regulations of HIPAA. Following are just some of the things that you should expect when hiring a shredding company to destroy PHI on your behalf.Computer at desk

1. All Sensitive Records Will Be Reliably Destroyed

Hiring a skilled and qualified service to destroy your discarded PHI is a great solution for many companies searching to eliminate a significant portion of substantial risk, while lowering internal costs. It’s no surprise that using a qualified PHI destruction service has become the most popular method of disposing of PHI.

Paying for a qualified service to conduct the destruction on your behalf allows your office to obtain a valid record of compliance, or proof of shredding. Even if you’re sure that your employees always shred every document that they should, it’s important to have proof that this happens regularly. Your chosen company must be capable of destroying the following types of media:

  • Smart Phones, CDs, Thumb Drives

  • Computers – simply pressing delete does not erase data from a computer system

  • Stored records – records that have been electronically converted or exist beyond their retention period

  • Paper Records – any paper documents, messages, notes, memos and forms

2. The Destroyed PHI Will Be Completely Indecipherable

To comply with the rules of HIPAA, all destroyed PHI must be completely indecipherable, or “essentially unreadable”. What’s more, even if the destroyed PHI cannot be reconstituted, this does not mean that it can simply be deposited into any garbage can, recycling bin or dumpster used for general waste that might be accessible to unauthorized persons or the public.

When you hire a company to dispose of your PHI for you, you enter into an agreement or contract that ensures the PHI will be safeguarded carefully throughout the disposal process. This ensures that your PHI will be carefully retrieved, burned, shredded or pulped and removed according to the requirements of the law.

3. You Will Receive A Certificate of Destruction

A proof of shredding receipt gives you and your company the HIPAA compliance documentation essential to the audit trail. Not only will you have a reliable destruction program in place, but you will also have the documentation required to back yourself up – and for a lower cost than would be required to destroy data yourself.

Most businesses today know that HIPAA compliance is crucial, and to demonstrate your compliance, your paper trail must establish the following:

  • You have been destroying sensitive materials with a registered destruction company on a regular basis

  • Proper care was put into choosing your specialist and qualified destruction vendor

  • Your employees have been trained to understand their own destruction responsibilities

Safeguarding Your Company

The privacy rule determined by the HIPAA requires that all covered entities apply the appropriate technical, physical, and administrative safeguards needed to protect PHI in any form. This means that no covered entity may dispose of PHI without due caution and specialist care. Though the security and privacy rules do not require that companies use a specific method of disposal, covered entities must determine steps that are reasonable in safeguarding PHI and implement policies to carry out those steps.

How do you feel about using a professional company to destroy PHI on your behalf? Do you think that accessing specialist shredders may be a safer, cheaper, and all-around more secure option of dealing with sensitive data?

Comments (0)

Happy Thanksgiving

Tags: , , , ,

Thanksgiving 2013 Closure

Posted on 26 November 2013 by Total Secure Shredding

Happy ThanksgivingHowdy All,

It’s that time again (hard to believe)! We’ve hit the holiday season.

For Thanksgiving, we will be closed:

  • Thursday November 28, 2013
  • Friday November 29, 2013

We will have a Short Day on Saturday November 30, 2013 and will be open from 10 am to 1 pm.

Happy Thanksgiving,

Your friend,

Head Shredding Guy

Comments (0)

Tags: , , , ,

Spring Into It!

Posted on 08 April 2013 by Total Secure Shredding

by Sue Crum, Ed.D. Professional Organizer

Spring has sprung and with it new beginnings, great opportunities, and longer days!

It’s the time of year for putting away the Ugg boots and heavy sweaters, clearing out the cobwebs of our homes and lives and creating a world how we imagine it could be: Calm, Clutter-Free and Happy.

How do we do that?

We can start by looking at our environments, home and work. It’s the perfect time to shed old habits that haven’t served us well, shred old papers and files we no longer need and wed ourselves to fresh starts.

Look around and see where you could begin. Whether you live alone or with others, make it into a spring fling party. What clothes are you no longer wearing that could be donated? If you have children, now is the perfect time to attack those closets and see what no longer fits. With hefty bags at the ready, see if you can make some breathing room in the dresser drawers and closets of your home. Put the filled bags in your car and drop them off at the nearest donation center.

Once you finish this, you’ll be in the mood to spring fling another area of your home or business. How about your office or the place where your papers have been dwelling? By this time of year your tax reports should be completed. How “Zen” can you make your office space now?

Sometimes we leave files and piles out on countertops because our file cabinets are bursting. Use these longer days and later sunsets to take a look at the back of those file drawers. Can you release to the universe files you haven’t looked at in months or even years? Is it possible to create “breathing space” in those file cabinets rather than going out and buying more file drawers?

If you have sensitive documents, of course the man to contact is Mike Krauss at 619.295.5474 at Total Secure Shredding! You can drop off your items to be shredded at his place near the San Diego Sports Arena or arrange for mobile shredding services if you have quite a bit.

So, shed your sweatshirts and long pants, crank up some music and start creating more open space for new opportunities and experiences. Summer’s just around the corner; it’s time to spring toward it!

“What the world really needs is more love and less paperwork.” – Pearl Bailey 

Sue Crum is an international speaker and founder of and the owner of the RED team.  She consults and shows people how to de-clutter and organize their lives for better productivity. Her forthcoming book, De-Clutter Your Life – 50 Ways to Organize Your Life, Home or Business so that you can be More Calm, Focused, and Happy, will be available in June.  Call her to speak to one of your groups or help you with de-cluttering and organizing. 760.803.2786.

To receive her latest EBook, Red Hot etips List for De-Cluttering Your Life, sign up at You will also receive monthly RED Hot etips for energized and efficient people and learn where Sue is next presenting.

Comments (0)

Thanksgiving 2012 Closures

Tags: ,

Thanksgiving 2012 Closures

Posted on 21 November 2012 by Total Secure Shredding

Happy ThanksgivingWe will be closed Thursday November 22nd and Friday November 23rd for Thanksgiving.

However, since Saturday is Small Business Saturday, we will be open for drop-off shredding on Saturday November 24th.

Have a great Thanksgiving.

Your Friend,

Head Shredding Guy

Comments (0)

or Call Today

(619) 295-5474

Local San Diego Shredding
Experts are waiting
for your call

Advertise Here

Photos from our Flickr stream

See all photos

Advertise Here