Hippa: Health Insurance Portability and Accountability Act

This rule applies to everyone who handles medical data

HIPPA As It Applies To Data Destruction

HIPPA is a huge piece of legislation, regarding your medical information, the condensed information here is taken from the US Department of Health and Human Services. Erecycler knows the HIPPA rules and can help get your company into compliance, contact us today.
Health Insurance Portability and Accountability Act. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.
All those who meet the definition of a ‘covered entity’ under HIPAA must comply with HIPAA requirements to protect the privacy and security of health information. They must also provide individuals with certain rights with respect to accessing their health information.
Those defined as covered entities are:
Until recently, only covered entities were required to comply with the HIPAA Privacy Rule and the Security Rule. In 2009, HITECH extended HIPAA rules to apply to those who assist covered entities, known as ‘business associates.’ The proposed HIPAA rule would change HIPAA’s definition of business associates to include:
HITECH also strengthens enforcement penalties for healthcare professionals who are guilty of willful neglect. It extends HIPAA’s penalties to business associates as well.
Further, covered entities must ensure that their workforce members receive training on and follow the disposal policies and procedures of the covered entity, as necessary and appropriate for each workforce member. See 45 CFR 164.306(a)(4), 164.308(a)(5), and 164.530(b) and (i). Therefore, any workforce member involved in disposing of PHI, or who supervises others who dispose of PHI, must receive training on disposal. This includes any volunteers. See 45 CFR 160.103 (definition of “workforce”).
Thus, covered entities are not permitted to simply abandon PHI or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons. However, the Privacy and Security Rules do not require a particular disposal method. Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps. In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed. For instance, the disposal of certain types of PHI such as name, social security number, driver’s license number, debit or credit card number, diagnosis, treatment information, or other sensitive information may warrant more care due to the risk that inappropriate access to this information may result in identity theft, employment or other discrimination, or harm to an individual’s reputation. In general, examples of proper disposal methods may include, but are not limited to:

Dallas, Ft Worth, Houston, Austin, San Antonio

We service these major Texas cities for many of our national clients. If you need a pick up in any of these metropolitan areas just let us know and we will happily get you on the schedule.

About Us

We service these major Texas cities for many of our national clients. If you need a pick up in any of these metropolitan areas just let us know and we will happily get you on the schedule.
At eRecycler we believe that reuse is the highest form of recycling

Let's Recycle Together

Satisfaction Guaranteed