While the world is moving to electronic storage as a standard, there are still physical documents within healthcare that need to be protected and fall under HIPAA regulations. Let’s take a look at how that should be handled.
As paper can pile up, how long do you have to store HIPAA documents? And what do you do with them when they expire?
There isn’t an easy answer to this, because rules are governed state by state, and then an even further breakdown occurs when it comes to what type of document it is. But according to HIPAA guidelines, six years is the standard. If your state laws indicate a shorter time period, HIPAA prevails, if longer, then follow the state mandate.
How should I dispose of old documentation?
Assuming that you’ve scanned the documents to store electronically, and met the term mandate for keeping the documents, then you can safely shred them. It is highly recommended to use a professional service to do this. A reputable company will provide a certificate of destruction that confirms that they have met all legal requirements with their process. This will be invaluable if an audit should occur.
Can I destroy copies earlier if I have scanned them?
If all documents have been properly scanned, and we recommend that you verify that this has been done, as well as backed up, the physical records can be destroyed.
Will I really get caught?
Do you really need to ask that? There is always a chance that through a patient, employee, or perhaps an audit, unsafe practices and security risks will be discovered. It is ALWAYS best to engage with a company that knows HIPAA compliance and all of the regulations to ensure that your healthcare practice is doing everything correct. While this information is correct today, changes occur and you should always refer to your HIPAA vendor and the U.S. Department of Health & Humans Services website on HIPAA for the most up-to-date information.
If you aren’t sure about anything HIPAA-related, HIPAA Secure Now can help!