How the Right Shredding Company Can Help with HIPAA Compliance

Illustration of a document reading "HIPAA Compliant" on a black clipboard with a circular graphic in the background.1 Thing Becomes 100

Have you ever heard the saying, “You can do 99 things for someone and all they’ll remember is the one thing you didn’t do?” That one thing overshadows the 99 things you did do and becomes the representative for all 100.

This goes for almost any situation. No matter how well you have followed proper procedures or treated your clients, if there is one mishap, it could result in bad publicity, poor reputation, loss of clients, or worse yet, legal trouble. When handling medical records, you know how vital it is to follow all laws and remain compliant with the Health Insurance Portability and Accountability Act (HIPAA), but you also know that it takes just a single weak link in the process to affect the reputation of your whole organization. That’s why it’s so important to make sure every part of the process functions properly and all staff members handle all Personally Identifiable Information (PII) carefully.

Many healthcare organizations find that that the weakest area of data privacy protection is in the final stage of its lifecycle—when it’s time for the information to be destroyed. Using the services of a third-party shredding company to shred your paper records, hard drives, and other electronic media is an excellent decision, but only if you choose the right company. The wrong company can instantly become a nightmare if they cause a data breach because HIPAA will hold your organization responsible.

Partnering with the right shredding company should offer a huge payoff…so how do you find the right company?

The Right Shredding Company

The right shredding company can help with HIPAA compliance by:

  • Being familiar with, and up-to-date on, required retention periods. While retention periods are ultimately your responsibility, working with a knowledgeable and trained shredding company can help you determine retention dates and which files should never be shredded.
  • Supplying locked document collection containers. When you are ready to dispose of documents with PII, you can simply drop them inside the locked container so they remain protected until they are shredded. If they are left lying around, they become a data breach risk.
  • Offering on-site mobile shredding. The benefit of mobile shredding is that your sensitive documents never leave your property until they are shredded. You can also witness their destruction if you choose, helping you stay compliant with HIPAA and other data privacy laws.
  • Being National Association for Information Destruction (NAID) AAA Certified, which requires that your shredding company meets the highest standards in the shredding industry. By using the services of a NAID certified company, you can be confident that the final stage in the lifecycle of your documents will be handled properly.

Staying HIPAA compliant may feel like constantly juggling, and the idea of trusting an outside company to handle your shredding needs may seem nerve-wracking. That’s exactly why it’s important to work with the right shredding company.

CI Information Management serves Southeastern and Central Washington and Northeastern Oregon with NAID AAA Certified shredding and destruction services. For more information, give us a call at 509-586-6090 or complete the form on this page. We’re standing by to assist you with HIPAA-compliant shredding services.