HIPAA stands for the Health Insurance Portability and Accountability Act, a federal law that first went into effect in 1996 and remains so to this day. The accountability in the title refers in part to protecting patients’ privacy by enacting and enforcing rules that control who has access to the information in medical records and how it is to be handled.
What Is Protected Health Information?
HIPAA refers to the information stored in patients’ records as protected health information, meaning that it is to be accessed only by authorized personnel. More specifically, PHI consists not only of data concerning a patients’ health and medical history but also personally identifiable information, (e.g., name, address, Social Security number, etc.) that can connect the information to a specific individual.
The federal government protects this information because patients have a right to privacy and a measure of control over who knows their personal health information and who does not. If PHI falls into unauthorized hands due to a security breach, the U.S. Department of Health and Human Services can impose severe penalties on the responsible parties.
How Does HIPAA Apply to Medical Records Stored Electronically?
Hospitals and doctors’ clinics are increasingly using electronic medical devices to create, read, and store patients’ medical records. These devices may include desktop computers, laptops, smartphones, and tablets, as well as flash drives and other storage devices. In the eyes of the law, there is no significant difference between paper medical records and those created and stored electronically. The same rule regarding privacy applies, and facilities that maintain electronic records must take steps to safeguard them from access by unauthorized personnel.
When and How Are Electronic Health Data Destroyed?
As is the case with all electronics, eventually the current devices used for creating and storing medical records will become obsolete and require replacement. When this occurs, whether sooner or later, the entity responsible for the data contained within the device must take steps to ensure that they remain inaccessible to unauthorized parties.
Depending on the device, different steps are taken to accomplish this. Sometimes it is only the data that is erased or destroyed, via processes of clearing or purging the data, while other times it is the device itself. The Department of Health and Human Services has security standards in place to ensure that unneeded electronic protected health information is completely destroyed and no longer usable, and these standards must be met in order for the entity responsible for the ePHI to be in compliance with HIPAA.
HIPAA requires that certain steps be taken to remove ePHI from any electronic storage device before it can be either disposed of or reused. TechWaste Recycling offers three levels of data destruction, from secure data wipes to physical obliteration.
TechWaste Recycling directly services all of Southern California and provides pickup services to its facilities from nationwide locations. Visit TechWaste Recycling’s website at www.techwasterecycling.com to schedule a pickup that works for your convenience and schedule.
Learn more about TechWaste’s Medical Equipment Recycling process here: Medical Equipment Recycling Service
Contact Info:
Richard Steffens
1940 E. Occidental street
Santa Ana, CA 92705
Phone: 866-637-8469
