How to Properly Dispose Protected Health Information (PHI)

February 27th, 2017 - InstaCode Institute
Categories:   HIPAA|PHI  
0 Votes - Sign in to vote or comment.

HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner:

The problem is that most of us are not computer gurus who can decipher all the technical requirements in the official Medial Sanitation guidelines. So the question becomes, "just what is acceptable and what is unacceptable?" To help address this problem, the U.S. Department of Health and Human Services, Office for Civil Rights has released an FAQ which answers the following questions:

  1. What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of
    protected health information? 
  2. May a covered entity dispose of protected health information in dumpsters accessible by the public? 
  3. May a covered entity hire a business associate to dispose of protected health information?
  4. May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?
  5. How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises? 
  6. Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?

We strongly encourage all healthcare providers and their staff to read through their non-technical answers to ensure your practice is in compliance.


On February 2015, the NIST announced the first revision of the official Guidelines for Media Sanitization. This announcement explains that the new revision describes three types of media sanitization – Clear, Purge, and Destroy. There is a VERY helpful flowchart which shows when each type should be used.

We highly recommend all covered entities to review this announcement in a training session with all their staff. Print out the flowchart and post it where it can be seen as a reminder. Don't forget to record this training session in your Compliance Manual.

Also, don't forget to review your Policies and Procedures to ensure that they are updated to include this information. If you have an Information Technology (IT) department or service, be sure they review the technical specifications of the official Guidelines to ensure that you are in compliance. This IT department  should also issue an official report which should be included in your Compliance Manual as well.



Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

CMS and HHS Tighten Enrollment Rules and Increase Penalties
October 1st, 2019 - Wyn Staheli, Director of Research
This ruling impacts what providers and suppliers are required to disclose to be considered eligible to participate in Medicare, Medicaid, and Children's Health Insurance Program (CHIP). The original proposed rule came out in 2016 and this final rule will go into effect on November 4, 2019. There have been known problems ...
Federal Workers Compensation Information
October 1st, 2019 - Wyn Staheli, Director of Research
When federal employees sustain work-related injuries, it does not go through state workers compensation insurance. You must be an enrolled provider to provide services or supplies. The following are some recommended links for additional information about this program. Division of Federal Employees' Compensation (DFEC) website Division of Federal Employees' Compensation (DFEC) provider ...
E-Health is a Big Deal in 2020
September 16th, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
The new 2020 CPT codes are on the way! We are going to see 248 new codes, 71 deletions, and 75 revisions. Health monitoring and e-visits are getting attention; 6 new codes play a vital part in patients taking a part in their care from their own home. New patient-initiated ...
Chiropractic 2020 Codes Changes Are Here
September 9th, 2019 - Wyn Staheli, Director of Research
There are some interesting coding changes which chiropractic offices will want to know about. Are codes that you are billing changing?
Q/A: Is the Functional Rating Index by Evidence-Based Chiropractic Valid?
September 9th, 2019 - Wyn Staheli, Director of Research
Question Is the Functional Rating Index, from the Institute of Evidence-Based Chiropractic, valid and acceptable? Or do we have to use Oswestry and NDI? Answer You can use any outcome assessment questionnaire that has been normalized and vetted for the target population and can be scored so you can compare the results from ...
List of Cranial Nerves
September 3rd, 2019 - Find-A-Code
Cranial nerves are involved with some of our senses such as vision, hearing and taste, others control certain muscles in the head and neck. There are twelve pairs of cranial nerves that lead from the brain to the head, neck and trunk. Below is a list of Cranial Nerves and ...
So How Do I Get Paid for This? APC, OPPS, IPPS, DRG?
August 21st, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
You know how to find a procedure code and you may even know how to do the procedure, but where does the reimbursement come from?  It seems to be a mystery to many of us, so let's clear up some common confusion and review some of the main reimbursement systems.  One of the ...

About Codapedia by InnoviHealth Systems Contact Us Terms of Use Privacy Policy Advertise with Us

Codapedia™ by InnoviHealth Systems™ - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain) - Fax (801) 770-4428

Copyright © 2009-2019 Find A Code, LLC - CPT® copyright American Medical Association