How to Properly Dispose Protected Health Information (PHI)

February 27th, 2017 - InstaCode Institute
Categories:   HIPAA|PHI  

HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner:

  • Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.

  • Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media Sanitization, such that the PHI cannot be retrieved.

The problem is that most of us are not computer gurus who can decipher all the technical requirements in the official Medial Sanitation guidelines. So the question becomes, "just what is acceptable and what is unacceptable?" To help address this problem, the U.S. Department of Health and Human Services, Office for Civil Rights has released an FAQ which answers the following questions:

  1. What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of
    protected health information? 
  2. May a covered entity dispose of protected health information in dumpsters accessible by the public? 
  3. May a covered entity hire a business associate to dispose of protected health information?
  4. May a covered entity reuse or dispose of computers or other electronic media that store electronic protected health information?
  5. How should home health workers or other workforce members of a covered entity dispose of protected health information that they use off of the covered entity’s premises? 
  6. Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?

We strongly encourage all healthcare providers and their staff to read through their non-technical answers to ensure your practice is in compliance.

UPDATED STANDARDS

On February 2015, the NIST announced the first revision of the official Guidelines for Media Sanitization. This announcement explains that the new revision describes three types of media sanitization – Clear, Purge, and Destroy. There is a VERY helpful flowchart which shows when each type should be used.

We highly recommend all covered entities to review this announcement in a training session with all their staff. Print out the flowchart and post it where it can be seen as a reminder. Don't forget to record this training session in your Compliance Manual.

Also, don't forget to review your Policies and Procedures to ensure that they are updated to include this information. If you have an Information Technology (IT) department or service, be sure they review the technical specifications of the official Guidelines to ensure that you are in compliance. This IT department  should also issue an official report which should be included in your Compliance Manual as well.

 

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? 
Specialization: Your Advantage as a Medical Coding Contractor
December 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.
ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)
December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.
Changes to COVID-19 Vaccines Strike Again
December 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.
Updated ICD-10-CM Codes for Appendicitis
November 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.
COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....



Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association