For some organizations, such as hospitals or doctors’ offices, data privacy is not just a matter of good practice – it’s a matter of federal law. When HIPPA went into effect in 1996, it completely overhauled the privacy system that had previously been in place when dealing with patient health records. Since then, doctors and their administrators, as well as health insurance companies, must follow a very strict code of conduct when it comes to patients’ health information. For example, every patient must specifically sign off on whether or not their doctor is allowed to leave any sort of message (voicemail) for them. If you, as a patient, are comfortable with your doctor providing information to another individual (such as a partner or parent, if you’re over 18) if you are unavailable, you must also sign a paper confirming that and specifically naming the individual they are allowed to discuss your health information with. HIPPA’s main goal is to leave nothing to chance when it comes to the risk of an individuals personal information regarding their identity and health falling into the wrong hands (or even perfectly innocent but not pre-approved hands).
This also means that physical and electronic health records of patients must be handled differently. In fact, as a result of HIPPA many practitioners have begun switching to Electronic Health Records (EHR) so that they no longer have to worry about the compliance issues associated with hardcopy, paper files. This also allows patients to access their health records anywhere, anytime so that they can view lab results, diagnoses, or prescription instructions without having to call the office. And, of course, EHRs allow records to transfer quickly between facilities, so whether you are changing practitioners or are being seen by a doctor unfamiliar with your background in an emergency situation, your entire medical history is accessible with the click of a button.
Interestingly, HIPPA retention policies are set on a state-by-state basis, although HIPPA does have some retention requirements for entities doing a particular type of business (such as any business that bills out to Medicaid). That said, although these HIPPA policies typically mandate a 6-year retention, individual states may require a longer retention policy. However, HIPPA does address data disposal requirements, outlining that entities should “clear, purge, or destroy” the media (hard drives) containing sensitive data.
If your business has electronic waste that needs to be properly disposed of, or data that needs to be securely destroyed, Data Recycling will provide free pick-up at your location. However, if you require onsite hard drive shredding at your location, please call or email for details and to obtain a price quote. By scheduling a Free Electronic pick-up with Data Recycling of New England, your business will be able to dispose of its electronic waste in a way that benefits the environment, while also protecting confidential or proprietary information that may be sitting on old hard drives.
For information and to schedule a pick-up, call (508) 822-2054 or email [email protected]