In this scathing article published in the UK’s Daily Mail, researchers find that healthcare providers without proper document destruction protocols simply discard sensitive patient records with their trash. In a recent study, researchers from St Michael’s Hospital and the University of Toronto found 1300 lbs of paper and 2500 individual sheets with HIPAA protected private information in the recycling bins of 5 different hospitals.
Healthcare providers have been pushed to digitize processes and adopt Electronic Medical Record (EMR) software, but in so doing, many documents must be scanned. The resulting paper must then be discarded. Healthcare providers that don’t have proper shredding protocols with training for employees at every level of patient care on what to do with protected information and an outsourced solution that captures all paper, so employees aren’t choosing what may need shredding and what may not, are putting themselves at risk for a breach.
According to a spokesman for the Secure Records Solutions Consulting Team, “In our experience, providers who shred documents internally with small office shredders are at much greater risk for a breach. They are asking every employee to stop what they are doing and run paper through a shredder one sheet at a time instead of doing the easy thing and throwing it in the trash. Do you really think they are going to get that right 100% of the time? Outsourcing document shredding to an accredited shredding business on a regular schedule gives you the peace of mind that your employees have an easy solution for doing the right thing, so they can spend their time doing what you do best – patient care.”
The transition to a paperless healthcare system has not been an easy one. Most healthcare providers claim to be completely paperless, but in fact have records stored in attics, storage units, and closets that is waiting to be shredded. By partnering with a professional information management company that can help conduct HIPAA training and implement processes like onsite shredding to automate information security, healthcare providers can close the chinks in their compliance armor.