Shredded paper, one piece says "security"

Keeping consumer and company data secure is more than just a good business practice – it’s a requirement in many industries per state and federal laws. For example, in healthcare, data security keeps protected health information (PHI) and Personal Identifiable Information (PII) from improper disclosure and use through compliance with HIPAA Laws.  

Purge shredding, also called one-time shredding, is an important tool that helps large and small organizations protect data security and data privacy.

Use Purge Shredding to Protect Company Security and Trade Secrets

Corporate espionage is a reality, and it takes many forms. It may be high-tech (infecting a competitor’s network with malware) or more cloak-and-dagger-type activities like breaking into an office or receiving stolen information from an employee.

Sometimes the organization just makes it easy for data thieves. Employees may leave sensitive documents unattended on desks, speak too freely in public places, or place important documents in regular trash cans or recycling bins.

Competitors don’t have to break into your office if they can just open up your dumpster and look at patient records, test results, or sensitive business documents.

Protect your patient’s PHI and your company’s sensitive data with clearly-defined document handling, data retention, and security policies and procedures.

  • Train new employees on data security and privacy.
  • Keep data management procedures updated and provide refresher training for all employees as needed.
  • Store confidential documents in locked rooms or cabinets. Never leave them unattended in offices, conference rooms, or public places.
  • Label and color-code all trash, recycling, and shredding disposal containers so employees can easily identify them.
  • Maintain a regular purge shredding schedule to ensure that documents are destroyed when no longer needed.

Always provide secure, locked containers to hold confidential documents that are awaiting shredding. This helps keep offices and storage areas uncluttered and reduces the danger that sensitive information will fall into the wrong hands.

Comply with State and Federal Consumer Privacy Laws

Large online data breaches resulting from cyber attacks draw the most media attention because of the number of people affected. In 2020, significant cyber breaches “exposed patient data of more than 22 million Americans.” The targeted companies and organizations suffer from loss of customer trust, reputational damage, and regulatory scrutiny.

Data breaches are expensive too. In 2020, the average cost of an online data breach increased by 10%, with lost business costing the most – an average total cost of $1.59 million per incident.

However, as with a company’s internal data security, a data privacy breach doesn’t have to come from a sophisticated corporate spy or cybercriminal. Sometimes it happens when employees mix sensitive documents containing PII or PHI with regular trash or recycling.

Those mistakes are also expensive.

  • A national document search company paid a $500,000 fine for violating the Kansas Consumer Protection Act when it failed to “shred or remove personal information, such as social security numbers or credit card numbers, before disposing of the records” in “public trash bins across Topeka.
  • A large retailer paid $9.87 million to settle a California case after workers were found to have placed “potentially hazardous materials into common dumpsters and disposing of medical records from pharmacies — which contained patients’ names, phone numbers and addresses — without shredding them, putting customers at risk of identity theft.

Documents containing any PII or PHI must be shredded and disposed of in a regulatory-compliant manner. Whether you need one-time shredding or a regular purge shredding schedule, a shredding company can help your company comply with data privacy regulations and disposal requirements.

Comply with HIPAA Requirements

HIPAA, the Health Insurance Portability and Accountability Act, was passed in 1996, and the rules went into effect in 2003. The HIPAA Privacy Rule “requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an ‘individual’s authorization.”

The law is designed to protect healthcare patients’ privacy through proper document management and disposal. Entities that violate HIPAA provisions may face both civil and criminal penalties. Although HIPAA is a federal law, some states also impose their own penalties for privacy violations.

For example:

  • A medical billing company and the doctors who provided patient information to the company paid a state fine of $140,000 after more than 67,000 medical records containing patients’ names, addresses, and social security numbers were deposited in a public dump.
  • A medical practice paid $400,000 to settle a class action suit after documents containing patients’ names, addresses, social security numbers, and insurance information were discarded in a dumpster and subsequently spread by the wind throughout the surrounding neighborhood.

Learn more about Sharps Compliance’s HIPAA-compliant shredding services.

How to Choose a Purge Shredding Service

Sharps Compliance is a full-service provider of medical, hazardous, and pharmaceutical waste management solutions. In selected markets, we also provide purge shredding services. We can supply your facility with everything you need to securely collect and store documents that contain PII and PHI.

Our one-time purge shredding services can help you protect your data and comply with regulations.

  • Secure containers for document collection
  • We accept all paper products that contain PII and PHI
  • Scheduled pickups
  • Pricing is a flat fee per collection cabinet. There are no surcharges or hidden fees.
  • All document destruction takes place at a NAID-approved facility.
  • We provide document tracking and Certificate of Destruction documentation you need in case of a HIPAA audit or other legal necessity.

Our regulatory-compliant document destruction and purge shredding services are available in select markets. Contact us at 800.772.5657 for more information.

by Wanda Voigt, RN, BSN

Wanda Voigt holds a BA in Nursing from Texas Woman’s University and a BBA in Business Management from Texas A&M University. In Fall 2021, Wanda will begin her Master Jurisprudence in Health Law and Policy at Texas A&M University. Wanda has over 20 years of clinical practice in both hospital and private practice practicing in various specialties.

As the Director of Regulatory Compliance, Wanda assists Sharps’ customers in evaluating current federal and state-specific medical and pharmaceutical waste regulations, implementing compliant regulated medical and pharmaceutical waste management programs and processes, and developing training programs for both internal and external customers.

published in ComplianceTagged