Shredding is an “old school” issue.
It doesn’t matter if you have an EHR or not.
And as we all know, even with an EHR, that “paper-less office” is far from paper-less.
Shredding is becoming an issue.
A few months back a member of the cleaning crew stole records that were sitting in the shred pile. Now we have Granger Medical Clinic in Utah who reported a breach of 2600 patients.
The issue was they had a stack of files to be shredded, but when the pile of documents went missing, nobody could clarify whether that pile had been shredded or not.
Often when I consult with a practice, what I am doing is telling the practice they need to formalize their processes.
When I tell them they need to have a policy and process in place for…shredding…they typically chuckle and say, “come on, it is simple and my staff knows what they are doing.”
I’m sure that is what Granger thought, too.
The HIPAA regulations are pushing you to formalize about everything you do. Yes it is a pain, but in the end it is a risk reduction for you. PLUS, by formalizing everything, you make training of new staffers that much easier.
Among other policies, you should have a formal shredding policy in place at your practice that everyone understands. This policy needs to be published and placed in your HIPAA policy binder.