Don’t Be Vulnerable. Know What To Do with PHI Documents After Patient Discharge
No one enjoys feeling vulnerable… especially when it comes to facing potential HIPAA violations. And yet, when it comes to patient health information (PHI), too many medical facilities are daily putting themselves at risk for those steep fines and severe repercussions. The reality is, if you’re not properly handling PHI documents, especially at the time of patient discharge, you are choosing to remain vulnerable.
Protect Your Patients’ PHI Documents
PHI documents can contain a patient’s name, birthdate, developmental and psychological treatments or history, family history, diagnostic results, prescribed treatments, and more. In order to ensure that hospitals maintain secure control over this information, they must achieve HIPAA-compliant processes. If they fail to do so, it can result in hefty fines, reputation damage, and other severe consequences. Don’t like the idea of staying that way? Take some steps to protect yourself and your patients:
Know What’s At Risk
Chris Strammiello is the vice president of marketing and product strategy at tech company Nuance. He explained, “Admission is all about PHI. And at many hospitals, it’s still all about paper. Admission orders, patient information and consent forms, insurance ID cards and authorization forms, medical histories, referrals, initial prescriptions, and even drivers’ licenses are routinely copied, scanned, printed, faxed, or emailed as part of admitting the patient into the hospital and getting their information into the EHR system.”
He continued, “Upon discharge, the patient typically receives a package of printouts, including a summary of their hospitalization, diagnoses or results, discharge orders and instructions, referrals for follow-up care and additional prescriptions. In the absence of user authentication, audit trails, or other security controls, each document and action present a risk of exposure and a point of vulnerability where PHI can be accidentally misdirected or intentionally compromised.”
What Goes In, Must Come Out
Upon patient discharge, even just the billing process can generate significant amounts of paper. Consider, also, the amount of paperwork generated for all the other procedures that produce PHI documents, and it can all become quite difficult to handle without a document retention plan that effectively tracks, manages, destroys or stores it all. Keeping these documents around for any longer than necessary can be asking for trouble.
For example, some common HIPAA violations include the mishandling of written patient charts and records, or illegal employee access to patient files. Laurie Zabel, CHC, CPC is Director of Coding & Compliance for MedSafe. She points out, “Whether it is out of curiosity, spite, or as a favor for a relative or friend, this is illegal and can cost a practice substantially. Also, individuals that use, or sell, PHI for personal gain can be subject to fines and even prison time.”
Benefits of Scanning PHI Documents
To protect the contents of PHI documents after patients have been discharged, the pages can be scanned and indexed electronically as a secure, compliant, and long-term solution for maintenance, reference, and storage. Dignity Health suggests, “Cloud storage providers offer a range of options from simple backup to more in-depth services and recovery guarantees. You still retain ownership of your files and can access them at any time, but by using a third-party service, you don’t need to hire IT experts, nor do you need a large storage capacity within your office. You have the company’s expertise in complying with laws and regulations as they change.”
Scanning documents can be a quality solution for your document management needs. Since HIPAA requires health organizations to retain records for a certain length of time, and state guidelines have varying requirement lengths, it’s important that you are aware of the different guidelines that your facility must abide by.
Where Does the Paper Copy Go?
The efficiency of digitally stored medical records can reduce administrative costs and storage costs. The immediate, albeit authenticated and audited, accessibility to the PHI documents can speed up medical practitioners’ reference to important information related to patient care. In addition, the digital storage system selected should support your efforts to maintain compliance with HIPAA, FACTA and other organizations.
However, once you have scanned and indexed the documents, you’ll need to have a secure way of ensuring the protection of the PHI contents on the original documents. The dumpster is NOT an option.
So, that’s where Secure Destruction comes in. Not only do we provide locked, secure disposal containers, but we can also shred those documents either on-site or at our local professional destruction facility. The only documentation that you will need to maintain at that point, is the Certificate of Destruction that verifies the permanent, secure destruction of all PHI documents.
Reduce Your Risks – Contact Secure Destruction
Secure Destruction specializes in providing the right, compliant document destruction solutions for medical practices. For an in-person facility review, customized PHI document management assessment, or FREE quote contact our experts today!