This website was created for professional medical and dental administrative leaders to do the following:

  • Define Protected Health Information (PHI) in the new HIPAA.
  • Explain the challenges related to discarding PHI on a daily basis.
  • Provide information and resources that will protect their organizations from the new mandatory fines recently added to HIPAA for improper disposal of PHI.

Employee training, written policies and destroying discarded paper records are included in the top ten data protection compliance recommendations.

Analysis of hard drives bought on the second hand market showed that a significant number still contained personal information despite obvious indications that the owner had tried to overwrite the information themselves.

An analysis of the contents of commercial outside trash “dumpsters” conducted in Toronto determined that 3 out of 4 doctors’ offices contained improperly discarded personal health information.

States’ Attorneys General are being currently being trained  by HHS to aggressively utilize their new HIPAA enforcement mandate.

Neither pressing the “Delete” button or reformatting removes data from a computer hard drive. It only erases the index and conventional recovery utilities can still easily access the information unless the hard drive is properly sanitized or destroyed.

According to HHS, “Paper, film, or other hard copy media have been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.”

PHI is considered any information about a patient, including diagnosis, treatment, billing, or personal information associated with treatment.

Improper disposal of PHI among top 5 causes of required health data breach notifications: 1. Theft, 2. Loss, 3. Unauthorized Access/Disclosure, 4 Improper Disposal, 5 Hacking/IT Incident (US Dept. of Health and Human Services).

The unsecure disposal of PHI would be an example of a HIPAA offence qualifying for the maximum level of mandatory fines, according to the US Dept of Health and Human Services. (Federal Register Pg 40879).

The US Dept of Health and Human Services will soon be required to investigate complaints about improper disposal of PHI. (Federal Register – pg 40876).

In the News

HIPAA Security Rule Requires Secure Disposal of ePHI-Laden Devices

August 08, 2018: News for HIPAA Security Rule Requires Secure Disposal of ePHI-Laden Devices


Read More

Secure Healthcare Data Sharing Not a Priority for Some Workers

News for July 06, 2018: Secure Healthcare Data Sharing Not a Priority for Some Workers


Read More

AHA Urges Consumer Education on HIPAA Privacy Rule and Health Apps

News for June 29, 2018: AHA Urges Consumer Education on HIPAA Privacy Rule and Health Apps


Read More

With Consumer Privacy Center Stage, Why Aren’t We Talking About Health Data?

News for May 30, 2018: With Consumer Privacy Center Stage, Why Aren’t We Talking About Health Data?


Read More