When we think about HIPAA requirements, many of us think electronic security measures. That’s a good thing – but don’t stop there!

Review the oldest charts and papers containing PHI that are being stored in the facility or offsite. Do NOT save any papers or charts that are unnecessary or past the requirement date for your State, Centers for Medicare and Medicaid, or any other regulatory organization that mandates the length of time patient data needs to be saved.

Check to see that there are NO OLD tapes, discs or Xrays that the organization would no longer have any use for. Additionally, do not store old computers that still have hard drives in them and would potentially have patient data.

Enlist your IT vendor and/or shredding company to properly dispose of all data containing PHI.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!