Strengthen privacy and security with an enterprise-wide approach to destruction

DID YOU KNOW?

In today’s healthcare environment PHI resides in many forms, across many locations. The question is how effectively is your organization managing those risks?

CHALLENGE

Increasing privacy concerns and the exponential rate at which information is being created in the healthcare industry are elevating the need for compliant retention and disposition practices to be adopted and enforced across your organization. Information kept beyond the required retention period results in increased costs and risk. When information has met retention and is ready for destruction, a comprehensive destruction program will help you maintain compliance.

Given the hybrid nature of today’s environment, it is essential to identify and enforce information destruction policies across both physical and electronic records containing PHI. However, the job does not end there. The various systems and devices on which PHI is used and shared, as well as patient care materials on which PHI is printed, must also be addressed. These assets can be found in multiple locations, departments and facilities across today’s complex healthcare ecosystem.

SOLUTION

To address this growing risk, healthcare organizations must move to establish an enterprise-wide destruction program that is strategic, secure and scalable. Destruction must be enforced in a defensible manner across the organization with consideration of where and how PHI is being proliferated across formats and functions. In addition, to ensure compliance as well as cost-efficacy, the program should not only address the destruction of sensitive information but also the broader need for disposition of day-to-day patient care materials.

By establishing an enterprise-wide approach to destroy PHI and other signficant materials no matter the format or the location, you can:

• reduce cost and risk
• destroy PHI, regardless of format, in accordance with privacy and security requirements
• advance green and sustainability initiatives

WHERE DO I BEGIN?

Often getting started is the hardest part. Below are a few best practice tips to help you establish a secure, compliant and cost-effective enterprisewide destruction program.

• Partner with your Information Governance and IT Governance committee to gain the visibility and buy-in required to establish destruction policies that address all records, devices and assets that contain PHI.
• Establish and regularly refresh an enterprise retention schedule that addresses all record types and formats, including media and devices.
• Employ a shred-all policy for paper records to eliminate the risk that confidential and proprietary material will be improperly disposed.
• Establish policies to govern the disposition of e-waste and IT assets securely. Where possible, recover IT assets value by securely repurposing and recycling these assets in accordance with industry standards.
• Integrate other high volume materials and/or regulated materials into your defensible destruction program to standardize processes and optimize program efficiencies.