Staying HIPAA Compliant: Physical Patient Record Storage

Working with various healthcare related organizations over the last 20+ years, we’ve become accustomed to the regulations and guidelines associated within the industry – most common of which being HIPAA compliance. HIPAA regulations are the measures set in place to ensure patient privacy and protect the security of their medical information. Many in the industry are familiar with the concept, but unfortunately we encounter large and small organizations alike not taking the necessary measures to be fully compliant. For this, we’ve outlined the basics of maintaining HIPAA compliance, including the specific standards of physical records as set by the U.S. Department of Health and Human Services.

What is HIPAA-compliance?

The Health Insurance Portability and Accountability Act is meant to protect sensitive patient data and information. It means that if your business deals with protected health information (PHI) in one way or another, you are required to adhere to a certain set of physical, security, and process measures in order to protect that data.

Ensuring Proper Storage of Patient Information

shutterstock_318624575

Thanks to a helpful resource provided by Yale University, we’ve outlined the necessary measures needed to make when physically storing patient data, all of which can be met with proper modifications to a Saf-T-Box container.

  1. Medical records and PHI must be stored where there is controlled access
    • We recommend that medical records and PHI stored in hallways that are accessible by unauthorized individuals should be in locked cabinets.
    • No open shelves in a patient or research subject area.
    • No open shelves in a hallway that allows access to individuals not authorized to access those medical records and PHI.
  2. Medical Records and PHI should be stored out of sight of unauthorized individuals, and should be locked in a cabinet, room or building when not supervised or in use.
  3. Provide physical access control for offices/labs/classrooms through the following:
    • Locked file cabinets, desks, closets or offices
    • Mechanical Keys
    • ID swipes (can be designed to accept YU/YNHH IDs)
    • Alarm keypad systems (mechanical or electronic)
    • Change keypad access codes on a regular basis
  4. Assign someone to manage and document access issues (keys, card swipe, keypad access):
  5. Identify individual(s) with the authority to grant access to an area
  6. Use the HR Oracle Move and Gone report to remove access ASAP when an individual’s status changes or if the individual leaves the University.

Keeping your patients’ data stored within easily accessible filing cabinets in your hallways or office may add a level of inconvenience for your staff, but in order to do what’s right by the patient, as well as protect your organization against potential breaches, theft, or law suits, a shipping container with value added locking, scanning or security features is the way to go.

Interested in picking up a safe and secure storage option for your organization? Click below to request a quote today.

 

Sources:

http://hipaa.yale.edu/security/policy-guidelines-physical-security

Comments

comments

Recent Posts