HIPAA Regulations on Secured Containers
The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to use reasonable physical safeguards to limit accidental uses and disclosures of protected health information in connection with the disposal and storage of information. Secured containers containing information for pending disposal must be locked and accessible for employee use.-
Physical Safeguards
-
HIPAA requires that four areas be addressed to safeguard its medical records. The areas are administrative procedures, physical safeguards, technical security services, and technical mechanisms. Physical safeguards are designed to limit unauthorized access to protected health information. HIPAA does not specifically state what methods should be used.
Information Storage
-
An effective method of safeguarding medical information is secured storage for unattended records. Secured bins are used for records storage in offices and smaller medical practices. They are also used to store records intended for disposal by shredding. Recyclable documents are collected in the secured bins, stored in a secure area, and then sent off-site for destruction.
Information Disposal
-
HIPAA requires that covered entities must have policies and procedures in place for the disposal of protected health information. All employees and volunteers must be trained on the disposal of records. Records may be destroyed by shredding, burning, pulping, or pulverizing the records so that the information is unreadable and indecipherable.
-