Monday, July 20, 2015 3:15 pm, Posted by Absolute Destruction
While we emphasize how important it is to properly dispose of client information in any industry, it is especially vital for those in the healthcare professions. The nature of the Personal Health Information (PHI) taken by Healthcare Information Custodians (HIC) is different to that found on a typical banking statement or account invoice. PHI holds intimate medical data, and its theft can have disastrous consequences for both the client and the HIC.
Healthcare Information Custodians (HIC) are considered to be any healthcare practitioner, including even those who work in pharmacies, labs, ambulance services, mental health services, community care centres, nursing homes, and freelance at-home caregivers. Those that work within the healthcare industry (but don’t actively treat patients) like Canadian Blood Services employees, employees within the Ministry of Health, and those sitting on boards of health are also considered HIC. Basically, the term is used to describe anyone who collects, has access to, or records PHI.
PHI includes anything data that relates to an individual’s current or past physical and mental health. Family medical history, lab test results, and prescriptions are considered PHI, as is anything else that identifies an individual or is used to establish an appropriate course of treatment.
As a HIC, you are bound by law to ensure that you go about collecting, accessing, recording, and disposing of any record properly. Since 2004, the Personal Health Information Protection Act (PHIPA) has been setting standards for these processes in Ontario, thereby protecting clients and providing legal recourse should their PHI be used without their consent. Within this act, certain safeguards are outlined for HIC.
Security and education are emphasized when regarding the correct collection and recording of PHI. Any records should be stored behind locked doors, the access of which can only be gained by authorized employees. Physical copies should be stored in locked filing cabinets with strict lending procedures, ensuring visitors are escorted when accesses these areas. Digital copies should be equipped with the appropriate firewalls, encryption, and back-up procedures; with additional PINs to ensure only those authorized can gain entry. Authorized employees should receive extensive training on how to collect and record data securely and why it’s important to do so.
In terms of disposal, PHIPA acknowledges that disposing of paper copies with the regular recycling and reformatting hard drives or memory sticks is an insufficient strategy. Paper can be retrieved by immoral individuals who have access to the recycling bins at any time between its disposal and its reprocessing at a recycling plant. Meanwhile, digital information can be retrieved from even those computers and storage components that have been wiped. PHIPA states that destruction is the only way to ensure complete and utter elimination of PHI in a manner that prevents its improper use.
Improper use can be especially devastating to those individuals whose PHI is stolen. Like any confidential data, PHI can be used by thieves to assume an individual’s identity. Instead of opening false bank accounts and credit cards, these thieves can use the PHI to obtain access to medical treatment and prescription drugs. The danger lies in the fact that any treatment these thieves receive under the false identity would be documented in the victim’s file. Any changes to prescriptions or allergies could have fatal consequences to those victims who, without realizing their PHI has been taken, arrive at the hospital for treatment themselves.
To ensure you protect your clients from this terrible fate – and to ensure that your practice follows the law – you need to take the appropriate measures to destroy any PHI you collect. Our mobile shredding services are guaranteed to completely and utterly destroy any materials – physical or digital – by a team of bonded representatives. With our “Guarantee of Destruction”, healthcare professionals can easily dispose of PHI as the letter of PHIPA states.