Document destruction demands diligence

A column about keeping your practice in good health

By Pamela Lewis Dolancovered health information technology issues and social media topics affecting physicians. Connect with the columnist: @Plewisdolan  —  Posted March 26, 2007.

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Stephen Schutz, MD, said his gastroenterology practice takes patient confidentiality so seriously, secured bins around the office store everything from sticky notes to phone messages.

The Digestive Health Clinic in Boise, Idaho, not only has someone shred the contents in these bins once a week, but the documents are shredded on-site to ensure no outside eyes are ever laid upon confidential patient information.

"Part of it is convenience, but part of it is a little bit of control," Dr. Schutz said of the decision to have the shredding done on-site.

As medical identity theft rises many practices are looking for convenient and secure ways to destroy confidential patient records, particularly those practices converting to electronic files who wish to dispose of many years' worth of paper files.

But a few recent incidents in which document destruction companies mishandled patient files should make clear to physicians that they need to make sure the company they hire knows how to dispose of documents without -- intentionally or not -- letting them get into the hands of identity thieves.

The Utah Attorney General's office launched an investigation last fall after a Salt Lake City news crew found thousands of patient files and x-rays in an unlocked bin outside a third-party company hired by a recycling firm to separate paper files from x-ray films. Utah Assistant Attorney General Richard Hamp said the state passed a law last year that created a penalty of $2,500 per individual whose records were compromised, up to a maximum fine of $100,000. The law took effect in January.

Chris Nelson, a spokesperson for the University of Utah Hospital system, which had files in the unlocked bin, said the company could have protected itself by simply moving the storage bin inside. But the experience made the health system "a little more vigilant that we don't get sloppy with our own procedures," Nelson said.

Most shredding companies, which charge by the box or in a general range of eight to 16 cents per pound, offer the option to have the shredding done on-site with a large mobile unit for an additional surcharge and travel fee. Some charge less per pound the more you shred, and some offer regularly scheduled visits for a flat rate.

The Sierra Neurosurgery Center in Reno, Nev., has been shredding approximately 400 pounds of paper per week since November 2005 as part of the process of transferring 8,000 patient files to an electronic medical record system. Dyana Selby-Davis, health records manager for the practice, said a reputable company will offer a certificate of destruction every time something is destroyed.

Bob Johnson, founder and president of the National Assn. for Information Destruction, the trade group that provides much of the unofficial oversight of the industry, said he's currently not aware of reports of people using a destruction or storage business as a front for an identity theft scam, but industry insiders have become increasingly concerned with the possibility. But, if medical groups practice their due diligence and hire reputable companies, it won't be worth the thieves' time to set up shop as a fake company, he said. His advice to practices:

  • Know the difference between recycling and destroying. Don't trust a company that claims general recycling is the same as destroying documents. General recycling lacks several of the federal requirements to comply with consumer/patient protection laws.
  • Have a written policy on document destruction before contacting vendors for bids. Examine a company's written policy of how it manages the destruction.
  • Require the company to do background checks of its employees.
  • Make a vendor sign a contract binding it to HIPAA and the Fair and Accurate Credit Transaction Act. FACTA is the basis for allowing individuals access to their credit reports.
  • Conduct periodic, unannounced audits of the destruction facility if the destruction is not done on-site.

Pamela Lewis Dolan covered health information technology issues and social media topics affecting physicians. Connect with the columnist: @Plewisdolan  — 

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn