What You Need to Know About HIPAA Compliant Storage and Moving
Thu, Dec 20, 2018
By: Jim Beran
Companies who collect and store personal medical information on behalf of their clients must adhere to the regulations of the Health Insurance Portability and Accountability Act (HIPAA.) The law is there to protect people from being denied coverage as well as to shield their privacy.
At Gilmore Services, we make it a priority to understand and adhere to government regulations that affect moving and storage. In fact, HIPAA compliant storage is one of our specialties. Here’s what you need to know.
HIPAA Compliant Storage
Any company that stores medical information must adhere to HIPAA regulations, which break down into three basic categories with safeguards in each.
- Administrative safeguards include:
- Creating a security management process to safeguard paper records (Protected Health Information, or PHI) and electronic records (e-PHI.)
- Designating a security officer to oversee HIPAA compliance.
- Limiting access to PHI and e-PHI to only personnel who need it.
- Workforce training to ensure employees understand HIPAA requirements.
- Periodic evaluations to ensure compliance.
- Physical safeguards include:
- Facilities where PHI is stored must be secure but also have a system in place to allow access to authorized parties.
- There must be protection in place for workstations and any other devices used to access e-PHI.
- Technical safeguards include:
- Access control to limit access to e-PHI (this is both administrative and technical.)
- Audit controls to track access to protected data.
- Integrity controls to ensure that protected data is not altered or destroyed.
- Transmission security to prevent e-PHI from being transmitted without authorization.
These rules are in place to ensure that the privacy and security of a patient’s medical records are the first priority of any company that collects them. You can find additional information about the regulations on the HHS website, here.
Transporting PHI and e-PHI to a new location requires special safeguards under HIPAA rules. The reason is that when records are in transit, they are exposed to new potential threats. Here’s what you will need to do if you need to move your records.
- Any electronic media, including workstations and devices, that contain PHI or e-PHI must be backed up before you move them.
- No medical records may be left in an unlocked room or unsecured area. Only authorized personnel should have access to them.
- Any boxes containing medical records must be numbered and clearly labeled to eliminate the possibility of misplacing them during the move.
- No records should ever be left unattended. During a move, people sometimes leave items on a sidewalk or in front of a building. You may not do that with PHI – someone must be with the records if they are not locked up.
- You should appoint an administrator to oversee the move to ensure that the movers know what needs to be moved and how to properly handle sensitive records during the transition.
- Your first responsibility upon arrival at your new destination is to check to make sure that all PHI and e-PHI are accounted for and then get them stored properly and securely.
During the move, you must also take steps to protect records from environmental damage. Any vehicle that transports PHI or e-PHI must be covered, locked, and attended at all times. It may not be used to transport any materials that could damage your documents.
The best way to ensure the save transition of your PHI is to partner with a moving company like Gilmore Services. We have the expertise to protect your valuable documents during a move – and to store your documents properly.
HIPAA regulations are there to protect patients. It’s essential to be aware of HIPAA compliance when you store documents and any time you move them from one place to another.
To learn more about Gilmore Services’ HIPAA compliant storage and moving, please click here now.