Moving medical records involves far more than simply packing them into boxes and loading them onto a truck. HIPAA regulations require any company that stores and transports personal health information (PHI) to take precautions to ensure that the documents they maintain are protected from unauthorized access, theft, and damage.
At Gilmore Services, we have the expertise to move medical records safely and securely. Here are 6 critical security steps to protect patient information when you move your medical records.
#1: Back Up All Electronic Medical Records
HIPAA regulations require that all electronic patient health information (e-PHI) must be properly backed up before being transported from one location to another. The backup is necessary so that your documents may be recovered in the event that the original record is damaged or destroyed during your move.
If you choose to use a cloud backup system, make sure that the provider offers end-to-end encryption. If it doesn’t, your data may be at risk during the backup process. End-to-end encryption ensures that your data will never be unprotected.
#2: Pack and Label All Boxes Containing Medical Records
If you are moving paper medical records, you must take precautions before, during, and after the move. Before the move, it is your responsibility to pack all medical records into boxes that are suitable for document storage. Using the right boxes will protect your records from damage.
You must also carefully number and label each box and create a master list. The list will ensure that you know how many boxes you are moving, and which records they contain. You’ll use it at both ends of the move to maintain a chain of possession and track the PHI that you’re moving.
#3: Assign an Administrator to Supervise the Move
Once you know that you will be transporting medical records, you need to assign an authorized employee to oversee the move each step of the way. The person you appoint should be trained in HIPAA compliance and understand what must be done to protect your records during the move.
If you are paying movers, the administrator should inform the movers what they are transporting and track the labeled boxes throughout the move. Keeping records of who is moving records, when they are being moved, and where they are going are all essential.
#4: Never Leave Medical Records Unsecured
During the move, the administrator should make sure that your medical records are never left unsecured. That means that they may not be left in any area where an authorized person could access them, including an unlocked moving truck, a sidewalk, or an open office.
If the boxes must be moved in stages, the administrator or another authorized person must remain with the records at all times.
#5: Hire a NAID-Certified Custodial Service Provider
Custodial service providers who handle medical documents are NAID-certified. That means that they have received specialized training in handling, storing, transporting, and destroying medical records. Partnering with a NAID-certified document management company will ensure that your documents are protected.
Gilmore Services is a NAID-certified company. We have extensive experience in the proper storage and transportation of medical records.
#6: Check All Boxes at Your Destination
When you arrive at your destination, your first course of action should be to check the boxes with medical records against the checklist you made. This is a very important step because it is the best way to ensure that all of your records have made it to your new location and that you have maintained a chain of possession.
If you partner with a document management company like Gilmore Services, they’ll handle the tracking. All boxes will be labeled with a bar code and tracked electronically.
Every company that stores medical records has a duty to keep those records secure during a move. Following the 6 critical steps we have outlined here will ensure that your documents make it safely to your new location.
To learn more about Gilmore Services document management services, please click here.