EcoShredding Blog

What You Need to Know About HIPAA-Compliant Shredding

HIPAA Compliance form and stethoscope on a deskThe Health Insurance Portability and Accountability Act (HIPAA), a list of standards for organizations and businesses to protect patient files and other medical records, was created in 1996 in the interest of preserving patient privacy.

These standards require that sensitive information is “rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed” after they are no longer needed. HIPAA is not only important to the safety of patients but to that of businesses, as noncompliance often results in expensive fines or criminal charges.

Who Does HIPAA Affect?

Healthcare providers aren’t the only ones who need to ensure compliance with HIPAA. Any third-party business or professionals performing services for healthcare providers and organizations, such as consultants, attorneys, and CPAs, must remain compliant as well. In short, HIPAA affects anyone who has access to the Protected Health Information (PHI) of others.

What Qualifies As PHI?

Protected Health Information refers to personal identifiers, including:

  • Names;
  • Social security numbers;
  • Full face photos;
  • Geographic identifiers;
  • Phone numbers;
  • Email addresses;
  • Dates;
  • Health plan beneficiary numbers;
  • Account numbers;
  • Certificate/license numbers;
  • Medical record numbers;
  • And more.


Why Do I Need A Shredding Company?

Using a qualified, NAID certified shredding company is the safest way to ensure you’re disposing of medical records and other PHI properly.

The following are a few reasons you shouldn’t tackle this on your own or enlist an employee:

  • HIPAA requires any person disposing of PHI be trained on procedures and policies beforehand. Employee training costs both time and money, so it’s best to leave it to the professionals.
  • HIPAA also states that a business must be able to provide a certificate of destruction proving the relevant documents have been properly destroyed. A professional shredding company will provide this certificate upon completion.
  • You’ll need to dispose of more than just paper documents. HIPAA requires that digital files be destroyed as well, a task your in-office shredder is unlikely to accomplish.


When it’s time to dispose of medical records or other sensitive information, contact EcoShredding to request a free estimate! We’ll be happy to ensure you comply with all shredding regulations.

Get Your Free Quote

Latest News & Events