[ Tuesday, June 02, 2009 ]
You may remember that CVS got tagged with a $2+ million fine for failing to protect patient data (mainly, they dumped records). Now, they've announced some of their plans
to improve their operations and better protect the information. Of course, shredding is a big part.
The HITECH provisions of the so-called Stimulus Bill require covered entities to publicly report data breaches of "unsecured" PHI, which HHS has defined as to be all data that isn't encrypted or destroyed. As I noted below, hard copies of data can't be encrypted, and unless you're done with them entirely, they can't be destroyed. But if you ARE done with them, then destruction is basically required; that means shredding of paper documents. And it seems like CVS got the message.
Jeff [9:54 AM]
Blogger: HIPAA Blog - Edit your Template