Proposal for Paper Shredders

Internal/Unsolicited

October 22, 2003

 

 

Prepared For: Jefferson Hospital Board Members

Submitted By: Jolie Brentner, Lab Assistant and EMT

 

HIPPA Compliance

 

On Aug. 14, 2002 the U.S. Department of Health and Human Services (HHS) issued Federal Standards for the protection of patient’s medical records and other personal health information.  As listed in Collier Shannon Scotts HIPPA Privacy Rules Made Simple: A Compliance Guide for Employer-Sponsored Health Plans, “Entities covered by the standards have until April 14, 2003 to comply”.  Though the hospital has done a great job informing patients of their rights and employees of the Health Insurance Portability and Accountability Act (HIPAA) in their annual training, we need to take it a step further.  The hospital needs to implement the GBC 1130S paper shedders in our laboratory services, patient registration areas, and patient floors within the hospital. Any areas that patient information is read, received, and printed should also the GBC 1130S shredders.  We currently have Black and Decker shredders in critical care areas but they don’t seem nearly accessible enough.  Co-workers have brought several issues to my attention.  Labels and charts have been placed in recycle bins, which pose a potential ‘confidentiality’ risk to the hospital.  There have been incidences where employees have thrown test requests, patient charts, and other patient information in normal trash bins.  Though we have taken precautions to avoid these types of situations, they still occur on a regular basis and shredders will help to solve this problem.

 

Problem Areas

 

In this day and age there are many unscrupulous people looking to make some quick cash by committing fraud in one way or another.  An example of this is when someone’s legal identity is stolen as a result of information taken from mailed documents, wallets, purses, and files carelessly left lying out on a desk or filing cabinet.  The latest concern is data extracted from Internet files.

 

A recent case of identity theft occurred at Abbott Hospital, where a nurse trainee was recently indicted for selling patient social security numbers and identity theft.  Our Hospital, another Twin Cities hospital, runs the same risks.  In an attempt to establish data privacy procedures and insure against identity theft, our hospital has implemented time consuming investigative procedures to document and record staff who request tests, generate labels and print charts that contain private patient data.  A more efficient process might be to establish a procedure that simply disposes of related documents in the GBC1130S paper shredders, which would be stationed near the printers or order desks.  Shredding makes it nearly impossible to recreate private patient data that is at risk for HIPAA non-compliance violations and used for identity theft. 

 

Our charts and test requests disclose patient’s personal information.  Registration includes more in-depth information on every patient and employee. By installing GBC 1130S paper shredders, employees can simply and quickly insert the paper into the opening and allow the machine to shred it in seconds. Our hospital is busier than most because it is a level-one trauma center that handles many newsworthy cases and is often the focal point for media.  Although unlikely, a reporter that is desperate enough for a ‘hot’ story might dig in the trash bins that are left standing in the maintenance area awaiting pickup and possibly find confidential information.

 

Moving to the electronic medical records protected by double firewalls, using HIPAA coding protocol is a step in the right direction for electronic claim filing with insurance companies.  However, there are still areas of billing, tests, and Anatomical Pathology charts where private data is printed on paper every day to accommodate lab and physician required orders.  We currently use recycle bins for disposal to protect patient information for these types of information.  If there is a criminal-minded maintenance worker or other employee, a hospital recycle bin can be a treasure trove for fraud.

 

Resolution

 

In Radiology, the staff nurse prints up patient tests so they can review and verify patient’s creatinin levels before CT. However, after the tests, the document ends up on a counter or in the trash bin where maintenance staff, patient’s family members, or other non-hospital personnel can view them.  If a GBC 1130S shredder were placed close to where the Radiology prints and reviews the documents they would be shredded after review.  The risk of HIPAA violation and breach of confidentially is eliminated immediately.

 

The Laboratory is another area in the hospital where GBC1130S shredders would be invaluable.  The Lab receives requests from physicians, which contain private patient information for ordering tests. Right now the test requests and labels that print for the specimens get thrown into either a recycle bin or trash bin.

 

There is a second area of concern in the Lab. After completion of the tests, the Technician generates labels with patient information to identify the patient with the results.  Any extraneous labels are left lying about until they are thrown in the trash.  By placing a GBC 1130S shredder by the label printers that are located near where the test results printer the technicians can shred any unused labels, test requests, and test results after they been added to the computer and used on the tubes. 

 

If patient information were to get into the wrong hands the hospital could be faced with a potential law suite and fines from HIPAA of up to $250,000 and ten years in prison for contributing to a breach in patient confidentiality.  This not only will create unexpected financial costs but the costs will take a considerable amount of money out of our budget; a lawsuit can hurt the hospital’s reputation and credibility.  We can also lose grants and other funding that pay for many of the life saving and wellness procedures performed by the hospital and its staff.  Any patient would be hesitant to be treated in a hospital where all they’re personal information is at risk for fraud.  

 

Expense

 

GBC Corporation has agreed to sell the hospital 75 GBC 1130S paper shredders.  The price of the GBC 1130S paper shredders to the hospital will be $249.00 per shredder which includes delivery and a 3-year parts and maintenance warranty.  At this price, the hospital is saving nearly 55% off the list price of $549 for the GBC 1130S paper shredder.  However, the ultimate savings will come to the hospital though being compliant with HIPPA regulations and Patient Rights. 

 

Summary

 

The GBC 1130S paper shredders may seem like an unnecessary investment at a time when budget cuts and layoffs are the norm, but in the long run this simple device is likely to save the county thousands of dollars.  GBC 1130S shredders ultimately guarantee the hospital’s reputation and result in additional clients because the patient not only receives excellent care, but they also feel safe when they are at their most vulnerable.  A GBC 1130S paper shredder guarantees that the patient’s confidentiality is respected.  Patients will know their information is safe and secure.  They will know that anything they say or a treatment they receive will remain between them, the hospital staff, and their physician.  GBC 1130S shredders are another important way to help the hospital be in compliance with HIPAA regulations and patient’s rights.  GBC 1130S shredders are an inexpensive solution to a potentially expensive problem.