The Health Insurance Portability and Accountability Act, or HIPAA, became law in 1996 to protect patient privacy by requiring strict information security procedures for the health-care industry. Any person or organization that collects health-related information -- including hospitals, dentists, mental health professionals and insurance companies -- are required to keep medical histories, logs, forms, bills and other health information confidential and to properly dispose of outdated information by shredding and other means.
Proper Disposal of Information
HIPAA security rules require organizations to train their members in the proper disposal of information and provides procedures on how to dispose of hard copy and electronic data. When no longer needed, paper records must be rendered unreadable and impossible to reconstruct. The files can be burned, shredded, pulped or pulverized to achieve this goal. Health information on electronic media needs to be cleared using specialized software or hardware, purged by degaussing or using strong magnetic fields or destroyed through melting, incinerating, pulverizing, disintegrating or shredding before equipment can be transferred or sold. Labeled prescription bottles need to be kept in opaque bags in a secure area and disposed of via shredding or pulverization by a disposal vendor.