Document destruction demands diligence

Practice Management. By Pamela Lewis Dolan, AMNews staff. March 26, 2007.

Stephen Schutz, MD, said his gastroenterology practice takes patient confidentiality so seriously, secured bins around the office store everything from sticky notes to phone messages.

The Digestive Health Clinic in Boise, Idaho, not only has someone shred the contents in these bins once a week, but the documents are shredded on-site to ensure no outside eyes are ever laid upon confidential patient information.

"Part of it is convenience, but part of it is a little bit of control," Dr. Schutz said of the decision to have the shredding done on-site.

As medical identity theft rises many practices are looking for convenient and secure ways to destroy confidential patient records, particularly those practices converting to electronic files who wish to dispose of many years' worth of paper files.

But a few recent incidents in which document destruction companies mishandled patient files should make clear to physicians that they need to make sure the company they hire knows how to dispose of documents without -- intentionally or not -- letting them get into the hands of identity thieves.

The Utah Attorney General's office launched an investigation last fall after a Salt Lake City news crew found thousands of patient files and x-rays in an unlocked bin outside a third-party company hired by a recycling firm to separate paper files from x-ray films. Utah Assistant Attorney General Richard Hamp said the state passed a law last year that created a penalty of $2,500 per individual whose records were compromised, up to a maximum fine of $100,000. The law took effect in January.