Maybe. Locked containers and a strong contract are good steps, but they’re only part of the confidential
paper disposal solution. HIPAA regulations call for security safeguards including administrative, technical, and physical measures. However, they do not tell covered entities exactly how to implement those measures, because that depends on the particular level of risk in each environment. Each organization must assess its own risk. And often we find that within one organization, the risk can vary from one area to another. In general, we know that shredding paper containing protected health information (PHI) is a standard method of ensuring confidentiality today. It’s acceptable to use locked bins or compactors for interim storage until you can dispose of papers safely by a contractor. But there are many ways to implement a shredding policy and make sure it’s effective. One important way is to hold awareness training sessions for employees. Workers should not stockpile records, such as old reports. This tends to create a greater vulnerability. They must remember to drop records in a bin or shred their contents. Keep bins locked and never allow them to overflow. Larger facilities may choose to use a combination of shredders and locked bins. Place the larger and more costly bins in hidden areas, putting office shredders in more accessible spaces, such as under desks and at nursing stations. In any case, for work force compliance, it’s important that a shredder or bin be readily accessible throughout your building.