Every hospital is most likely already using a shredding vendor at some level, but did you know that the average document security breach costs organizations $5.85 Million in fees and lost revenue? If you think this can’t happen to your organization, think again. I’m sure this hospital in Georgia didn’t think that their patient records would be blowing across their community after their shredding vendor picked them up either.
We have already covered storage and scanning in our series on document management best practices. Today, we will focus on several best practices in shredding your confidential documents, hard drives, and computers.
To better understand my perspective on healthcare document management, it might be a good idea to go back and read the introduction to the topic and the follow-up posts.
- Why Hospitals Should Worry About Document Management
- Document Storage
- Document Scanning
- Document Shredding
- Document Printing
As I mentioned in the first post in this series, in order to ensure you have an effective hospital document management program, you need to make sure you are using a reputable company that has bonded employees. Yes, this costs a little more but the peace of mind is worth it. You don't want Joe Shmoe from down the street taking your records in the back of his pickup truck and throwing them in the trash or storing them in his glorified garage while telling you that they have been destroyed or securely stored.
Unfortunately, this stuff actually happens fairly often each year like it did in Kansas City, MO. You have to think about the “what if” scenarios in order to proactively protect your organization. If you are using a reputable vendor, they will have the appropriate insurance and indemnification clauses in their agreements to pay those hefty fines you will receive if something does happen.
Ok. Enough with the scare tactics. On to the good stuff.
I’m sure you have seen those huge, ugly garbage cans with big Master Locks sitting around your hospital and administrative offices. First off, when did it become ok to have the same type of garbage can that I wheel out to the curb each week, sitting next to the executive assistant’s desk?
Since we need to remind everyone that we must destroy our sensitive data, I guess we’re stuck with them until someone comes up with a more attractive receptacle.
Document shredding services are typically done onsite. A big truck pulls up to your facility once or twice a week, collects all of those garbage cans, and shreds the paper in their truck.
Some vendors do it off-site. They just pick up the bins, replace them with empty ones and then take the paper back to a central facility to do all of the document shredding.
The vendors will provide you a Certificate of Destruction (COD) when they pick up your bins no matter if they shred them on-site or off, which is important for legal reasons. My concern with off-site vendors is the “what if” scenario we mentioned above. What if something happened and your PHI data was blowing across your community? Yes, you have the COD but that doesn’t stop the news reporting it and giving you a bad name.
I personally would use an on-site shredding company for peace of mind. Plus, if you’re bored, you can watch them shred everything, which can be a good stress reliever!
The pricing methodology is pretty standard across the vendors so that’s great. It’s broken down into four main categories:
- Type of Equipment
- Will you be shredding storage boxes or the big garbage bins?
i. Standard Console - Stationary security box either 36” or 24” tall
ii. Totes (a.k.a. garbage bins) - 64 or 96 gallons
2. Number of Equipment
- How many of each type of equipment?
i. Example: 25 Standard consoles and 10, 64 gallon totes
3. Service Frequency
- How often do you need the vendor to shred?
i. Example: Weekly, Bi-Monthly, etc.
4. Any Irregularities in Service
- Do you not want your vendor walking through your hospital gathering the bins?
i. This would be an irregular service and needs to be priced in the contract
This should cover about 80% of your shredding spend. The other 20% will fall under optional services and surcharges. Here is a list of common services and price ranges.
This should give you a good starting point when negotiating your shredding (document destruction) agreement. Make sure your vendor includes a certificate of destruction for no additional charge.
Side Note: Shredding companies actually take all of that shredded paper, bleach it back to plain white, and then sell it to the paper/printing companies. Were you aware that you are paying a vendor to pick up something that they are going to sell for more than what they charged you? They get paid twice for the same paper. Genius!
The best hospital systems maintain a well organized document management and information security program. They know to keep documents only for the length of time that they are needed. After that point, confidential documents with names, social security numbers, medical history, and other sensitive information are destroyed. Following our recommendations helps maintain trust and integrity with your patients and ensures your health system remains in compliance.