Assuming an office and or home shredder provides the same security as a professional document shredding service unfortunately is not true.
Professional shredding companies provide high tech secure cross-cut or micro-cut shredding, secure locked containers, mobile shredding trucks, secure shredding facilities and a Certificate of Destruction verifying that your items have been securely shredded.
The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.
Source: See 45 CFR 164.530(c).
Practices must implement reasonable safeguards to limit incidental and avoid prohibited uses and disclosures of PHI including in connection with the disposal of such information.
HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and/or the hardware or electronic media on which it is stored, as well as to implement procedures for removal of electronic PHI from electronic media before the media are made available for re-use.
Source: See 45 CFR 164.310(d)(2)(i) and (ii).
HIPAA violations will cost your practice. Failing to implement strict safeguards in the disposal of Protected Health Information could result in fines ranging from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation.
Is your practice compliant in the disposal of your PHI?
Source: For more information on proper disposal of electronic PHI, see the HHS HIPAA Security Series 3: Security Standards – Physical Safeguards – PDF.
Source: “https://www.hhs.gov/hipaa/for-professionals/faq/575/what-does-hipaa-require-of-covered-entities-when-they-dispose-information/index.html”
Source: “http://www.naidonline.org/nitl/en/cert/history-purpose.html”
NIST SP 800-88, Guidelines for Media Sanitization
Source: “45 CFR 164.530(c)., 45 CFR 164.310(d)(2)(i). 45 CFR 164.308(b), 164.314(a), 164.502(e), and 164.504(e)., 45 CFR 164.310(d)(2)(i) and (ii).”
Source: https://compliancy-group.com/hipaa-fines-directory-year/
Source: “HHS.gov”
Source: HHS, Federal Register.gov
