Ensuring Secure Destruction of Patient Records

Posted  July 09, 2021  by  Jenny Green

Doctor with pen in hand
Ensuring the Secure Destruction of Patient Records


Did you know the global average cost of a data breach in healthcare is the highest of any industry at $7.13M, according to 2020’s Cost Of a Data Breach Report [1]? For many, data is widely regarded as the new oil. But data pertaining to healthcare is the most sought after of all – and data thieves will go to great lengths to obtain it.

Such is the unrelenting, ever more sophisticated nature of their attacks, healthcare continues to be the most targeted and most likely industry to suffer a data breach. This was all but confirmed by the Office of the Australian Information Commissioner’s (OAIC) findings that healthcare accounted for 22% of all notifiable data breaches between January and June 2020 [2]. Ranking well above the second highest reporting sector of finance (14%).

In response, it’s imperative for healthcare professionals to do everything they can to protect the personal information of their patients. Ensuring the secure destruction of patient records is right at the top of that of list, which is explored below to equip you with all of the essential steps to protect your patients, people and practice.

Preventing Patient Record Data Breaches

Last time out, we explored how long patient medical records should be retained and how they can be stored securely. In this instalment, we’re going to uncover some of the major causes of healthcare data breaches – and how they can be avoided.

One of the biggest culprits is the human error often attributed to data breaches. In fact, according to the Cost Of a Data Breach Report, human error still accounts for 23% of all data breaches [1] – with a lack of training often behind this. Staff that are not adequately trained on what patient information should be protected, how it should be protected and how it should be securely destroyed is a data breach waiting to happen.

Unfortunately, healthcare professionals can also be faced with budgetary concerns or limited resources, so they instead opt to use their own in-house document destruction equipment. And then there’s also the pressurised nature of the profession, which has only been amplified since the onset of COVID-19. Of course, patient health will always be a priority, but workers also have a duty to protect patient records.

In addition, such is the financial value of medical records, the threat landscape is wide and often twofold. External bad actors are constantly seeking to exploit opportunities such as unsupervised medical files, or patient records that might be exposed during site moves, for example. But internal frauds and threats also persist to be a problem when easy access to patient records isn’t solely granted to necessary personnel. So, what’s the solution? 

Below are some steps you can take to ensure the protection and secure destruction of patient records.

1. Employee Education and Awareness

For any healthcare business, it’s essential that employees are not only aware of the risks, but also comfortable dealing with and reporting data breaches. By educating staff via regular training and giving them the confidence to identify threats, as well as the ability to confidently handle patient records, this can greatly reduce the human error often attributed to data breaches.

2. Limit Access to Patient Information

Collecting and retaining patient medical records is part and parcel of the healthcare profession in Australia. But only certain individuals will need access to them all of the time. So, try and keep a handle on who can access patient records and only grant access to patient information to the necessary personnel.

3. Establish a Document Management Policy

Documents, such as prescriptions, flowing in and out of your practice is a prerequisite of healthcare. But mislaid and mishandled paper documents are often at the root of high profile data breaches in the sector. By establishing a document management policy, you can gain a complete picture of documents, what information they contain and who has access to them.

4. If in Doubt, Shred-it All

For time poor medical professionals working in a pressurised environment, determining if a document is confidential or not can be time-consuming and confusing. So, reduce the burden on workforces with a Shred-it All Policy – where all business documents are placed in a secure, locked console and securely destroyed once no longer needed.

5. Partner with a Document Destruction Specialist

Shred-it has a long and proud history of supporting the healthcare industry. By partnering with a document destruction specialist, this helps you to avoid the piling up of confidential documents and supports compliance with the OAIC – so you can focus on the all-important task of looking after your patients and serving communities.

Get in touch today to see how our services can protect your patients, people and practice.

[1] Cost of a Data Breach Report 2020
[2] OAIC Notifiable Data Breaches Report: January to June 2020


Disclaimer: This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.

Request a Quote and Start Protecting Your Business Today!

Fill out the form or call 1800 012 012 to start protecting your business today!

Select Service




Company info

Your info

Additional Info

×