Store it or dispose of It?


Do you have Protected Health Information (PHI), in any form, stored throughout your office or clinical space? Have the documents been there for years? Here are four tips to ensure the secure storage or proper disposal of records containing PHI.

  • Securely Store PHI:
    • Store confidential paper records in locked filing cabinets, locked drawers, or in locked rooms.

Proper storage minimizes the risk of unauthorized disclosures to PHI and data breaches. Always keep PHI out of sight from unauthorized individuals to ensure the confidentiality of patient information.

  • Limit Access to PHI to authorized personnel only:
    • Only authorized individuals with a legitimate business purpose may access PHI or areas that store medical record documentation. Those traveling travel with PHI due to their roles must properly safeguard the confidential information at all times. Never leave PHI, in any form, in a locked vehicle.
  • Review the records retention schedule before disposing of PHI.
    • Review the UT Health San Antonio records retention schedule, consult with your manager or contact the Institutional Compliance and Privacy Office to determine how long the PHI in question needs to be retained, or for assistance with properly disposing of the documents.
  • Use shred bins to properly dispose of PHI:
    • When PHI is ready to be discarded, dispose of the documents in a shred bin or cross-cut shredder to render the information unreadable, indecipherable and unreconstructible. Never discard PHI in dumpsters, recycling bins or other public containers.

Improper storage and/or disposal of PHI may result in HIPAA violations, investigations and hefty fines. For more information, visit IHOP 11.1.15: Safeguards for Protected Health Information.

For questions or concerns related to privacy matters, contact the Institutional Compliance and Privacy Office at or 210-567-2014. The anonymous compliance hotline may also be reached at or by calling 877-507-7317.



Share This Article!