Health information is some of the most sensitive data there is and all those who handle it have a legal duty to ensure that patient confidentiality is maintained at all times. This means that even when medical records are no longer needed, they must be disposed of in a safe and secure way.

While a lot of healthcare bodies are moving towards paperless systems, there remain a vast quantity of paper records which require a safe disposal route. This ranges from patient files to test results, X-rays and medical records.

These are subject to a complex legal framework – including the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR) – which protects patients and ensures their data does not end up in the public domain.

As a result, all NHS Trusts should have their own dedicated Records Management Policy, to ensure full compliance with the law and many organisations have a dedicated Data Protection Officer.

So what is the best way to dispose of paper records to ensure that your legal duties are being met?

Security shredding is widely considered the most effective way of destroying both confidential documents and data storage media. But, according to NHS Guidelines, the use of a simple, traditional vertical shredder ‘is not suitable for sensitive or confidential information.’

Instead, the NHS advocates ‘the shredding of sensitive paper records to be conducted using a cross cut shredder’ in accordance with European standard BS EN 15713:2009 and the HMG Information Assurance Standard (IS5).

BS EN 15713:2009 gives businesses a framework to manage and control the destruction of any confidential material, demonstrating that they take security seriously. This means that whoever is shredding this material must meet strict security standards.

With this is mind, how can waste managers in the health sector ensure that their paper records and digital data are handled with the appropriate security measures in place?

According to Paul Caldwell, chair of the United Kingdom Security Shredding Association (UKSSA), healthcare waste managers can achieve peace of mind by looking for independent verification that the highest security standards are being met.

UKSSA is the only UK trade association solely dedicated to the security shredding industry and members have to pass a security audit before they can join and are audited every two years to ensure they are maintaining rigorous standards, incorporating both EN15713 and BS 7858 (screening of security personnel).

All UKSSA members must also deliver services which allow their customers to meet their obligations under GDPR.

“Medical records contain huge amount of sensitive information which is protected by law, meaning it requires disposal which is 100% safe and secure”, Mr Caldwell explains.

“UKSSA was founded 25 years ago to promote high standards in security shredding and we still live by that principle today. All our members are audited to the highest standards in the data destruction industry, meaning that if you employ an UKSSA member, you know you are getting a service you can trust.”

To read the full article in the latest issue of Health Business magazine (pages 57-59), click here.