Perhaps the HIPAA fog has enveloped me but I'm trying to find a firm, written connection with the PHI destruction rules, "Paper, film, or other hard copy media have been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed," and the NIST Guidelines for Media Sanitation (NIST Special Publication 800-88, revision 1.
I other words how do I show a doubter that the NIST guidelines apply to the Privacy Rule destruction requirements?
Any help is appreciated.
Charlie
------------------------------
Charles Colitre BBA, CHC, CHPC
Compliance & Privacy Officer
Crystal Clinic Orthopaedic Center
Akron,OH
------------------------------