I recently visited a doctor that I hadn’t seen in a while. And so, of course, was asked to fill out a whole new set of patient paperwork.

The office understood that HIPAA requires a patient’s annual consents as far as who (besides the patient) can have access to the patient’s medical records.

What the office apparently didn’t understand, however, was that their forms from the 90’s don’t meet current data privacy laws. I was asked for my social security number among other Personally Identifiable Information (“PII”) even though there was no need for that kind of data in order to process my office visits to my medical insurance provider.

Ai yi yi

Every day, there is a new data breach. The last thing you want to have happen is to have your company be the ripe repository for a pile of PII that you really didn’t need in the first place. Or, that you needed way back when, but have no need for anymore.

Just like that expire jar of salad dressing in the back of your refrigerator, make sure your business housekeeping includes purging those old files (both electronic and paper) that have long since expired.