May 16, 2013
Commercial shredding services are only for companies with deep document stacks and even deeper pockets, right?
Wrong.
Commercial document shredding is a wise investment for every business, whether dropping off a few sensitive documents to an authorized collections center or scheduling regular pickups over time.
Why not simply purchase a commercial paper shredder for office use? Because this may not be sufficient to guarantee that sensitive information will remain secure until it is rendered completely undecipherable, as required by laws such as FACTA, HIPAA and GLBA. Is it really a good use of time and money to pay an employee to stand at the shredder and monitor the destruction of every single shredded document? As well, employees, unlike machines, grow tired and distracted. In frustration and with a lack of understanding for the importance of the task, employees may discard sensitive information in the trash.
Why risk it when professional shredding trucks can shred thousands of documents in an hour? Commercial document shredding services offer quick, painless processing and the highest security, complete with a Certificate of Destruction confirming your confidential information was properly destroyed prior to recycling.
For Small Businesses with Low Volume
As the Internet has grown bigger, “small business” has gotten smaller. According to research firm IDC, the number of United States home-based businesses will stand at more than 20 million by 2013. Just imagine all the documents 20 million home businesses will generate, not to mention millions of commercial small businesses.
Regardless of size, the value of secure document shredding remains the same. If your business produces low volume, a commercial shredding service like Shred Nations will direct you to an authorized collection center, where you can drop off your documents for shredding and remain in compliance with state and federal laws.
For slightly higher volume businesses, Shred Nations will provide locking storage bins for total security of your documents prior to shredding. At a designated time, the bins are collected and transported to a warehouse where shredding takes place as you monitor the process on closed circuit TV.
For high or ongoing volume, Shred Nations will send a specially equipped truck to shred your documents on-site while you monitor the process.
In each scenario, you will receive a Certificate of Destruction detailing date and time of your document destruction.
Don’t play games with document security. Get secure document shredding for your business.
April 23, 2013
Would you be shocked to come upon a strange person rifling through the dumpster at your place of business?
So-called “dumpster diving” is no crime, and identity thieves are only too willing to dodge banana peels and baby diapers to find the good stuff: credit card numbers, social security numbers, confidential business communications and other items they can use for personal gain.
The real crime here is a company’s neglect to shred important documents. Trash is cash to identity thieves. Hundreds of hours and dollars go into resolving cases of identity theft, such a serious issue that federal and state laws have been enacted for our protection. Shredding documents is the only way to render these documents unreadable and prevent the theft of vital information, both personally and professionally.
Your Corporate Responsibility to Shred Documents
Although the words vary by state, each company’s responsibility to shred documents is as follows:
The company must take reasonable steps to destroy, or arrange for the destruction of, no-longer-needed customer records by (1) shredding, (2) erasing, or (3) otherwise modifying the personal information in those records so as to render the documents unreadable or undecipherable through any means.
Additionally, these laws may apply to your organization:
Gramm-Leach-Bliley Act
This act protects consumers’ financial information and applies to financial institutions, realtors, mortgage and escrow companies, banks, securities firms, accountants and more.
FACTA
The Fair and Accurate Credit Transaction act of of 2003 requires the proper destruction of all personal information on a credit report.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 protects patients’ confidential healthcare information maintained by healthcare providers, healthcare institutions and health insurance companies.
Privacy Act of 1974
This act protects the privacy of federally-maintained records.
Which Documents Should Be Shredded?
Shred any documents your business no longer needs or those which are no longer retainable by law. Types of documents to consider include:
- Financial documents (bank statements, cancelled checks, tax returns)
- Insurance forms and records
- Legal documents (wills, contracts, agreements)
- Medical records
- Credit card documents (receipts, statements, offers of credit)
- Records of deceased family members
- Customer lists
- Human Resource data relating to customers and employees
- Government classified information
Even junk mail, which appears to contain no valuable information, should be shredded to protect your privacy!
March 5, 2013
It is not uncommon for the FBI to go dumpster diving for evidence. But in Hirim, Georgia, a town just outside of Atlanta, the trash is the crime the FBI is investigating.
The problem started when a someone found a dumpster full of medical records. The dumpster was reported to Channel 2 Action news, a local television station. The reporter found that the dumpster was full of medical records. He quickly identified patients information along with addresses and social security numbers. They notified the Hirim Police Department of the medical records. the FBI were notified because there are no local laws that cover privacy.
It appears that the medical records come from two offices that recently moved out of the building. One was and orthopedic office and the other was an office of Family Intervention Services.
The destruction of medical records is a requirement of HIPAA. This can be done by shredding on incinerating the paper. Shredding is more popular because of the costs involved with incineration. The shredding can be done in house or by an Atlanta Shredding Service. The Office of Civil Rights (OCR) at the Department of Health and Human Service (HHS) has stepped up the enforcement of HIPAA privacy laws over the last few year.
Comments Off
February 21, 2013
Various companies namely banks, financial institutions and hospitals are prime sources of confidential information. As such, the responsibility of disposing confidential documents remains a top priority for most companies as breach of intellectual property and identity theft are more prominent than ever. Therefore, when confidential information needs to be disposed of, the most secure method is to ensure the total destruction of the document.
Document shredding is a common business practice that is used to destroy paper documents with the use of a paper shredder. Here are eight top reasons why it is important to shred your documents:
- It is stated in the law. Confidential waste such as medical records and salary information need to be disposed of correctly under FACT and HIPAA. This is a legal measure to ensure that people’s data remain confidential.
- It prevents the occurrence of identity theft. Identity theft is a fast-growing crime that occurs when personal information is stolen and used without your knowledge and consent to commit fraud and other crimes.
- It ensures consumer trust. Customers need to be assured that their confidential information are safeguarded and treated with respect. As such, shredding documents is a tangible proof of protecting this trust.
- It ensures business data will remain confidential. Shredding corporate documents is important to ensure that confidential business information such as new product launches, weekly sales data and competitive reports are only used and consumed by the people rightfully involved.
- It is helpful in avoiding corporate espionage. Companies invest billions of dollars on research to develop new products or services in their pipeline. As such, it is important that all documents are shredded immediately to ensure that competitors do not get hold of these.
- It is a corporate social responsibility effort. Since most companies have now committed to going green, shredding documents makes recycling much easier as a recycling company can easily collect shredded paper.
- Disposing stacks of paper is helpful in saving storage space. Stacks of papers that no longer need to be revisited should be shredded immediately so that space can be freed up.
- Stacks of paper can potentially create a fire hazard. Having papers stacked around the office can create the perfect fuel to start and spread a fire. Shredding documents can ensure that companies prevent the occurrence of fire in the office.
Make sure to shred your documents today!
Comments Off
February 14, 2013
In 1996 Congress passed the Health Insurance Portability and Accountability Act (HIPAA). One of the components of the law was to protect the privacy of patient information. This law required covered entities to properly store and then destroy patient information. Doctors and hospitals now had to secure the information in their care.
Since becoming law the use of medical records has changed significantly. We are in the middle of the national conversion to electronic medical records(EMR). The Health Information Technology for Economic and Clinical Health Act (HITECH) was part of the stimulus package and encourages the conversion to EMRs. This is done with a carrot in the form of grants to digitize but also with a stick in the form of reduce medicare payments for practices that don’t have EMRs.
The use of EMRs provides many benefits to the medical profession but also has new risks. Instead of a few files found in the trash it might be a disk drive stolen that has the information for thousands of patients. This is the reason that HITECH mandated the disclosure of data breaches to patient data.
Medicine has also changed. It is now much easier to get and use genetic information. To protect privacy the Genetic Information Nondiscrimination Act of 2008 (GINA) was passed. This limits the use of genetic information.
To apply the changes from the new laws the Office for Civil Rights (OCR) has issued final rules on how the law would be applied. The OCR is responsible for enforcing the provisions of the law. The full release is on their website but here are some of the major changes:
- Business associates of covered entities are now liable for compliance with HIPAA Privacy requirements.
- Limiting the disclosure or sale of protected health information without consent from the patient.
- Expand individuals’ rights to receive electronic copies of their health information.
- Restrict disclosures to a health plan when the patient has paid for the treatment out of pocket.
- Require modifications and redistribution of the notice of privacy practices.
- Update the individual authorization for research and the disclosure of immunizations.
- Increase access to decedent information by family members or others.
- Adopt HITECH security enhancements to the Enforcement Rule concerning willful noncompliance.
The changes go into effect on March 26, 2013. Practices will have 180 days to comply with the new enforcement provisions. If you want a date it is September 23, 2013. HHS Secretary Kathleen Sebelius said, ”The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”
Comments Off
January 31, 2013
Here is another story about the dangers that medical practices face when handling medical records. The must be maintained by the practice but if they are not stored correctly or destroyed properly then they risk a violation of HIPAA privacy requirements.
The medical records in this story originated at a hospital in Virginia. The best guess is the came with a doctor to Florence, Alabama with a doctor. The doctor worked as a physician at Helen Keller Hospital. The doctor then had to leave their practice to take care of a sick family member. This is where the chain of custody for the records was lost. What is known is a spokesperson for the doctor said he contracted with a local document shredding service to dispose of the records. What we do know is that the records were found in a dumpster.
While the doctor took the patients records away from the first hospital it is still on their letterhead. When the news ran the story they were shown in a poor light. The reporter implied that they should have better care of their patients records. It is hard to imagine any system they could have put in place that prevents doctors from taking out patient information. All they can do is train their employees on the proper care of records to comply with HIPAA and protect patient privacy.
The advice I would give anyone who is using a shredding service is to do a little homework. You want to avoid someone who claims to be a shredder but won’t show you their equipment. This may be in a truck or at their plant. Beware of a “guy in a pickup truck.” They often just take the paper to a recycler who will just bale the paper without any shredding.
The second thing you need to look for is a certificate of destruction. This should detail the volume, date, and method of shredding. Keep this documentation for your HIPAA compliance records.
Comments Off
January 25, 2013
Medical records contain sensitive information about patients and their health, and it is imperative that it is well taken care of. These records contain enough information to easily pass of the identity theft threat, and it is due to this that professional medical records shredding services are required to keep those records from the risk of being stolen. It is no longer enough to throw away those records or medical charts which can easily be sieved through during recycling or trash collecting process.
With all the news of data breaches, patients want to know about the privacy of their medical records. The increasing threat has made people more aware and now they want to know where their information is kept and whether it will remain confidential. Hence, the importance for medical records shredding has become paramount, to not only safeguard the rights of our clients but also to prove the credibility of medical institutions. Following are some of the reasons why medical records shredding is becoming a necessity:
Identity Theft
Identity theft is a common crime in the United States with millions of people victimized each year. And medical records contain a lot of personal information about a client that is more than enough for any criminal wishing to wrongfully acquire that information. Document shredding services make sure that the information is shredded and destructed in such a way it becomes inaccessible.
Patient’s Trust
In order to win over the patients trust you need to assure them that their information is safe with you and that you will take all possible measures to make sure that it does not end up in the wrong hands. Patients’ information is sometimes quite sensitive and the only way to provide complete surety is to guarantee that their documents will be fully destroyed.
It is the Law
HIPAA (Health Insurance Portability and Accountability Act) requires the security of patient records. This includes secure disposal of all patient records.
Document shredding is vital in today’s time and age especially for sensitive information like medical records. You can either opt for onsite or offsite document shredding services based on your own personal preferences and needs. You will not only be doing yourself and your clients a favor but will also be helping Mother Nature as the shredded documents are then passed on to recycling plants, hence saving a lot of trees from being cut each year.
Comments Off
January 8, 2013
Many smaller medical practices have shrugged of the threat of HIPAA violations. It was hard to argue with them. The Department of Health and Human Services (HHS) has target large organizations in the past. That has changed with the announcement of an agreement with the Hospice of North Idaho (HONI).
The violation happened when a laptop from HONI was stolen. The computer contained unencrypted data with the personal health information (PHI) for 441 patients. The even happened in June of 2010. Since the event HONI has taken many steps to protect the information of their patients.
This is the first prosecution of a breach of less than 500 people. The settlement calls for a fine of $50,000. It is an expensive mistake for a smaller practice to make. The HITECH amendments to HIPAA require the practice to notify patients when there is a breach of medical data.
Medical practices of all sizes are now on notice that HHS is actively looking for anyone who violates HIPAA. They are taking the security of medical information very seriously. It is easier to protect the paper documents. The first part is the physical storage of the records and then shredding them once they are no longer needed.
Protecting the electronic records are a bigger challenge. Not many doctors understand the security requirements for networks and servers. This requires the expertise of a network security expert. They can audit how the records are stored and shared. But in the end the weakest link are the lost laptops and data tapes that people take home. These are inviting targets for thieves looking into car windows or on the bus. A better solution might be a cloud storage solution. This allows a practice to focus the security on one server instead of many computers that may not be as secure. The benefit is now the data is available to anyone with a connection to the internet.
Comments Off
December 26, 2012
This is a classic story of what can happen to records that are not properly maintained and destroyed as required by HIPAA. This one takes place in Ammon, Idaho.
The Children’s Center didn’t have enough space to store the records on their employees and students. To get more space they rented out a storage unit from Grand Teton Storage. The Children’s Center failed to pay their rental charges and the unit was taken back. When Grand Teton Storage opened the unit they found the records. Apparently they didn’t want to pay to have them taken away so they left them in a dumpster in Ammon. The owner of the dumpster notified the local news. The records were then taken by local authorities.
So it is obvious that a HIPAA violation took place. Private patient data was not properly destroyed. In the end it is the Children’s Center who is responsible to take care of the shredding. The records are in the hands of the authorities but they will likely end up at the department of health and human services. This is who is responsible for prosecuting HIPAA violations. If recent agreements are any indication then they are likely to pay a hefty price for failing to protect their patients.
I understand the Grand Teton Storage had not been paid so felt they were unlikely to get paid for hiring a shredding service but when are they also responsible. When they took over possession of the storage unit they also took responsibility for its contents. The should have contacted local authorities to let them know there was private information. This is a hole in the system that needs to be investigated and patched. A company should not be able to try and hide records in another businesses dumpster.
The cost of shredding is so low compared to the fines for violating HIPAA it makes little sense to try and avoid it and skirt the law. A well run document destruction program should have every medical practice destroying records on a regular schedule. For most practices this means a bin that is shredded monthly. But larger practices and hospitals shred every week. The key is to match volume with frequency.
Comments Off
December 13, 2012
A man was looking through dumpsters for boxes when he made a shocking discovery. He found boxes and boxes of medical files. They contained the names, addresses, phone numbers, and social security numbers. It is exactly what an identity thief dreams about finding.
The medical records were discovered behind the Dollar Store in North Fort Myers. Since they were not at the doctor’s office then there can be little doubt that it was no accident that they were not shredded. It is a violation of HIPAA to not properly destroy medical records that are passed their five year retention schedule. For most practices this means shredding the patient files.
From what was learned about the practice it is not surprising that they would treat their patients so poorly. It is called Luxor Industries and is already under investigation for prescribing pain medications. These records may also be evidence for that case.
The good news is the dumpster diver called the local news instead of using them to steal. The reporter filed the story and now the medical records are in the possession of the Lee County Sheriff’s office.
The costs of a HIPAA violation are big enough to scare most practices into taking care of their patient’s records. There is not only the threat of fines from HHS but there is the ability for patients to file class action lawsuits against the practice. Hospitals that have violated the law have paid millions in fines
Comments Off
Older Posts »
|
