DO NOT, I repeat, DO NOT let this happen to you! Even though everyone says "oh, it won't happen to me", don't be that person. It can, and will, happen to you. What is 'it' though? 'It' is the heavy imposition of FINES on you for the improper disposal of sensitive information. These fines are imposed by both Massachusetts state laws (93H and 93I which require the proper destruction of information containing social security numbers, driver's license numbers, financial account numbers, and credit or debit card numbers) as well as federal regulations like HIPAA that require the secure destruction of PHI (protected healthcare information)as well as FACTA. If anything is to be taken away from this blog, it should be that the DUMPSTER is NO PLACE for the disposal of any kind of sensitive record. If you even have to question whether or not the information is "sensitive", then it probably is. Too many times companies, large and small, are exposed, and fined heavily, for disposing of sensitive information belonging to their clients, patients, or customers simply into the trash.
For the companies that don't heed warning and do not take the proper steps to ensure the security and proper disposal of sensitive information, they are used to make examples of what NOT to do. This is done by way of news reporters plastering the names of companies, and what they did, all over the headlines. For example, big corporations like RiteAid, Walgreens, and CVS were all EXPOSED for their improper disposal of private prescription information. Hitting closer to home, St. Elizabeth's Medical Center is investigating how patient financial information was found floating around on the streets outside of a building in Charlestown. Thankfully, the hospital is taking the correct measures to ensure that this does not happen again. Also, the hospital did what it is required to do by law when a data breach of this sort happens and they notified the Massachusetts Attorney General's office.
Then, we come across a more interesting situation where SHREDDED PAPER was used as confetti in the Macy's Thanksgiving day parade. So what's the big deal? We'll the shreds were very thick and cut perfectly horizontal across the paper so that perfectly clear lines of text were able to be read, including social security numbers, and other sensitive information. It is clear that a typical office shredder was used to shred these documents since that is the common level of "security" that an office shredder provides. The differences between an office shredder and a commercial shredder is the level of security in the 'cut' of the paper. Security levels 1-6 exist with the higher the level, the higher the security of the cut. Office shredders typicall have level 1 or 2 security where the shreds of paper are thick, easy to read and easy to reconstruct. Security levels 3 and 4 give consequtively smaller cuts of paper and allow for cross-cutting, inhibiting the readability of the shreds as well as inhibiting the ability to reconstruct the shreds. Security levels 5 and 6 are recommended for destroying top-secret government or research documents due to the shreds coming from this shredder being like grated-cheese. It is typical of a commercial shredding company to have a shredder with a security level from 3-6. Then, in some instances, a reputable shredding company will go one step further and have your shreds pulverized and recycled.
The one thing that could have made a huge difference in each of these three situations is if the drug stores, the hospitals, and the police stations had all used a document shredding and storage company for their storage and destruction needs. Although the actions of safe and secure document storage and destruction seem straight forward and simple, they are best to be left in the hands of those companies who make it their sole purpose to protect information (yes, even AFTER it is shredded!).
As 2011 comes to a close, businesses and offices are wrapping up their yearly doings, taking time to enjoy the holidays with colleagues, and getting ready for the start of the new year. Safeguard is too! Safeguard Records Management has decided to bring TWO exciting new offerings to the table in order better serve our destruction and archive customers.
Our first new offering will allow prospective and current ongoing destruction customers to have choices when it comes to their ongoing destruction bin. We are offering a new, duraflex destruction console in addition to the two convenient sized 35- and 65- gallon bins.This Console has many benefits over our shredding bins for offices looking for a more aesthetically pleasing ongoing destruction solution.
The sleek, clean console with a slit top and locking door allows for the security of a locking bin with the added benefit of looking more like it "belongs". Also, the console stays in place with only the interior insert being emptied rather getting a different bin during every rotation.
If your interested in receiving a shredding console, or switching our your bin for a console, contact Sean Kelly via contact form, phone, or e-mail.
Watch this video in order to get a general idea of what the Compliance Training can do for your office
Our second, most exciting offering that Safeguard has decided to take on and provide to our customers in the healthcare industry is the Doctor's Office Compliance Training Program. This exciting program has been developed by NAID, the National Association for Information Destruction and is applicable to healthcare and dental offices. And the best part... it's free! Yes, FREE! The way NAID gets this compliance training program out to healthcare offices is through certified NAID document destruction providers like Safeguard Records Management.
The program can easily be summarized with the 3 following steps:
Receive the video
Watch & Learn
That's it! Simple and quick and you're compliant, just like that! So what are the benefits of your office completing this compliance training you ask?
The best part about completing the HIPAA compliance training is, primarily, that you are at less risk of a breach of patient information (and yes, there is a but) BUT everyone knows that anything can happen these days and breaches can happen even in the most compliant and secure offices so here is where the training program really gives you a HUGE benefit... even if there is a breach of data or information, YOU ARE NOT HELD FULLY LIABLE BECAUSE YOU TOOK THE NECESSARY STEPS (i.e. the training) IN ORDER TO BE COMPLIANT!
Can it get any better than that? For minimal time and ZERO cost to you, your office can get trained on compliance with the HIPAA regulations for safeguarding healthcare information. With the maximum HIPAA fine going up 6,000% from $25,000 to $1,500,00 you have to ask yourself, can you really afford not to complete this zero cost training? (Click for more information on HIPAA)
2012 is gearing up to be a great year for Safeguard Records Management as we look to expand and improve our services in order to meet and exceed the growing needs of our customers. If you'd like to have Sean Kelly get in touch with you regarding anything you have read, please fill out a Contact Us form and he will respond to your inquiry within a couple of hours. In the mean time, be on the lookout for more information on our shredding consoles and the Doctor's Office Compliance Training Program so you can take advantage of it as soon as the new year rolls in!
Happy Holiday's and Happy New Year from everyone at Safeguard!
Simply put, yes, yes, and YES! Records management might seem more like something a larger company should be concerned about, but even small to mid-sized businesses need to take caution in making sure their records are safe and organized.
Records management for small businesses can range in price and available services, but, if you find a reputable records management company, they can likely give you a customized quote based on the needs and budget of a small business or office. Here are some things to consider first and why records management is so important for all businesses.
Physical or paperless?
Record keeping has seen many changes throughout the years and now businesses have the option of going paperless. The term “paperless” is misleading though, because paperless offices will likely still have important physical documents that need to be stored and retained for a certain period of time, some for the life of the business. For what is paperless (i.e.- hard drives, media tapes, etc.), a records management company can keep your digital information safe and secure.
While physical record keeping will likely always be necessary, record keeping without organization can lead to wasted time and money. This is where a reputable records management company can really do wonders for your small (or large!) business.
Organization and archiving
It might sound a little cheesy, but; an organized office is a happy office. There is less frustration and stress because everything is where it needs to be and can be found easily--a records management system does just that, even for a smaller business.
Businesses who cannot rely on dozens of employees to keep them organized need to rely on a system that can keep them constantly updated and archive their important records and information. Sometimes, smaller businesses have a bad habit of archiving and saving everything. While a good precaution, this can turn chaotic.
A records management company can help any business make sure all important documents are properly archived and organized and that unnecessary documents are shredded at the end of their retention time. And all this can be done on just about any budget.
Protection and prevention
An added benefit of having a records management company is that your documents likely be better protected from naturally occurring disasters, security compromises, and other bad scenarios. A records management company can help protect records from:
- Fire, flood, earthquake, or other natural disasters at your office location
- Physical Security breaches
- Security breaches from an online attack
Even small businesses are liable for the damage that can be done from disaster and security breaches. Every company, whether it is three employees or three thousand, needs to take steps to ensure all information secure and protected.
All in all, records management isn't just for the big guys in business. Smaller businesses can benefit from companies like Safeguard Records Management because of the specialization it affords to them.
Here's a recap:
- Implementing records management means small businesses will save money in the long run.
- Everything will be properly archived and easily accessible, saving time and money.
- Offsite services can protect and organize your records, letting you manage your business hassle-free.
- More work can be done in the time saved and there will be better efficiency in day-to-day tasks.
Don't fall behind simply because of improper record keeping. All types of businesses benefit from properly managed records and having it done properly by professionals, no matter how large or small.
Consider it a requirement for all businesses to run smoothly and provide the best service they can to their customers without worrying about their files being where it they need to be. That only reflects poorly on the business, and no business should look unprofessional because of something that can be simply (and cheaply) fixed.
The maximum fines for HIPAA violations have increased from $25,000 to $1,500,000. That's a 6,000% increase! Violations could include acts such as not properly destroying patient information before it is discarded. Also, if a practitioner has knowledge that their patients information has not been properly discarded, they are legally required to let both the authorities as well as their patients know that information is at risk.
The States' Attorneys General are now the ones in charge of ensuring HIPAA compliance. This change is meant to increase the policing of health care providers. AGs have already shown that they are ready to enforce the HIPAA laws and they are currently being trained by the Office of Civil Rights on how to effectively enforce HIPAA.
With fines reaching over one million dollars, you can never be "wrong" in doing what is right, performing safe and secure document destruction with Safeguard Records Management!
The US Department of Health and Human Services (HHS) fined Massachusetts General Hospital $1 million today for losing the medical records of 192 patients, the second ever fine imposed on a healthcare organization for violating the Health Insurance Portability and Accountability Act (HIPAA),
HHS's Office for Civil Rights (OCR) made the following statement in their press release:
"We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information.”
The records that were lost in this case were not electronic, but the law and penalties do not differentiate. However, if encrypted electronic records are lost, you are not required to notify HHS or patients of the incident. In other words, encrypt your data!
The first ever fine for HIPAA violations, imposed on Tuesday, was $4.3 million dollars against Cignet Health of Maryland. Cignet had failed to provide patients a copy of their medical records upon request.
The really disturbing part, though, was that, after Cignet attempted to ignore the government's enforcement action, not only did they deliver the 41 patients' records to the Department of Justice, they handed over 59 boxes of patient medical records, including records for 4500 people unrelated to the case.
From time to time, I have asked health care professionals what they are doing to comply with HIPAA. One doctor told me, "When they start putting doctors in jail, I'll worry about encrypting my records." Maybe these enforcement actions by HHS will change his mind.
Data Leakage Prevention tools and encryption can both play a part in being HIPAA and HITECH (Health Information Technology for Economic Clinical Health) compliant. For details on how Sophos can help, browse over to our HIPAA hot topic page.
If you work in the healthcare industry, stop by our booth at the Healthcare Information and Management Systems Society conference in Orlando March 21st to 23rd. You can find us at booth 5178 to learn more about how we can help you secure your patients information.