One of the biggest changes to the shredding industry over the years is the appearance of the "Mobile Shredding Truck". Usually coming fully equipped with a shredder, tv monitor, and a big bad name, shredding trucks have their good qualities, but poor ones too. A lot of companies seem to enjoy the ability to view in "real time" the shredding of their documents. Unfortunately, what a lot of companies don't know is that on-site shredding can be performed by less than qualified staff and a less than qualified company.
Yes, you heard it right. Anyone with a cell phone, a one page website, and a truck can pass themselves off as a mobile shredding company. Are their services actually helping you become compliant with the laws? Do they have strict information security policies in place? What happens if the truck breaks down (like in the picture below). What is the level of security of the shredder that is being used in the truck? Some mobile shredding trucks have shown to actually let WHOLE CHECKS pass through, unshredder (proof is in the pudding, I mean picture, below). These are some things you need to question before electing to use a mobile shredding company.
How comfortable would you feel if yourdocuments were shredded in that mobile truck?
And then, ask yourself, how comfortable would you feel having a mobile shreddingtruck shred your documents when the shredder lets WHOLE CHECKS pass through?
Off-site shredding is done by a shredding company who has a warehouse (real estate), an industrial shredder, and a bonded and insured warehouse staff, at the very least. Usually, a company that performs off-site shredding also offers and performs other records management related services and they hold certifications and memberships in order to do so, adding to their legitimacy.
I like the analogy of likening an off-site shredding company to a bank. You give the bank your money but you don't see them put it in the vault, so how do you know it is safe and will be there when you need it? Because a bank is insured. With a bonded and insured shredding company, you have the same circumstances. You don't need to watch the shredding be performed to know that your document will be securely and properly disposed of due to associations like NAID, the National Association of Information Destruction. NAID is the association that verifies and puts their "stamp of approval" on those companies who follow the highest security measures in their shredding operations.
We aren't saying that you should not use a mobile shredding company (but you really shouldn't!) but what we are saying is, we don't think this mobile shredding trend is here to stay. What do you think? Feel free to leave you comments in the box below...
So shredding your documents sounds easy, right? Well, part of the process is easy, the part where you find a reputable vendor. There are many shredding companies out there that offer a wide range of services to suit the needs of any size company (and even those who need to have personal shredding done). A reputable vendor can take care of the grunt work for you by performing the hard labor, picking-up your documents and either shredding them or storing them. The not-so-easy part of protecting your sensitive documents is being compliant with data protection laws in ALL facets... having a reputable vendor is just the "tail-end" of compliance.
Before you go looking for a company toshred your information, you need to take a look at the laws that affect you that govern what measures need to be taken in the data protection process. Although reading through each law is important (yes, tedious, but necessary), one important yet ambiguous part of the laws is that they are not specific. In fact, they are not specific for a specific reason. Most laws use terminology such as "reasonable measures" when it comes to what you "must do" in order to protect your clients or patients sensitive information. So what does a "reasonable measure" constitute? Well it depends on a lot. What you must do, though, is to spend time working out what is reasonable cost-wise and effort-wise for your entity and then draft a written policy on the measures that you have decided to implement.
Your written policy should at the very least include the following:
-What your entity considers sensitive information
-What should be done when someone in your entity needs to dispose of sensitive information
-What training will be given to employees to ensure that all sensitive information is disposed of properly
-What vendor you will be using for shredding and document storage
-What your emergency plan is in the event a natural disaster strikes in the area of your office location
-What your plan is in the event of a security breach in your office
Don't know where to start now? Well here's a place, download our Compliance Packet by clicking the button below and get our 11 page packet that includes a summary of Massachusetts Data Protection Laws 93H & 93I, a compliance checklist, and an example of Safeguard's Written Information Security Policy.
It's that time of year again, time for spring cleaning. Usually most people spend daunting days and countless hours organizing their documents every year, but we think that should change. Instead of having everything pile up each year waiting to steal your precious spring days away from you to organize it all, why not implement a plan, a document organization plan, that would allow you to never have to waste spring days again??
We'll do you one better than just telling you that you should formulate a plan, we'll GIVE you the plan! And its SIMPLE! What could be better? If you follow our three-step plan, we know that these three steps will bring you closer to free spring days and futher away from docu-disaster.
Step 1: Digitize. When you come across important documents or files, scan them. Save them on a hard drive, disk, or flash drive. Ensure that these are all secure electronic storage methods by password protecting documents. If you can do this daily or even weekly and get into the habit of it, you will thank yourself in the long-run.
Step 2: Decide. So you've digitized important files. Now you need to decide whether or not the document should have a hard copy stored or if the document is safe to be securely shredded.
Step3: DO! Once you have decided to either store the documents or shred the documents, DO IT!
Having a certified and secure document shredding and archiving vendor can not only help to save you time in that you don't have to shred the documents yourself and office space in not having to store your documents on-site, but a vendor makes it easy to get in the habit of storing and shredding. If you have a box of documents you need to add to your storage account, just give them a call and they should be able to retrieve your box, barcode it, add it to your inventory, and securely store it for you. They should also be able to deliver any documents or files to you upon request. A vendor that stores your documents as well as shreds them is a blessing. Usually, a vendor can provide you with locked, slit-top shredding bins or console that can be placed in your office that you can place sensitive documents into whenever you come across them. Change out of full bin or console for an empty one is just a phone call away.
So now you've got a plan. Give us a call and lets get started!
Calling all Doctors' offices! Are your data disposal practices HIPAA compliant? Do you feel comfortable with your employees' knowledge of HIPAA? Are you sure that they are following correct protocol? If you have any question in your mind about HIPAA related data disposal, then we have the perfect answer for you. It's called the NAID Employee Information Disposal Training Program. This program was developed by NAID, the National Association of Information Destruction, and is brought to you (Doctors' Offices) by document destruction vendors that are members of NAID. Safeguard Records Management is a document destruction vendor, and member of NAID, who has realized the importance of this training video and has absorbed the costs of the video and training materials to bring this NAID program to you FREE OF CHARGE.
One of the many benefits of this training includes the fact that it is the ULTIMATE RISK MINIMIZER. "How?" you ask... well, NAID has stated that "HIPAA regulators have written that when employees are appropriately trained on proper data disposal, healthcare providers will not be held full responsible for disposal violations". At the same time, NAID also tells us that "HIPAA regulators have stated that failure to provide such training will result in the highest level of mandory fines".
So what do you have to lose? well, a lot if your office doesn't take advantage of this training program that can be completed in only about a half an hour! To learn more, watch the NAID video below and then when you are ready to have your risk minimized, click on the blue button to request more information or to schedule a training session!
As 2011 comes to a close, businesses and offices are wrapping up their yearly doings, taking time to enjoy the holidays with colleagues, and getting ready for the start of the new year. Safeguard is too! Safeguard Records Management has decided to bring TWO exciting new offerings to the table in order better serve our destruction and archive customers.
Our first new offering will allow prospective and current ongoing destruction customers to have choices when it comes to their ongoing destruction bin. We are offering a new, duraflex destruction console in addition to the two convenient sized 35- and 65- gallon bins.This Console has many benefits over our shredding bins for offices looking for a more aesthetically pleasing ongoing destruction solution.
The sleek, clean console with a slit top and locking door allows for the security of a locking bin with the added benefit of looking more like it "belongs". Also, the console stays in place with only the interior insert being emptied rather getting a different bin during every rotation.
If your interested in receiving a shredding console, or switching our your bin for a console, contact Sean Kelly via contact form, phone, or e-mail.
Watch this video in order to get a general idea of what the Compliance Training can do for your office
Our second, most exciting offering that Safeguard has decided to take on and provide to our customers in the healthcare industry is the Doctor's Office Compliance Training Program. This exciting program has been developed by NAID, the National Association for Information Destruction and is applicable to healthcare and dental offices. And the best part... it's free! Yes, FREE! The way NAID gets this compliance training program out to healthcare offices is through certified NAID document destruction providers like Safeguard Records Management.
The program can easily be summarized with the 3 following steps:
Receive the video
Watch & Learn
That's it! Simple and quick and you're compliant, just like that! So what are the benefits of your office completing this compliance training you ask?
The best part about completing the HIPAA compliance training is, primarily, that you are at less risk of a breach of patient information (and yes, there is a but) BUT everyone knows that anything can happen these days and breaches can happen even in the most compliant and secure offices so here is where the training program really gives you a HUGE benefit... even if there is a breach of data or information, YOU ARE NOT HELD FULLY LIABLE BECAUSE YOU TOOK THE NECESSARY STEPS (i.e. the training) IN ORDER TO BE COMPLIANT!
Can it get any better than that? For minimal time and ZERO cost to you, your office can get trained on compliance with the HIPAA regulations for safeguarding healthcare information. With the maximum HIPAA fine going up 6,000% from $25,000 to $1,500,00 you have to ask yourself, can you really afford not to complete this zero cost training? (Click for more information on HIPAA)
2012 is gearing up to be a great year for Safeguard Records Management as we look to expand and improve our services in order to meet and exceed the growing needs of our customers. If you'd like to have Sean Kelly get in touch with you regarding anything you have read, please fill out a Contact Us form and he will respond to your inquiry within a couple of hours. In the mean time, be on the lookout for more information on our shredding consoles and the Doctor's Office Compliance Training Program so you can take advantage of it as soon as the new year rolls in!
Happy Holiday's and Happy New Year from everyone at Safeguard!
It's that time of year again. Time for carving pumpkins, getting out your spookiest decorations and stocking up on candy for the hoards of kids who will soon be roaming the neighborhood.
Halloween has changed a lot over the years. Although it's hard to imagine these days, Halloween or All Hallow's Eve, was not a popular holiday among the early Protestants living in the New England Colonies. It was considered too connected to the religious trappings of the Old World to garner much interest or support. Over time, however, as more and more immigrants brought their All Hallow's Eve traditions with them to their new homeland, the lure of parties, games and costumes proved irresistible, even to our stoic New England ancestors. The holiday we know as Halloween eventually took hold and prospered.
Just as holiday traditions change, so do the rules of how we conduct business. In Massachusetts, companies are subject to a variety of both state and federal laws that mandate how customer information is handled. While business records management used to be something left to the discretion of the individual company, serious concerns about data security and the rise in identify theft have necessitated a more formal approach. It's no longer sufficient, wise or even legal to leave sensitive customer documents lying around the office. It's now a requirement to have a clear, systematic process in place to maintain and manage this type of information.
While federal laws like FACTA, HIPAA and the Gramm-Leach-Bliley Act pertain to specific industries, Massachusetts General Laws 93H and 93I apply to companies across the board. Under 93H, any business in Massachusetts that retains an individual's name, Social Security number, driver's license number or financial account number (such as a debit or credit card) must have a written plan outlining their data/document security procedures and conduct regular audits to ensure that the procedures are being followed. 93I requires that both documents and electronic files containing sensitive information be destroyed according to a set plan and schedule. Failure to comply with either regulation can cost companies thousands of dollars—per mismanaged record.
Overwhelmed yet? Don't be. At Safeguard Records Management, we've created a business records management system that will ensure that your company stays in compliance with all federal and state laws requirements. We use the latest technology to maintain, track and secure your sensitive files, and will work with you to develop a customized solution for your unique set of data security needs. We offer a range of services to help businesses manage not only the daily record-keeping process, but the storage and destruction of old company files as well.
Safeguard Records Management prides itself on its comprehensive business records management system and its ongoing commitment to customer service. Contact us today to learn more about how we can provide your company with a safe, reliable, and economical solution to your data security and storage needs.
The US Department of Health and Human Services (HHS) fined Massachusetts General Hospital $1 million today for losing the medical records of 192 patients, the second ever fine imposed on a healthcare organization for violating the Health Insurance Portability and Accountability Act (HIPAA),
HHS's Office for Civil Rights (OCR) made the following statement in their press release:
"We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information.”
The records that were lost in this case were not electronic, but the law and penalties do not differentiate. However, if encrypted electronic records are lost, you are not required to notify HHS or patients of the incident. In other words, encrypt your data!
The first ever fine for HIPAA violations, imposed on Tuesday, was $4.3 million dollars against Cignet Health of Maryland. Cignet had failed to provide patients a copy of their medical records upon request.
The really disturbing part, though, was that, after Cignet attempted to ignore the government's enforcement action, not only did they deliver the 41 patients' records to the Department of Justice, they handed over 59 boxes of patient medical records, including records for 4500 people unrelated to the case.
From time to time, I have asked health care professionals what they are doing to comply with HIPAA. One doctor told me, "When they start putting doctors in jail, I'll worry about encrypting my records." Maybe these enforcement actions by HHS will change his mind.
Data Leakage Prevention tools and encryption can both play a part in being HIPAA and HITECH (Health Information Technology for Economic Clinical Health) compliant. For details on how Sophos can help, browse over to our HIPAA hot topic page.
If you work in the healthcare industry, stop by our booth at the Healthcare Information and Management Systems Society conference in Orlando March 21st to 23rd. You can find us at booth 5178 to learn more about how we can help you secure your patients information.