Storage & Shredding: Expert Advice

Protecting Your Sensitive Documents: What You've Been Missing

Posted by Arielle Burdulis on Wed, Aug 15, 2012 @ 12:56 PM

So shredding your documents sounds easy, right? Well, part of the process is easy, the part where you find a reputable vendor. There are many shredding companies out there that offer a wide range of services to suit the needs of any size company (and even those who need to have personal shredding done). A reputable vendor can take care of the grunt work for you by performing the hard labor, picking-up your documents and either shredding them or storing them. The not-so-easy part of protecting your sensitive documents is being compliant with data protection laws in ALL facets... having a reputable vendor is just the "tail-end" of compliance.

Before you go looking for a company to shred your information, you need to take a look at the laws that affect you that govern what measures need to be taken in the data protection process. Although reading through each law is important (yes, tedious, but necessary), one important yet ambiguous part of the laws is that they are not specific.  In fact, they are not specific for a specific reason. Most laws use terminology such as "reasonable measures" when it comes to what you "must do" in order to protect your clients or patients sensitive information. So what does a "reasonable measure" constitute? Well it depends on a lot. What you must do, though, is to spend time working out what is reasonable cost-wise and effort-wise for your entity and then draft a written policy on the measures that you have decided to implement.

Your written policy should at the very least include the following:

-What your entity considers sensitive information

-What should be done when someone in your entity needs to dispose of sensitive information

-What training will be given to employees to ensure that all sensitive information is disposed of properly

-What vendor you will be using for shredding and document storage

-What your emergency plan is in the event a natural disaster strikes in the area of your office location

-What your plan is in the event of a security breach in your office

 

Don't know where to start now? Well here's a place, download our Compliance Packet by clicking the button below and get our 11 page packet that includes a summary of Massachusetts Data Protection Laws 93H & 93I, a compliance checklist, and an example of Safeguard's Written Information Security Policy.

Click me

 

 

Tags: data security, data protection, document shredding services boston, compliance laws, legal file shredding, Massachusetts State Laws, Federal FACTA, Protected health information, 93H, HIPAA, non-compliance, destruction, document management, Document Destruction regulations, Legal file archiving, federal regulations

Records Management for Legal Professionals

Posted by Arielle Burdulis on Fri, Jun 22, 2012 @ 01:42 PM

Legal As a legal professional, you generate tons and tons of files and confidential client information. Your industry or professional associates counsels you on what you should be doing with this information, how long you should keep it for, and when it can  disposed of. Implementing the safe-keeping and safe destruction of your files though, is what is not so straight forward. Your private information is sacred to you, and you are probably weary of letting it out of your sight and handing it off to some self-storage company or leaving it unsecured in the office basement, as you should be. Then when it comes time to destroy those files of yours whose retention time is up, do you have the office intern sit at a paper shredder and manually feed your papers into an office shredder? How are those "shreds" then disposed of? Hopefully not in the dumpster.

As you can see, there are a lot of questions that arise even with the counsel of your industry advising you on what files to keep and for how long. To get rid of your headache, that is where records management company comes in. A reputable records management company can provide safe, and secure storage in climate controlled conditions where your files can be kept for the remainder of their retention period. When that retention period ends, a reputable records management company will also be able to provide certified shredding where after the shredding, the shreds are recycled so that no traces of your information exist except for the white pulp that may then be used again to fulfill one's morning coffee desires.

Find out what a Records Management company can do for YOU....

Need a place to get started? Click below...

Click me Click me

Need some pricing? Click below...

Click me

 Green Customized Shredding Quote

 

Tags: legal file shredding, Massachusetts State Laws, Boston, Office Records Destruction, 93I, 93H, non-compliance, Legal file archiving, compliance, Document Archiving, Records Storage boston, records storage worcester, identity theft, legal file storage, archiving

The Information Disposal Training Program for Employees, brought to you by NAID!

Posted by Sean Kelly on Fri, Apr 06, 2012 @ 01:28 PM

Calling all Doctors' offices! Are your data disposal practices HIPAA compliant? Do you feel comfortable with your employees' knowledge of HIPAA? Are you sure that they are following correct protocol? If you have any question in your mind about HIPAA related data disposal, then we have the perfect answer for you. It's called the NAID Employee Information Disposal Training Program. This program was developed by NAID, the National Association of Information Destruction, and is brought to you (Doctors' Offices) by document destruction vendors that are members of NAID. Safeguard Records Management is a document destruction vendor, and member of NAID, who has realized the importance of this training video and has absorbed the costs of the video and training materials to bring this NAID program to you FREE OF CHARGE.

One of the many benefits of this training includes the fact that it is the ULTIMATE RISK MINIMIZER. "How?" you ask... well, NAID has stated that "HIPAA regulators have written that when employees are appropriately trained on proper data disposal, healthcare providers will not be held full responsible for disposal violations". At the same time, NAID also tells us that "HIPAA regulators have stated that failure to provide such training will result in the highest level of mandory fines".

So what do you have to lose? well, a lot if your office doesn't take advantage of this training program that can be completed in only about a half an hour! To learn more, watch the NAID video below and then when you are ready to have your risk minimized, click on the blue button to request more information or to schedule a training session!

NAID training program

Tags: data security, data protection, document shredding services boston, compliance laws, Protected health information, HIPAA, non-compliance, destruction, Document Destruction regulations, compliance, privacy, PHI, document shredding services worcester, Certified document destruction, worcester shredding, Medical, new laws, healthcare

A Resolution for Records Management

Posted by Sean Kelly on Tue, Jan 10, 2012 @ 11:25 AM
 

New years resolutionAs the memories of our New Year's celebrations begin to fade, all too often so do our memories of our New Year's resolutions. However, no matter how easy it is to slide back into old habits, the New Year is an excellent time to work on making yourself better. The same goes for records management. Now is the perfect time to create a set of resolutions for proper record storage, retrieval, and document shredding. In that spirit, here are our suggestions:

Resolution 1 – We Will Assume All Paper Has Potentially Private Information

No matter how hard you train your employees on NPI procedures, mistakes happen. A document gets mis-filed, or a worker jots down a social security number on scrap paper because their computer locked up.  And, document shredding is cheap. If you shred everything when it's no longer needed, you can't risk an NPI violation, and it reduces your storage and retrieval costs too. An added perk is that most reputable shredding companies recycle all of the paper they shred!

Resolution 2 – We Will Remember That Electronic Records Need Management Too

Yes, having everything computerized makes record storage and retrieval easier, but computers also enable poor records management too. Without physical paper around, filing and destruction deadlines can pass unnoticed. Make sure that your electronic records are policed as carefully as your paper documents.

Resolution 3 – We Will Properly Organize and Barcode Everything We Store

A proper barcoding system does wonders for record storage and document retrieval. It makes final retrieval easier, and allows for a simple way to establish the chain of custody for any set of records. When tied to database software, this also allows for automated tracking of when document shredding time has come around for a particular set of records. Most of the time, if you elect to utilize the help and expertise of a records management company, they will usually either aid in, or perform, the barcoding and organization process for you.

Resolution 4 – We Will Start A Review of Our Records Management Today!

There's no time like the present. Even if you're certain that your business is current on its record storage, document shredding, and data retrieval policies, there's no harm in giving a thorough review of your policies to make sure they're being followed but most importantly, make sure that the policies you have in place are not out of date. Older procedures are not optimized to save time or money because they don’t take advantage of the services that have become more available and more attainable over the years. If you're behind on your record-keeping or you think your policies and procedures could use a tune up, now is definitely the time to start!

And if you need help, don't hesitate to contact us here at Safeguard Records Management Co.  With over fifteen years of experience in record storage and retrieval, and multiple options for secure document shredding, we can help you become fully organized no matter what field you're in.

 Click to read more information on, or request a quote for, Document Shredding and Records Storage to get started on your RM Resolution!

 

 

 

Tags: document shredding services boston, compliance laws, Records management, Office Records Destruction, Shredding company, Saving money, non-compliance, document management, Document Destruction regulations, Document Archiving, reducing cost, document shredding services worcester, Records Storage boston, records storage worcester, archiving

Meeting your Records Management needs in 2012... See what is to come!

Posted by Sean Kelly on Fri, Dec 23, 2011 @ 10:44 AM

As 2011 comes to a close, businesses and offices are wrapping up their yearly doings, taking time to enjoy the holidays with colleagues, and getting ready for the start of the new year. Safeguard is too! Safeguard Records Management has decided to bring TWO exciting new offerings to the table in order better serve our destruction and archive customers.

 

Our first new offering will allow prospective and current ongoing destruction customers to have choices when it comes to their ongoing destruction bin. We are offering a new, duraflex destruction console in addition to the two convenient sized 35- and 65- gallon bins.This Console has many benefits over our shredding bins for offices looking for a more aesthetically pleasing ongoing destruction solution.

The sleek, clean console with a slit top and locking door allows for the security of a locking bin with the added benefit of looking more like it "belongs". Also, the console stays in place with only the interior insert being emptied rather getting a different bin during every rotation.

If your interested in receiving a shredding console, or switching our your bin for a console, contact Sean Kelly via contact form, phone, or e-mail.

Request a shredding console

shredding console

 

 

Watch this video in order to get a general idea of what the Compliance Training can do for your office

Our second, most exciting offering that Safeguard has decided to take on and provide to our customers in the healthcare industry is the Doctor's Office Compliance Training Program. This exciting program has been developed by NAID, the National Association for Information Destruction and is applicable to healthcare and dental offices. And the best part... it's free! Yes, FREE! The way NAID gets this compliance training program out to healthcare offices is through certified NAID document destruction providers like Safeguard Records Management.

 

The program can easily be summarized with the 3 following steps:

Receive the video

 Watch & Learn

 Be compliant!

That's it! Simple and quick and you're compliant, just like that! So what are the benefits of your office completing this compliance training you ask?

 

The best part about completing the HIPAA compliance training is, primarily, that you are at less risk of a breach of patient information (and yes, there is a but) BUT everyone knows that anything can happen these days and breaches can happen even in the most compliant and secure offices so here is where the training program really gives you a HUGE benefit... even if there is a breach of data or information, YOU ARE NOT HELD FULLY LIABLE BECAUSE YOU TOOK THE NECESSARY STEPS (i.e. the training) IN ORDER TO BE COMPLIANT!


Can it get any better than that? For minimal time and ZERO cost to you, your office can get trained on compliance with the HIPAA regulations for safeguarding healthcare information. With the maximum HIPAA fine going up 6,000% from $25,000 to $1,500,00 you have to ask yourself, can you really afford not to complete this zero cost training? (Click for more information on HIPAA)

Compliance Training for Healthcare Professionals

 

2012 is gearing up to be a great year for Safeguard Records Management as we look to expand and improve our services in order to meet and exceed the growing needs of our customers. If you'd like to have Sean Kelly get in touch with you regarding anything you have read, please fill out a Contact Us form and he will respond to your inquiry within a couple of hours. In the mean time, be on the lookout for more information on our shredding consoles and the Doctor's Office Compliance Training Program so you can take advantage of it as soon as the new year rolls in!

Happy Holiday's and Happy New Year from everyone at Safeguard!

 

 

Tags: data security, data protection, compliance laws, records, Records management, shredding worcester, Massachusetts State Laws, Office Records Destruction, Protected health information, Records Retention, Purging, ongoing rotations, HIPAA, non-compliance, Document Destruction regulations, compliance, PHI, records storage, document shredding services worcester, Records Storage boston, records storage worcester, Certified document destruction, shredding console, shredding boston, archiving, new laws, healthcare

4 considerations for choosing the right Records Management Vendor

Posted by Sean Kelly on Fri, Nov 04, 2011 @ 03:00 PM

What to consider when choosing a records management vendor?Records management may be the most important business service that you've never heard of. In an era of increasing identify theft and more stringent regulations, however, it's time to get the facts on this important industry.

 


If your company handles or stores customer information like names, addresses, medical records, Social Security or bank account numbers, then finding a safe, secure way to both manage and dispose your office's paperwork isn't optional—it's mandated by law.  Depending on your industry, your business may be subject to federal laws like HIPAA or the Gramm-Leach-Bliley Act, but state regulations often also apply. Some regs, like Massachusetts General Laws 93H and 93I, require companies to have written procedures that outline how paper and electronic files are secured on a day-to-day basis, as well as how they will be destroyed once they are no longer needed. When companies fail to meet these basic standards, they can be subject to prosecution and end up paying significant fines—sometimes per record.
A secure records management system starts with the right vendor
Here's where a Records Management System (RMS) comes in. These services come in a variety of shapes and sizes, but their purpose is essentially the same: to help companies manage their paper and electronic records in such a way that sensitive information is secured and properly stored, and remains accessible if needed in the future. A typical Records Management vendor will offer some (if not all) of the following services:

  • Site analysis and compliance documentation
  • Secure, off-site record storage for paper files
  • Online access to storage inventory
  • Scheduled document destruction services, one-time or ongoing
  • Document imaging for digital storage and retrieval
  • Disaster recovery planning

Of course, not all Records Management vendors are created equal. There are any number of companies to choose from—not all of whom can handle the job successfully.  Take the time to evaluate each vendor carefully, and consider the following:

NAID Certification
National Association for Information DestructionThe National Association for Information Destruction (NAID) offers training and certification for Records Management professionals. Records Management vendors with this credential have completed extensive training and have pledged to follow the standards and ethical practices of the NAID organization.



Compliance
A reputable Records Management vendor should know immediately what procedures your business needs to follow to be in compliance with federal and state laws. Educate yourself ahead of time regarding your particular industry so that you know whether their recommendations are on-target.

Security Issues
Secure storageLearn how the vendor you are considering secures its own facilities. Ask what safeguards are in place for physical files, as well as digitally stored information. Be sure that the company has a definite policy regarding employee background checks. Every employee, but especially those with direct contact with sensitive information, should be thoroughly checked before gaining access to your company's files.

Customer Service
The Records Management vendor you choose should provide evidence of their commitment to customer service. Consider how responsive and flexible the vendor has been during the sales process: Were they easy to reach? Able to offer scalable solutions to your particular company? Was their pricing competitive? Next, ask for references and determine whether or not existing customers are satisfied with their level of service. Finally, determine what procedures are in place to ensure that the vendor is accessible when needed. 24/7 online access to your records is an absolute requirement.

A reputable, service-oriented Records Management vendor will lower your company's risk exposure, reduce document storage costs and allow you to focus on growing your business. Take the time to evaluate your current and future records management needs—and then find the vendor who is right for the job.

 

Tags: Records management, Boston, Office Records Destruction, Federal FACTA, Records Retention, non-compliance, destruction, document management, compliance, Document Archiving, federal regulations, records management system, worcester shredding, archiving, new laws

How well do YOU know the data protection laws affecting you?

Posted by Sean Kelly on Fri, Oct 07, 2011 @ 03:26 AM

Data Protection LawsVirtually every single business and every single consumer is somehow affected by the following federal and Massachusetts State Laws. See how much you know, good luck!

 

1. What type of information does the FACTA (Fair and Accurate Credit Transaction Act) pertain to?

a.Medical records
b.Legal Records
c.Any and all business related records
d.Any and all consumer information

2. What are considered reasonable measures for the proper and safe disposal of information according to FACTA?

a.Putting the information in black/non-see through bags for disposal in a dumpster
b.Placing the information in sealed boxes for disposal
c.Tearing up the information before disposal
d.none of the above

3. Which of the following destruction methods would put you in compliance with FACTA?

a.Using a NAID certified document destruction vendor
b.Having your documents shredded or pulverized
c.Both A and B
d.None of the above

4. What industry does the Sarbanes-Oxley Act of 2002 impact the most?

a.Medical
b.Legal
c.Real Estate
d.Accounting

5. What are the penalties of non-compliance with the Sarbanes-Oxley Act of 2002 even if the non-compliance was a mistake?

a.A fine up to $1 million dollars and 10 years in prison,
b.A fine up to $100,000 dollars and up to 1 year in prison
c.A fine of $10,000 dollars
d.A prison sentence of 5 years

6. What type of medical information does HIPAA require health care providers to safeguard?

a.Any medical information on any patient
b.medical information that identifies who the patient is
c.Only medical information regarding illnesses and disease
d.Only medical billing information for the patient

7. What is the maximum penalty per HIPAA violation occurring after 2/18/2009?

a.Up to $100 per violation
b.Anywhere between $100- $50,000 + per violation
c.$500 per violation
d.$100-$1,000 per violation 

8. What does the Massachusetts data protection law 93H require businesses to safeguard?

a.Social Security Numbers
b.Driver's License
c.Financial Account Numbers
d.All of the above

9. What does the Massachusetts data protection law 93I require businesses to do?

a.Properly document what information is destroyed and when
b.Have a written policy regarding how any sensitive information should be disposed of
c.Properly store information in a safe and secure manner
d.Witness any document shredding be performed

10. What is the maximum fine per incident of record compromised under the Massachusetts 93H and 93I laws?

a.$100 per record compromised
b.$500 per record compromised
c.$1000 per record compromised
d.$5000 per record compromised

           

          Any area you need to brush up on? Visit the following links to get all the information you need on the state and federal compliance laws that affect you:

          http://www.sarbanes-oxley-101.com/sarbanes-oxley-faq.htm

          http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html

          https://www.privacyrights.org/fs/fs6a-facta.htm

           

          Answer Key:

          1)d,2)d,3)c,4)d,5)a,6)b,7)b,8)d,9)c,10)d

          Tags: Massachusetts State Laws, non-compliance, compliance, fines, test