Storage & Shredding: Expert Advice

Improper Document Destruction offenders EXPOSED

Posted by Sean Kelly on Mon, Nov 26, 2012 @ 12:33 PM

 

confidential file image

 DO NOT, I repeat, DO NOT let this happen to you! Even though everyone says "oh, it won't happen to me", don't be that person. It can, and will, happen to you. What is 'it' though? 'It' is the heavy imposition of FINES on you for the improper disposal of sensitive information. These fines are imposed by both Massachusetts state laws (93H and 93I which require the proper destruction of information containing social security numbers, driver's license numbers, financial account numbers, and credit or debit card numbers) as well as federal regulations like HIPAA that require the secure destruction of PHI (protected healthcare information)as well as FACTA. If anything is to be taken away from this blog, it should be that the DUMPSTER is NO PLACE for the disposal of any kind of sensitive record. If you even have to question whether or not the information is "sensitive", then it probably is. Too many times companies, large and small, are exposed, and fined heavily, for disposing of sensitive information belonging to their clients, patients, or customers simply into the trash. 

For the companies that don't heed warning and do not take the proper steps to ensure the security and proper disposal of sensitive information, they are used to make examples of what NOT to do. This is done by way of news reporters plastering the names of companies, and what they did, all over the headlines. For example, big corporations like RiteAid, Walgreens, and CVS were all EXPOSED for their improper disposal of private prescription information. Hitting closer to home, St. Elizabeth's Medical Center is investigating how patient financial information was found floating around on the streets outside of a building in Charlestown. Thankfully, the hospital is taking the correct measures to ensure that this does not happen again. Also, the hospital did what it is required to do by law when a data breach of this sort happens and they notified the Massachusetts Attorney General's office. 

Then, we come across a more interesting situation where SHREDDED PAPER was used as confetti in the Macy's Thanksgiving day parade. So what's the big deal? We'll the shreds were very thick and cut perfectly horizontal across the paper so that perfectly clear lines of text were able to be read, including social security numbers, and other sensitive information. It is clear that a typical office shredder was used to shred these documents since that is the common level of "security" that an office shredder provides. The differences between an office shredder and a commercial shredder is the level of security in the 'cut' of the paper. Security levels 1-6 exist with the higher the level, the higher the security of the cut. Office shredders typicall have level 1 or 2 security where the shreds of paper are thick, easy to read and easy to reconstruct. Security levels 3 and 4 give consequtively smaller cuts of paper and allow for cross-cutting, inhibiting the readability of the shreds as well as inhibiting the ability to reconstruct the shreds. Security levels 5 and 6 are recommended for destroying top-secret government or research documents due to the shreds coming from this shredder being like grated-cheese. It is typical of a commercial shredding company to have a shredder with a security level from 3-6. Then, in some instances, a reputable shredding company will go one step further and have your shreds pulverized and recycled. 

The one thing that could have made a huge difference in each of these three situations is if the drug stores, the hospitals, and the police stations had all used a document shredding and storage company for their storage and destruction needs. Although the actions of safe and secure document storage and destruction seem straight forward and simple, they are best to be left in the hands of those companies who make it their sole purpose to protect information (yes, even AFTER it is shredded!). 

Tags: data protection, document shredding services boston, compliance laws, records, Massachusetts State Laws, 93I, Protected health information, 93H, Document Destruction regulations, compliance, privacy, PHI, shredding services

It's 3:00 P.M, do YOU know where your personal documents are?

Posted by Sean Kelly on Mon, Nov 12, 2012 @ 03:47 PM

You read it right, we're asking: Do you know where your personal documents are? And no, we aren't talking about the documents you keep in a filing cabinet, in a kitchen drawer, or a home office. We're talking about the personal information you've left with anyone who you have ever given it to... your bank, your doctor, your lawyer, your accountant, etc. Do you know what is done with your documents? Well, in most cases, youshould feel secure leaving your information with a reputable company who uses a professional document shredding service to securely destroy your information. Unfortunatly, as detailed in this news video, sometimes your personal information can be just thrown in the trash by those who have no regard for the safety of their clients or patients information. 

Are your documents being securely shredded?
 A trash collector found these documents
containing sensitive personal information in a 
dumpster, and even found a copy of a social
security card.

 

So now you ask, well how can I be sure that the people who deal with my sensitive information aren't just throwing it away? Of course you cannot police them, but what you can do is be an educated consumer of the services you are using, and when you know your sensitive information is going to be in the hands of a service provider, all you have to do is ASK! Don't be afraid, your identity and financial information may be at risk. All it takes is a simple question of "will all of my information be securely shredded when you're done with it?". The answer will either be "Why of course, we use company XYZ to shred all of your client/patient information" or it would be "No", or maybe "we plan on starting up services sometime in the near future", or any type of explanation to make it sound not-so-bad that they aren't using a shredding company. Either way, when you ask, you are only doing a service to yourself and the fellow consumer. Maybe your question will prompt that company to call their shredding service provider to have them remove sensitive documents (some of which may be yours!), or, maybe your question will prompt them to START using a document shredding company. The outcome will be positive, no matter what. 

As a consumer, you have a right to DEMAND the safety of your information. Thankfully, Massachusetts and most states have laws that affect the types of businesses that handle sensitive information and so you can feel comfortable knowing that those businesses are required by law to keep your information safe. Regardless, it never hurts to ask. You never know whose sensitive information you could be keeping from going into the trash.   

Tags: 93I, Federal FACTA, Protected health information, 93H, Document Shredding, document storage, shredding services

Protecting Your Sensitive Documents: What You've Been Missing

Posted by Arielle Burdulis on Wed, Aug 15, 2012 @ 12:56 PM

So shredding your documents sounds easy, right? Well, part of the process is easy, the part where you find a reputable vendor. There are many shredding companies out there that offer a wide range of services to suit the needs of any size company (and even those who need to have personal shredding done). A reputable vendor can take care of the grunt work for you by performing the hard labor, picking-up your documents and either shredding them or storing them. The not-so-easy part of protecting your sensitive documents is being compliant with data protection laws in ALL facets... having a reputable vendor is just the "tail-end" of compliance.

Before you go looking for a company to shred your information, you need to take a look at the laws that affect you that govern what measures need to be taken in the data protection process. Although reading through each law is important (yes, tedious, but necessary), one important yet ambiguous part of the laws is that they are not specific.  In fact, they are not specific for a specific reason. Most laws use terminology such as "reasonable measures" when it comes to what you "must do" in order to protect your clients or patients sensitive information. So what does a "reasonable measure" constitute? Well it depends on a lot. What you must do, though, is to spend time working out what is reasonable cost-wise and effort-wise for your entity and then draft a written policy on the measures that you have decided to implement.

Your written policy should at the very least include the following:

-What your entity considers sensitive information

-What should be done when someone in your entity needs to dispose of sensitive information

-What training will be given to employees to ensure that all sensitive information is disposed of properly

-What vendor you will be using for shredding and document storage

-What your emergency plan is in the event a natural disaster strikes in the area of your office location

-What your plan is in the event of a security breach in your office

 

Don't know where to start now? Well here's a place, download our Compliance Packet by clicking the button below and get our 11 page packet that includes a summary of Massachusetts Data Protection Laws 93H & 93I, a compliance checklist, and an example of Safeguard's Written Information Security Policy.

Click me

 

 

Tags: data security, data protection, document shredding services boston, compliance laws, legal file shredding, Massachusetts State Laws, Federal FACTA, Protected health information, 93H, HIPAA, non-compliance, destruction, document management, Document Destruction regulations, Legal file archiving, federal regulations

The Information Disposal Training Program for Employees, brought to you by NAID!

Posted by Sean Kelly on Fri, Apr 06, 2012 @ 01:28 PM

Calling all Doctors' offices! Are your data disposal practices HIPAA compliant? Do you feel comfortable with your employees' knowledge of HIPAA? Are you sure that they are following correct protocol? If you have any question in your mind about HIPAA related data disposal, then we have the perfect answer for you. It's called the NAID Employee Information Disposal Training Program. This program was developed by NAID, the National Association of Information Destruction, and is brought to you (Doctors' Offices) by document destruction vendors that are members of NAID. Safeguard Records Management is a document destruction vendor, and member of NAID, who has realized the importance of this training video and has absorbed the costs of the video and training materials to bring this NAID program to you FREE OF CHARGE.

One of the many benefits of this training includes the fact that it is the ULTIMATE RISK MINIMIZER. "How?" you ask... well, NAID has stated that "HIPAA regulators have written that when employees are appropriately trained on proper data disposal, healthcare providers will not be held full responsible for disposal violations". At the same time, NAID also tells us that "HIPAA regulators have stated that failure to provide such training will result in the highest level of mandory fines".

So what do you have to lose? well, a lot if your office doesn't take advantage of this training program that can be completed in only about a half an hour! To learn more, watch the NAID video below and then when you are ready to have your risk minimized, click on the blue button to request more information or to schedule a training session!

NAID training program

Tags: data security, data protection, document shredding services boston, compliance laws, Protected health information, HIPAA, non-compliance, destruction, Document Destruction regulations, compliance, privacy, PHI, document shredding services worcester, Certified document destruction, worcester shredding, Medical, new laws, healthcare

Meeting your Records Management needs in 2012... See what is to come!

Posted by Sean Kelly on Fri, Dec 23, 2011 @ 10:44 AM

As 2011 comes to a close, businesses and offices are wrapping up their yearly doings, taking time to enjoy the holidays with colleagues, and getting ready for the start of the new year. Safeguard is too! Safeguard Records Management has decided to bring TWO exciting new offerings to the table in order better serve our destruction and archive customers.

 

Our first new offering will allow prospective and current ongoing destruction customers to have choices when it comes to their ongoing destruction bin. We are offering a new, duraflex destruction console in addition to the two convenient sized 35- and 65- gallon bins.This Console has many benefits over our shredding bins for offices looking for a more aesthetically pleasing ongoing destruction solution.

The sleek, clean console with a slit top and locking door allows for the security of a locking bin with the added benefit of looking more like it "belongs". Also, the console stays in place with only the interior insert being emptied rather getting a different bin during every rotation.

If your interested in receiving a shredding console, or switching our your bin for a console, contact Sean Kelly via contact form, phone, or e-mail.

Request a shredding console

shredding console

 

 

Watch this video in order to get a general idea of what the Compliance Training can do for your office

Our second, most exciting offering that Safeguard has decided to take on and provide to our customers in the healthcare industry is the Doctor's Office Compliance Training Program. This exciting program has been developed by NAID, the National Association for Information Destruction and is applicable to healthcare and dental offices. And the best part... it's free! Yes, FREE! The way NAID gets this compliance training program out to healthcare offices is through certified NAID document destruction providers like Safeguard Records Management.

 

The program can easily be summarized with the 3 following steps:

Receive the video

 Watch & Learn

 Be compliant!

That's it! Simple and quick and you're compliant, just like that! So what are the benefits of your office completing this compliance training you ask?

 

The best part about completing the HIPAA compliance training is, primarily, that you are at less risk of a breach of patient information (and yes, there is a but) BUT everyone knows that anything can happen these days and breaches can happen even in the most compliant and secure offices so here is where the training program really gives you a HUGE benefit... even if there is a breach of data or information, YOU ARE NOT HELD FULLY LIABLE BECAUSE YOU TOOK THE NECESSARY STEPS (i.e. the training) IN ORDER TO BE COMPLIANT!


Can it get any better than that? For minimal time and ZERO cost to you, your office can get trained on compliance with the HIPAA regulations for safeguarding healthcare information. With the maximum HIPAA fine going up 6,000% from $25,000 to $1,500,00 you have to ask yourself, can you really afford not to complete this zero cost training? (Click for more information on HIPAA)

Compliance Training for Healthcare Professionals

 

2012 is gearing up to be a great year for Safeguard Records Management as we look to expand and improve our services in order to meet and exceed the growing needs of our customers. If you'd like to have Sean Kelly get in touch with you regarding anything you have read, please fill out a Contact Us form and he will respond to your inquiry within a couple of hours. In the mean time, be on the lookout for more information on our shredding consoles and the Doctor's Office Compliance Training Program so you can take advantage of it as soon as the new year rolls in!

Happy Holiday's and Happy New Year from everyone at Safeguard!

 

 

Tags: data security, data protection, compliance laws, records, Records management, shredding worcester, Massachusetts State Laws, Office Records Destruction, Protected health information, Records Retention, Purging, ongoing rotations, HIPAA, non-compliance, Document Destruction regulations, compliance, PHI, records storage, document shredding services worcester, Records Storage boston, records storage worcester, Certified document destruction, shredding console, shredding boston, archiving, new laws, healthcare