hipaa compliance

HIPAA and FACTA are federally mandated legislative acts intended to protect patients and consumers from identity theft. Red more to make sure that you are protected.

HIPAA / FACTA Complaince

Document Shredding and HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law mandating higher standards of privacy and security for health-related information. Healthcare offices, including private practices, nursing homes, health insurance offices, hospitals and state supported clinics are all subject to HIPAA regulation. Destroying sensitive documents prior to disposal is a key component of HIPAA compliance.

Compliance officers are finding that a centralized shredding program with high quality, industrial grade shredders is the better policy versus contracting outside shredding services. The initial equipment cost will be quickly offset by no longer having to pay the high (and always increasing) service fees. And because no documents are leaving the facility intact, security is greatly increased.

HITECH HIPAA raising the standards

The Health Information Technology for Economic and Clinical Health (HITECH) provisions to HIPAA were signed into law in February of 2009. The HITECH Act expands HIPAA’s coverage, increases compliance obligations, and greatly strengthens enforcement penalties. The regulations, developed by the Health and Human Services Office for Civil Rights, require HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals (breaches affecting fewer than 500 individuals must be reported to the HHS Secretary on an annual basis).

The regulations also require covered entities to insure that their business associates (including shredding services) fully comply with HIPAA provisions. Through the $31.2 billion dollar legislation, the HSS is getting more tools and staff to enforce HIPAA, and states' attorneys general can bring civil actions. If there is a breach of protected health information through "willful neglect," it could cost $25,000 per incident if the hospital moves to fix the security weakness and $50,000 per incident if it doesn't, up to a maximum of $1.5 million per year.

The enactment of HITECH provisions to HIPAA should cause every Healthcare facility in America to closely examine their security policies and procedures. With compliance expenses on the rise and many budgets on the decline, there has never been a better time for Healthcare providers to consider the security and cost-saving advantages of in-house document destruction.

FACTA laws make shredding more important than ever

Shredding documents prior to disposal has always been a vital step in preventing identity theft, but the introduction of the Disposal Rule section of the FACTA security law makes shredding a necessity for businesses of any size, as well as individuals who employ even one person.

FACTA Disposal Rule Defined

The Fair and Accurate Credit Transactions ACT (FACTA), was enacted by Congress to minimize the risk of identity theft and consumer fraud. The Disposal Rule section of FACTA states that any person who possesses consumer or employee information for a business purpose is required to properly dispose of the information. This includes information used to establish eligibility for credit, insurance, or employment. The Disposal Rule was developed to cut down on identity theft by restricting the ability of thieves to “dumpster dive” for consumer information contained in discarded business records.

It goes on to say that all employers must take reasonable measures to protect against unauthorized access to information in connection with its disposal. These measures include the burning, pulverizing, or shredding of physical documents and erasure or destruction of all electronic media. The main difference between FACTA and other security laws such as HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley is that it does not affect a single industry—it affects every business in America.

Are you safeguarding your digital data?

degausserThe necessity of destroying hard copies of sensitive data before disposal is well understood. What’s not as clear is how to deal with hard drives when they become outdated. A single hard drive from a PC, laptop, or MFP can store astounding amounts of information and could have catastrophic consequences for your organization should it fall into the wrong hands.

The Destroyit Degausser / HDP eliminates the danger by magnetically degaussing a hard drive (unquestionably the most effective way of erasing data) and then physically destroying the drive by piercing it with a hardened steel die. For optical media destruction, the 0201 OMD offers a secure, convenient and cost effective solution to disposing large amounts of CDs and DVDs.

punch feeding chute