The Health Insurance Portability and Accountability Act (HIPAA) mandates higher standards of privacy and security for health-related information. Healthcare offices, including private practices, nursing homes, health insurance offices, hospitals and state supported clinics are all subject to HIPAA regulation. In addition, businesses that contract with healthcare offices must adequately safeguard information that is made available to them. Shredding sensitive documents prior to disposal is a key component of HIPAA compliance. In the rush to be prepared for the first compliance date, many facilities purchased low cost paper shredders and soon found they could not handle the volume of paper to be shredded. In reaction to this, many contracted with outside shredding services. Today, these services are increasingly being called into question due to the high costs involved and whether or not they are truly secure. Unlike medical facilities, shredding services and their employees are not held to federal standards. If patient information is released by a shredding contractor, it is the contracting facility that is liable for damages under HIPAA laws, not the service. More and more compliance officers are finding that a centralized shredding program with high quality, industrial grade shredders is the better policy. The initial equipment cost will be quickly offset by no longer having to pay the high (and always increasing) shredding service fees. And because the information is not leaving the facility, security is increased.
By now, almost everyone in America is familiar with the term “identity theft.” Most businesses are taking steps to protect themselves from becoming the next victim of America’s fastest growing crime. Shredding documents for disposal has always been a vital step in preventing ID theft, but the introduction of the Disposal Rule section of the FACTA security law makes shredding a necessity for businesses of any size, as well as individuals who employ even one person.
The Fair and Accurate Credit Transactions Act (FACTA), was designed to minimize the risk of identity theft and consumer fraud. The Disposal Rule section of FACTA states that any person who possesses consumer or employee information for a business purpose is required to properly dispose of the information. This includes information used to establish eligibility for credit, insurance, or employment. The Disposal Rule was developed to cut down on identity theft by restricting the ability of thieves to “dumpster dive” for consumer information contained in discarded business records. It goes on to say that all employers must take reasonable measures to protect against unauthorized access to information in connection with its disposal. These measures include burning, pulverizing, or shredding of physical documents and erasure or destruction of all electronic media. The main difference between FACTA and other security laws such as HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley is that it does not affect a single industry—it affects every business in America.
Back to Basics with Brewer Co. Inc.
Laws like the FACTA Disposal Rule are enacted to try and curb the identity theft epidemic. In 2004, 10 million people were victims of identity theft. Not only is the number of victims increasing, the number of identity thieves is increasing as well, and the threat they pose will only continue to grow. Getting back to the basics of simply destroying sensitive documents at the source with a reliable shredder makes perfect sense - now more than ever. Be safe and we look forward to hearing from you soon,
Chris Brewer
Copyright ©
Powered by:
