Sunday, May 24, 2015

Compliance...It's No Small Matter

August 1st, 2012 from the St. Louis Post Dispatch, “court documents containing personal information
of court respondents sat for weeks in a dumpster outside a Madison County building.”

August 2nd, 2012 from News Channel 7 in Spartanburg-Greenville, NC, “a tax preparer who closed her business three years ago says she unknowingly dumped boxes of records recently, some of which included personal information.”

These are but two of the stories, published in a recent NAID Newsletter, which we read about all too often.  YOU DON’T HAVE TO BE THE NEXT STORY!

In fact, you can’t afford to be!  With a measure of due diligence, flavored with knowledge and a splash of education from Integra, Michiana’s expert in document destruction, we can mix up a winning recipe for your compliance policies.

What do you need to know?

Let me first say that you don’t need to memorize every word of the HIPAA regulation, the HITECH act, the Breach Notification, Security, Red Flag and Privacy Rules that govern how business and individuals must safeguard the sensitive documents they have been entrusted with and in possession of.  No, but you do need to know that they are in place for everyone’s protection, highly enforced by the FTC, SEC, and Homeland Security (among others), and very expensive to violate, if caught.

Beyond the embarrassment, the financial penalties can run from perhaps $1,000 to well over $1,000,000, depending on the severity of the violation.  For example, consideration may be given to these four factors (again, among others):

•    Did Not Know
•    Reasonable Cause
•    Willful Neglect-Corrected
•    Willful Neglect-Not Corrected

Now, while the following list is not exhaustive, these identifiers are unique identifying numbers, characteristics or codes and must be, by law, properly safeguarded.  For example:  names, addresses, geocodes, all elements of dates-birth, death, appointment, admission, discharge & application, telephone & fax numbers, social security numbers, driver’s license numbers, medical records, account numbers, scores & reports, license numbers, vehicle ID and SN, license plate numbers, device identifiers, web universal resource locators (URL’s), internet protocol, finger & voice prints, full face photographic images, and the like!

What should your company have in place?

Here are a few of the necessary questions that need to be asked:

1.    Were your documents shredded in an AAA compliant manner and do you have the certificate of destruction to prove it?
2.    Do you know what was shredded and when?
3.    Does your company have written policies and procedures in place that state how documents are maintained, retained and  shredded?
4.    Do you have regularly scheduled shred events and are they adhered to?
5.    Are document destruction procedures covered in your company handbook?
6.    Does everyone have access to document destruction training?
7.    Do all of your employees have a “Directory of Information Contacts”?
8.    Who is your “information asset destruction authorized” person?
9.    Do you have a retention and disposal plan for electronic media?
10.   Do you have these written standards available?

Now, I will admit that putting the time, resources, and energy toward these standards is not high on everyone’s to-do list.  But, let me suggest that now is the time to get started, if you’re not already.  It will be much better to be sighted for a “work-in-progress, incomplete compliance policy” that to be slammed with a “willful neglect or disregard” blemish for not having even started one.  Ours at Integra undergoes edits and modifications from time to time, and that’s okay!

What can we do for you?

•    Offer professional, secure & affordable document destruction services
•    Ensure you that we are committed to education & information
•    Help you maintain your compliances

We’ve all heard those old phrases, “there’s no time like the present” and “do-it now” and “get-R-done” right?  Well, they really apply here!  On a personal note, I liken this project to running; it only hurts a little in the beginning.  So, let’s lace up those compliance shoes and hit the pavement Michiana!  You’ll be glad you did.

NAID Newsletter
News Channel 7, Spartanburg-Greenville, NC
St. Louis Post Dispatch

No comments:

Post a Comment