September 14, 2022 How Purge Shredding Helps Increase Company Data Security and Protect Privacy Keeping consumer and company data secure is more than just a good business practice – it’s a requirement in many industries per state and federal laws. For example, in healthcare, data security keeps protected health information (PHI) and Personal Identifiable Information (PII) from improper disclosure and use through compliance with HIPAA Laws. Purge shredding, also called one-time shredding, is an important tool that helps large and small organizations protect data security and data privacy. Use Purge Shredding to Protect Company Security and Trade Secrets Corporate espionage is a reality, and it takes many forms. It may be high-tech (infecting a competitor’s network with malware) or more cloak-and-dagger-type activities like breaking into an office or receiving stolen information from an employee. Sometimes the organization just makes it easy for data thieves. Employees may leave sensitive documents unattended on desks, speak too freely in public places, or place important documents in regular trash cans or recycling bins. Competitors don’t have to break into your office if they can just open up your dumpster and look at patient records, test results, or sensitive business documents. Protect your patient’s PHI and your company’s sensitive data with clearly-defined document handling, data retention, and security policies and procedures. Train new employees on data security and privacy. Keep data management procedures updated and provide refresher training for all employees as needed. Store confidential documents in locked rooms or cabinets. Never leave them unattended in offices, conference rooms, or public places. Label and color-code all trash, recycling, and shredding disposal containers so employees can easily identify them. Maintain a regular purge shredding schedule to ensure that documents are destroyed when no longer needed. Always provide secure, locked containers to hold confidential documents that are awaiting shredding. This helps keep offices and storage areas uncluttered and reduces the danger that sensitive information will fall into the wrong hands. Comply with State and Federal Consumer Privacy Laws Large online data breaches resulting from cyber attacks draw the most media attention because of the number of people affected. In 2020, significant cyber breaches “exposed patient data of more than 22 million Americans.” The targeted companies and organizations suffer from loss of customer trust, reputational damage, and regulatory scrutiny. Data breaches are expensive too. In 2020, the average cost of an online data breach increased by 10%, with lost business costing the most – an average total cost of $1.59 million per incident. However, as with a company’s internal data security, a data privacy breach doesn’t have to come from a sophisticated corporate spy or cybercriminal. Sometimes it happens when employees mix sensitive documents containing PII or PHI with regular trash or recycling. Those mistakes are also expensive. A national document search company paid a $500,000 fine for violating the Kansas Consumer Protection Act when it failed to “shred or remove personal information, such as social security numbers or credit card numbers, before disposing of the records” in “public trash bins across Topeka.“ A large retailer paid $9.87 million to settle a California case after workers were found to have placed “potentially hazardous materials into common dumpsters and disposing of medical records from pharmacies — which contained patients’ names, phone numbers and addresses — without shredding them, putting customers at risk of identity theft.“ Documents containing any PII or PHI must be shredded and disposed of in a regulatory-compliant manner. Whether you need one-time shredding or a regular purge shredding schedule, a shredding company can help your company comply with data privacy regulations and disposal requirements. Comply with HIPAA Requirements HIPAA, the Health Insurance Portability and Accountability Act, was passed in 1996, and the rules went into effect in 2003. The HIPAA Privacy Rule “requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an ‘individual’s authorization.” The law is designed to protect healthcare patients’ privacy through proper document management and disposal. Entities that violate HIPAA provisions may face both civil and criminal penalties. Although HIPAA is a federal law, some states also impose their own penalties for privacy violations. For example: A medical billing company and the doctors who provided patient information to the company paid a state fine of $140,000 after more than 67,000 medical records containing patients’ names, addresses, and social security numbers were deposited in a public dump. A medical practice paid $400,000 to settle a class action suit after documents containing patients’ names, addresses, social security numbers, and insurance information were discarded in a dumpster and subsequently spread by the wind throughout the surrounding neighborhood. Learn more about Sharps Compliance’s HIPAA-compliant shredding services. How to Choose a Purge Shredding Service Sharps Compliance is a full-service provider of medical, hazardous, and pharmaceutical waste management solutions. In selected markets, we also provide purge shredding services. We can supply your facility with everything you need to securely collect and store documents that contain PII and PHI. Our one-time purge shredding services can help you protect your data and comply with regulations. Secure containers for document collection We accept all paper products that contain PII and PHI Scheduled pickups Pricing is a flat fee per collection cabinet. There are no surcharges or hidden fees. All document destruction takes place at a NAID-approved facility. We provide document tracking and Certificate of Destruction documentation you need in case of a HIPAA audit or other legal necessity. Our regulatory-compliant document destruction and purge shredding services are available in select markets. Contact us at 800.772.5657 for more information. Read More
July 22, 2022 Protect Patient Privacy with a HIPAA-Compliant Shredding Service Patient privacy and confidentiality are huge issues in healthcare. Cybercrime is a growing concern, particularly as more providers adopt electronic health records. For example, there were twice as many reported data breaches during the first five months of 2022 than in the same period in 2021. Although cybercrime gets a lot of attention, patient privacy is often compromised the old-fashioned way by improper disposal of paper documents containing patients’ protected health information (PHI). Any documents that have PHI should be stored securely before shredding/destruction and never mixed in with regular trash or recycling. Sharps Compliance offers secure, HIPAA-compliant document shredding and destruction services in select markets to help ensure providers comply with HIPAA regulations and protect patients’ health data and privacy. HIPAA Regulations and Healthcare Providers In 1996, Congress passed HIPAA, the Health Insurance Portability and Accountability Act, and the rules went into effect in 2003. The law was designed to “improve the efficiency and effectiveness of the health care system” and enact “federal privacy protections for individually identifiable health information.” The HIPAA Privacy Rule “requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an ‘individual’s authorization.” All healthcare providers and clearinghouses, health plans, and other covered entities must dispose of patients’ health information in a HIPAA-compliant manner. HHS suggested disposal/destruction methods include: For PHI in paper records, shredding, burning, pulping, or pulverizing the records so that PHI is rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed. Maintaining labeled prescription bottles and other PHI in opaque bags in a secure area and using a disposal vendor, who is considered a business associate and held to the same confidentiality standards, to pick up and shred or otherwise destroy the PHI in a way meeting the required standard. HIPAA Violations Can Be Costly HIPAA-compliant document management and disposal protect your patients’ privacy and your organization’s financial bottom line. Failure to comply with HIPAA can result in both civil and criminal penalties. The fines escalate quickly for repeat violators. Fines can range from $100-$50,000 (per record) based on the level of negligence. The maximum penalty is $1.5 million annually for violations of identical provision. Violations can also result in jail time if the entity has been cited but did nothing to correct the issues (willful neglect). Fines increase with the number of patients and amount of neglect. In addition to the regulatory costs, bad publicity for the hospital or practice may erode patient trust and confidence. For example, in 2019, New York City reporters found boxes containing hundreds of medical files piled on the street outside an office building. The files included “patient names, social security numbers and sensitive medical diagnoses.” The medical practice responsible said the documents were “waiting to be picked up by the shredding company” and that the records had been “thrown out inadvertently.” In 2018, HHS fined a medical records maintenance, storage, and delivery services provider $100,000 after an anonymous tip led investigators to a parking lot where they found over 2,000 medical records in an unsecured company truck. Know the Rules and Train Your Employees An HHS fact sheet is clear about the generator’s responsibility to provide proper employee training: “Covered entities must ensure that their workforce members receive training on and follow the disposal policies and procedures of the covered entity, as necessary and appropriate for each workforce member.” Many organizations have specific disposal containers for different waste streams: Secure containers for sharps and regulated medical wastes Pharmaceutical waste collection containers Cans for regular trash Recycling bins Secure containers for sensitive documentation that require shredding However, employees must understand the system and use it properly. In a 2018 study published in the Journal of the American Medical Association, researchers found that “documents containing medium- and high-sensitivity items were being disposed of in the recycling” at hospitals and other medical care facilities. Employees naturally want to recycle as much as possible but may not consider the privacy and regulatory consequences of mixing PHI documents with regular recycling. Proper employee training is a must! Sharps customers have access to our ComplianceTrac online training and audit platform. It’s available 24/7 and offers convenient, accessible HIPAA training tools. Your staff can access required training on their schedule. Stay Compliant with Sharps Compliance Shredding Services At Sharps Compliance, we offer everything your facility needs to securely collect and store documents with PHI at your facility before pickup and disposal. Our document shredding service includes: Secure containers provided for the collection of materials We accept all paper products containing PHI Pickup available at scheduled frequencies Flat-fee pricing per cabinet – no hidden fees or surcharges Documents destroyed at an NAID-approved facility Document tracking and Certificate of Destruction that should be retained in case of a HIPAA audit or other legal need We offer this HIPAA-compliant waste management service in selected markets. Contact us at 800.772.5657 for more information about our shredding and secure document destruction services. Read More
