5 Things Healthcare Businesses Should Know About HIPAA Compliance

Any business or organization that comes into contact with protected health information needs to make sure that they are within HIPAA compliance guidelines. U.S. Department of Health and Human Services has strict rules when it comes to people who deal with protected health information (PHI). This in conjunction with the increase in data breaches might have you feeling a bit overwhelmed.

But don’t worry, being HIPPA compliant won’t reduce your company’s efficiency and if you follow the list we’ve compiled, it won’t be hard either. We’ll start by explaining the rule then give you tips on how to stay compliant.

Privacy

The privacy rule deals with who is allowed access to the PHI. You need to make sure that your client’s information is protected. Managing the records is one of the most important parts to make sure the PHI stays protected. An easy way to do this is to delegate a person, to be responsible for this policy. They should train everyone on the policy and have the ability to implement consequences if the policy is broken. Your policy should be stricter than the HIPPA guidelines, this leaves a safeguard between your policy and breaking the law.

Security

There are three parts to the security of PHI. You need technological safeguards, along with physical and administrative safeguards.

1. Technological safeguards have to to with the actual technology that stores the PHI. You need to make sure that each of your clients has a name or ID number that’s unique to them. You also need to make sure IT has it set up that the programs you use will automatically sign the users out due to inactivity.

2. Physical safeguards are put in place to make sure only the right people have access to the PHI.This includes making sure that there are theft deterrents. When disposing of the devices you need to make sure to do it in a way that people who are looking to get there hands on PHI can’t get to it.

If you are worried about your policy for getting rid of the devices, you can always contact a company like ours.

3. Administrative safeguards are the things you can do to make sure you give are acting within HIPAA compliance. Make sure that you are doing risk assessments every few months to see where you might be vulnerable. You need to also monitor your employees to make sure the policies are being followed.

Enforcement

Violations can get costly. You want to avoid getting hit with expensive fines by making sure information is used only for what it is intended for. Giving your clients the ability to access their own information is also important, just make sure you have the technical safeguards.

Breach Notification

If there is a breach you need to notify HHS and your clients within 60 days. They will need to know what was breached, where it happened and what the damages could possibly be.

Have Written Policies

HIPPA audits can happen at any time. One of the best ways to make sure that you are prepared for this is to have written policies in place.

HIPAA Compliance

You don’t have a choice to be within HIPAA compliance guidelines. But it doesn’t have to be a pain to manage either. If you still need more help after reading our list, contact us.

Deleting Your Data: Why Destroying a Hard Drive Is the Best Solution

So you’re planning on getting a new computer? We can’t blame you. Technology is getting better each year, and that old fossil just can’t keep up. But what about all of those sensitive files you have saved to your computer? Sure, they may be outdated, but they’re still files with important information on them about you or your clients. It’s your job to dispose of them properly.

If your response was “hit the computer with the hammer”, you are very wrong. Computers can be some pretty complex things. They may seem fragile, but in reality, they’re very good at protecting what matters most: the hardware. If you do a sloppy job disposing of your computer, your files will be easy for any computer thief to access – and that puts you and your clients at risk.

Read on to find out the proper way of destroying a hard drive so that you and your clients will stay safe.

Destroying a Hard Drive with Brute Strength is not Enough

Like we mentioned earlier, beating your computer doesn’t remove all of your files. Other than the fact that computers are good at physically protecting their hardware, your actual files could betray you as well just because of their size.

The average file can fit itself within less than .0015 of an inch of space on a memory disk. This means if you leave at least that much space on the disk intact, a file could be stored there – and is at risk of being stolen.

Even placing the files in the recycle bin and deleting them isn’t enough. The trace memory of the file is still embedded in the computer and anyone with any amount of tech experience could retrieve it.

In short, any sort of conventional means we could think of just wouldn’t be enough to solve the problem. You would have to look towards more professional means to permanently destroy the data.

Try Destroying it by Overwriting Data

One popular way of deleting your files is to use computer wiping programs.The funny thing about wiping programs is that they aren’t actually wiping your disc clean; in fact, it’s kind of the opposite.

Disk wiping programs destroy a hard drive by packing it with what’s basically a bunch of trash data. The programs write and rewrite the file until the sensitive data is completely covered and unreadable.

If you choose this route, be prepared to have patience. The whole process can take hours to complete per disk, but at least you know that those files will be long gone.

Or Destroy it With a Magnet

Some people would have too much fun with this.

You know how people say not to keep your phone next to your wallet because the magnets inside could damage or wipe your credit cards? This is the same idea, except on a bigger scale.

To wipe your computer files, you’ll need a little something called a degausser, a high-intensity magnet with the ability to scramble the data on a disk.The process is relatively simple to carry out, however, the degaussers will run you over $1,000 for a good one so you’d better have deep pockets. And, if the hard drive is improperly degaussed, data recovery may still be possible.

Alternatively, you could just have the pros do the job, saving you a ton of money and getting the job done right.

The Only Secure Way to Go

Instead of taking the chance that the data on your hard drive is still accessible, trust your hard drive destruction to a AAA certified destruction facility. Our process ensures that yours and your customer’s data is destroyed and not recoverable. Contact us today to learn about our hard drive destruction, records shredding, and more.

Feel free to reach out to us to find out how we can help you with your security needs. We look forward to hearing from you.

How To Avoid Hackers Getting Into Your Information

With more than 30,000 websites hacked into every day, you need to take protection against hackers seriously. However, remember that hackers don’t always have to go online to steal data and personal information. They can also access old paper documents and statements.

Read on to learn how to avoid hackers and understand where you can go for professional assistance with blocking hackers and data thieves wherever they are.

1. Pick the Right Passwords

One of the basics of knowing how to avoid hackers? Make sure that you’ve implemented a strong password strategy. Things like “pass” or “letmein” are no longer going to cut it. You should also refrain from using personal information, like a pet or child’s name, in your password. These are all easily guessed.

Instead, focus on choosing a random string of letters, numbers, and special characters. Include both upper and lowercase letters. Additionally, make sure that you never use the same passwords for multiple accounts.

Finally, we suggest that you update your passwords at least once or twice a year. This way, you’ll always keep the hackers guessing.

2. Shred Old Documents

Want to learn how to stop hackers? Start by understanding that online-only protection is no longer enough. Especially if you work in a federal agency, medical, or financial world, you need to make sure that paper documents are protected as well.

One way to do this is by investing in professional, offsite document shredding services. This way, you can be certain that all of your documents are completely destroyed and that they never fall into the wrong hands.

Remember, criminals can and do go through trash cans. So, offsite services are much more effective. After all, if hackers don’t even know where to go to find your old documents, then they won’t have even a shot at getting a hold of your company or personal information.

Now that’s what we call an effective way to approach protection against hackers.

3. Get Serious about Site Security

We know that you can do a lot with your company website. You may use it to store customer data. In short, it’s the face of your business. That’s why you need to protect it — and, by extension, your company’s reputation.

Make sure that you always run software, plugin, and general website updates as soon as possible. Encrypt your website data, and frequently scan your login attempts for suspicious activity.

You may even consider working with a professional hosting platform or cloud-based server. These not only provide 24/7 site monitoring, they also make frequent backups of your website.

The Best Way to Learn How to Avoid Hackers? Records Management

So far in this post, we’ve taught you how to avoid hackers through things like offsite shredding services and website security.

However, in order to truly succeed at blockers hackers, you may need the help of professional records management services. That’s where we come in.

Records management helps ensure that you always have the proper documents on hand in the event of an audit. Records management software helps you to know where these records are at all times. It also helps with properly getting rid of sensitive information stored in your documents, whether paper or electronic.

Spend some time on our website to learn more about how we identify, prevent, and mitigate threats to your customer information, personal data, and more.

Reach out to us when you’re ready to get the best protection against hackers.

The HIPAA, FACTA, and GLBA: What Are They and How do They Affect You?

In the past ten years, we’ve discovered how valuable personal data is. That realization came with a lot of changes and acts being signed into law. Some of those include HIPAA, FACTA, and GLBA – all reinforced or revisited by Congress in the last ten years. But what do these random arrangements of letters mean?

We’ve got your Guide below.

HIPAA

HIPAA is an acronym for a privacy-related health care coverage act. It stands for Health Insurance Portability and Accountability Act and initially passed Congress in 1996.

It requires health clinics, hospitals, and medical insurance companies to be more discrete with client information. For example, under HIPAA, a doctor can’t discuss a case outside of work with any identifying factors. These can be names, age, race, gender and a long list of others that could cause another person’s privacy to be disturbed.

It also grants patients the rights to always see their medical records and correct anything as needed.

Under HIPAA, the following information is protected:

  • Your medical records
  • Any conversations or notes between you and a doctor
  • Your billing information
  • The way your data is stored
  • Billing information

HIPAA is the reason you fill out the same form every time you visit the doctor, even if you’ve just been there. That’s your avenue to make any record-related changes.

FACTA

Another acronym, FACTA stands for the Fair and Accurate Credit Transitions Act. It’s an add on the previously-created Fair Credit Reporting Act. The government added FACTA to FCRA in 2003, when we began to understand the depth of identity theft.

Under FACTA, consumers have access to:

  • Free credit reports
  • Increased fraud alerts
  • Activity alerts
  • Truncation requirements (no full card #s on receipts)
  • Victim Information and Help
  • Collection agency reporting of identity theft
  • Red flag alerts for creditors
  • Proper disposal of consumer information

Yes, it’s FACTA’s fault that you have to sometimes sign in from two devices or answer a bank phone call confirming charges. As annoying as this can be, it’s keeping you safe and protecting your money.

As a business, FACTA means that you have to be more alert about company finances. If you run a background check on potential employees including a credit check, they have the right to see the results.

Your accountant is well versed in FACTA, so don’t feel shy about asking any questions.

GLBA

The GLBA is less talked about than the above acts, but you’ve probably signed a few GLBA agreements recently. GLBA stands for the Gramm-Leach-Bliley Act and requires financial institutions to tell customers how they’ll use their data.

It builds on the other two in this article nicely. GLBA requires:

  • Financial institutions to explain their data-sharing
  • Institutions to inform customers of their right to opt out
  • Institutions to code client information in a non-identifying way if shared with third parties.

As a business, this means you’ll need to make sure you’re not sharing identities if you’re sharing information. You can’t tell a third party that the Millers have $20,000 in student debt, but you can give them a non-identifying category.

HIPAA, FACTA, and GLBA

Behind all of these seemingly-complicated rules is the government trying to protect consumers rights to privacy. Whether you agree with the policies or not, that’s their intention.

5 Ways to Avoid Customer Data Theft

Data breaches continue to climb as thieves and hackers get better at breaking into secure networks. In 2017 alone, a record 179 million records were exposed. It’s enough to make any consumer – and business – nervous. What can be done about the onslaught on your company’s secure information?

First things first – you need to prioritize your security. Do you think your company is doing everything in its power to protect its valuable data? Don’t panic – you don’t have to be an IT genius to protect your system. With these next five tips and tricks, we’ll show you how to make sure your customer data stays safe.

1. Keep Up With Encryption

Hacking is the most common way companies’ data gets stolen. The majority of all data breaches is usually from hacking. There’s one great way to prevent hackers from getting in: encryption. While it’s easy enough to install, you will lose out if you have a “set it and forget it” attitude.

Encryption is always changing. Make sure your systems are up to date at all times to prevent the latest methods of attack from stealing your data.

2. Ensure Proper Disposal of Important Customer Data

We have a tendency to want to stockpile info to save “just in case”. Then we hoard that info and eventually forget about it. The solution? Get rid of it – the right way.

First, make sure you really can get rid of the data. Then look into programs that can completely scrub computers free of any trace of it. If you have old computers that you’re getting rid of or are upgrading hardrives, don’t just scrub the data. Hackers can still retrieve information from scrubbed hard drives. Instead, destroy the hard drives to be sure that your customer’s information can not be retrieved.

Got a lot of paper records? Consider using a shredding service.

3. Lock Down Your Network

Are you transmitting customer data over unsafe channels? If so, anyone can intercept the information.

Here’s what to do:

  • Secure and encrypt your WiFi
  • Make sure you have a strong firewall in place
  • Only allow remote access through a vetted Virtual Private Network (VPN)

4. Use Strong Passwords

Too many people rely on ridiculous passwords like “password123” or the name of a beloved pet. These are too easy to guess and opens your network up to hackers who liked your dog’s photo on Instagram.

Two things you can do to protect your password is to use a random password generator and change the password often. Password generators come up with difficult passwords. Think about getting a secure program to remember them for you.

5. Train Your Employees

Make sure your employees know how and why you’re practicing data safety.

Have them update their passwords frequently. Make sure they understand they can’t leave laptops unattended in coffee shops if there’s sensitive information on them. Always use a secure WiFi connection.

Everyone might have to jump through a few hoops at first but it’s worth it to keep your information safe.

Keep Your Data Safe

These five tips will get you started on the road to data security. Customer data is important; you don’t want to lose your customer’s trust and with it, your business.

If you need help managing your records and documents, we’re here for you. We can help manage, store, and shred any sensitive data you have. Contact us today and let us help keep your customer information safe!

The Difference Between Onsite and Offsite Shredding

Paper shredding is one of the best ways to keep your business’ sensitive data secure.

Whether it’s your information, your employees’ records, or your customers’ confidential records, you want to keep it safe. You do this through two forms of compliance: Locked and safeguarded records management and shredding.

But do you shred onsite or offsite? While you can definitely shred documents on your own, store-bought shredders don’t shred documents small enough resulting in strips which could potentially be reconstructed. Instead, trust your confidential documents to a professional shredding service.

Most shredding services offer either onsite or offsite shredding. Here, we’ll get into the key differences between offsite and onsite paper shredding, and determine which option is safer for your business.

Offsite vs. Onsite Paper Shredding

The two differences between offsite and onsite document destruction are:

  1. The location of where your documents are shredded;
  2. What materials you are shredding, as well as how often.

What the first means is that the paper shredding services bring their shredding trucks to you (onsite). Or, you can use paper shredding services that take your documents to their secure facility in their locked trucks to be shred. This depends on which company you choose, but Federal Records Managment & Shredding offers both.

The second difference deals with how much data you need to shred and how often you need documents destroyed along with how much you need to destroy. Offsite shredding services are designed to handle larger volumes. So, if you have a large number of documents that need shredded, offsite is the best choice.

Which is Best?

If you hire a shredding company with a great Better Business Bureau rating, as well as being AAA NAID certified, there’s really not a better choice. AAA certified shredding companies ensures background checks are conducted on their employees, as well as maintain HIPAA and FACTA compliance. They’re trained to be discreet and secure with your shreddable documents.

How to Find Paper Shredding Services

The easiest way to choose a paper shredding service that has both a high BBB rating and is AAA NAID certified is to use Federal Records Management & Shredding.

If your business is in Fort Wayne, no other shredding company should be considered. With free estimates and excellent service, Federal Records Management & Shredding is the ideal fit for your compliant shredding needs, both onsite and offsite. Contact us today to see how we can help you with your paper shredding services.

You need to keep your sensitive data secure. Go with a shredding service that cares about your business as much as you do.

Why an NAID Certification Is Important

When it comes to conducting business, you need to focus on keeping the company, employees, and customers safe. The best way to do this is through hiring a shredding company.

However, not just any company will do. Make sure your shredding company is NAID certified.

More than $16 billion was stolen from millions of people in identity theft cases recently. Hiring a company with NAID certification tremendously lowers this risk in your business.

Read on to learn about this certification so you can make the right decision when choosing a shredding company.

The Advantages of NAID Certification

You’ll have peace of mind about your security if you hire a shredding company that has a NAID certification. These shredding companies go to great lengths to protect their clients.

Those that have this certification must background check their employees and drivers. They also maintain HIPPA and FACTA compliance. Furthermore, they issue confidentiality agreements to all employees.

Simply put, NAID certified shredders handle your documents with discretion and professionalism. Some fields that definitely need document shredding include law firms and medical practices.

Regardless of what kind of company you own, your document shredder should be trustworthy. This certification helps guarantee that.

Choose a Shredding Company

Once you know the importance of NAID certification, you’ll want to find a company that has these credentials.

Start by verifying their certification and speaking to them one-on-one about the solutions that you need. Check out the NAID code of ethics so you know what standards these members comply with.

We would be happy to explain this process of how we’ll dispose of your documents. This way, you can decide on the services and frequency best suited for your company.

Any paper shredding company that you hire should also have high Better Business Bureau (BBB) grades. This ensures that you’re making a wise hire. In addition to their BBB standing, only hiring a shredding company that has an AAA certified logo on their website.

Take Advantage of Shredding Services

Finally, you’ll want to take it upon yourself to regularly get rid of sensitive documents.

Take advantage of professional shredding services. This not only protects your company’s security but also makes you more competitive.

Customers need to know that their safety is guaranteed, and regularly shreddings help build this trust and rapport. Your employees will also benefit since they won’t have to worry about their personal information falling into the wrong hands.

Working with a reputable shredding company is great for your reputation. When customers and employees can trust you, you’ll remain a cut above the rest.

Consider these tips and use them to get the most out of your company’s security. Visit our site to learn more about protecting your valuable information.

5 Reasons to Keep Your Company’s Confidential Records Safe in 2018

Government data information breaches have gained a lot of attention in the media lately, but the government isn’t the only one at risk. Private and public companies are susceptible to data leaks as well. If it hasn’t happened to you, it might be hard to imagine that it could.

The reality is, data leaks can impact any company. If your company’s confidential records aren’t properly secured, compromised data could have tremendous consequences.

The beginning of a new year is the perfect time to introduce new practices for safeguarding your most important records. Below, we’re discussing five reasons why it’s important to keep your confidential records safe. We also have recommendations on how to do that.

1. Confidential Records Help You Stay Competitive in Your Industry

No matter what industry you’re in, staying relevant over competitors is an important element of business success. If your company has trade secrets or sensitive information that helps you stay competitive, you want to protect that at all costs.

A leak of confidential records could benefit a competitor by giving them a glimpse at your practices and helping them develop a strategy to respond to that. Protecting your sensitive information is the best way to ensure you keep whatever upper hand you have.

2. Value Your Employee’s Privacy

Some data leaks expose sensitive and personal information about a company’s employees. Falling victim to that kind of leak can create an unpleasant work environment. You want to prove to current and potential employees that you value their privacy by doing what you can to keep their information safe.

3. Customers Expect Protection

From credit card information to family data, customers provide a lot of private information to the companies and businesses they work with. This is especially true of patients who provide confidential information to their medical providers.

If confidential records with customer information were to be made public, the trust your customers have in your company would be severely compromised. They may choose to take their business elsewhere, and will likely advise friends and family to do the same.

4. Your Reputation Matters

Even if you have an incredible reputation for customer service and satisfaction, one data leak is enough to change that in the public’s mind. When it comes to bad news, the public tends to have a long memory. You don’t want to be remembered for compromising their information. And you don’t want one negative situation to overshadow the good work you’ve done.

5. Protecting Data is Easy

For whatever reason, some companies may choose not to protect their sensitive information because they believe doing so would be difficult and expensive. The truth is, record management and offsite shredding services make it easy for any business to secure sensitive data.

Is there a cost associated with it? Of course. But it may be far more expensive not to protect this information, especially if a leak does occur.

Ready to Start Protecting Your Confidential Records?

In today’s increasingly technology-driven world, sensitive information stored online is vulnerable. Hackers or malicious software can do extreme damage, and ruin a company’s reputation in the meantime. But these situations are avoidable.

Protecting your records protects your customers, your employees, and, ultimately the success of your business.

The 12 Things that Federal Record Offers You

Looking to get your business more organized in the new year?

Did you know poor record keeping and bad accounting are two issues that cause a small business to lose money?

To help you get your business in order in 2018, here are 12 things that federal records can do to help make your business run more efficiently!

1. Federal Records Offers Peace of Mind

Knowing that important records are in safekeeping and within reach is a huge weight off the shoulders of many business owners.

You won’t have to worry about natural disasters (fires or floods), theft, or misplaced documents with a record management and offsite shredding services.

2. Compliance

Certain federal and state laws require secure management, accessibility, and destruction of company data pertaining to employee and customer privacy, for example, HIPPA compliance laws.

3. Confidentiality

Utilizing a records management service offers a level of professional confidentiality and trust that sometimes can’t be found in administrative staff, which will help you avoid a confidentiality breach.

4. Offsite Shredding

Offsite document shredding is a cost-effective way to destroy documents containing sensitive information. You’ll also save precious money and time on shredding equipment and added labor costs.

5. Serious Organization

Federal records help you gain control of your records through proper labeling and indexing.

6. Optimized Space

By storing your records offsite or in the cloud, you’ll be able to throw out messy filing cabinets and free up extra space at the office.

7. Cut Down on Costs

Speaking of office resources, you’ll be able to cut down on the time that employees spend handling documents and records, allowing them to do the jobs that they’re meant to do!

8. Efficient Record Retrieval

With federal records, accessing and retrieving the information you need is quick and easy. No more time spent digging through folders and piles of paper!

9. Increased Security

An offsite record storage facility will offer increased security such as alarm systems, fire alarms, locked cabinets, and security personnel.

10. Accurate Financial Statements

Having documents properly labeled, organized, and stored will allow a business to keep more accurate financial statements, which is crucial to tracking progress and monitoring your bottom line.

11. Storage of Important Tax Forms

Holding onto employment records and tax documents, such as W2, W4, and 1099 forms, for at least 4 years is crucial in case of an audit. Secure storage of this sensitive information can be handled by an offsite facility.

12. Expense Documentation for Tax Benefits

Speaking of taxes, records management services can help your business keep track of receipts for purchases, expense reports, and outgoing invoices.

It’s important to keep track of this kind of documentation each year when it comes time to file a tax return.

Having accurate records can save a business a lot of money in the form of tax deductions!

Get Your Business Up To Speed!

Just like the classic Christmas tune “The Twelve Days of Christmas,” Federal Records Management offers 12 immense benefits for your business.

Now is a better time than ever to get your business records organized.

If you need help getting started, let us know!

5 Ways Your Business Can Avoid a Confidentiality Breach

It seems as if every morning we wake up to news of a new confidentiality breach. And every company lives in fear that one day, it will be them.

Every business has sensitive data, but some industries are particularly high-stakes. Healthcare companies, for instance, need to know how to be HIPAA-compliant. If they don’t, they face legal penalties along with a PR nightmare.

While it seems terrifying (especially if you don’t understand data security), there’s hope.

There are many steps a business can take toward making their information more secure. If you’re getting started, these tips below are a perfect first step.

Tip #1: Prohibit the Use of Personal Emails

To an employee, it may seem harmless to send a client an email from their personal email address. But this can open quite the can of worms.

First, when an employee uses their personal email, they have that information forever. If they leave your business, you can remove their access to their company email.

But you can’t do the same for their personal email address. You can’t even know what information the employee may have in their emails.

Second, you cannot control the encryption their emails are using. Strong encryption is crucial for keeping data safe, but most personal emails are less than airtight.

Tip #2: Use the Cloud, but Use it Wisely

“The cloud” isn’t a dirty word when it comes to business record security. In fact, it makes it easy to keep ex-employees out by changing the log-in information. Make sure you’re using precautions, though.

Before you choose a cloud provider, research the security the company offers. If possible, talk to other business about their cloud providers and why they chose them.

Tip #3: Use Caution When Allowing the Use of Personal Devices

Many businesses offer employees the convenience of using their own devices like laptops. But what happens when an employee leaves? This can be a major vulnerability in your confidentiality breach prevention.

If you do choose this route, consider installing wiping software on the devices. If/when the employee leaves, you can target and remove information about the business. You can even do this remotely

Tip #4: Have a Security Checklist in Place for Employee Exits

A 2014 study found 89% of knowledge workers had access to an ex-employee’s sensitive information.

With all a modern office’s technology, it’s easy to forget an ex-employee’s access to one or two sources. To prevent this, take the time to create a comprehensive checklist. Make sure to follow the list to a tee every time an employee leaves.

Tip #5: Bring in the Confidentiality Breach Prevention Professionals

If you’re dealing with more information than your company can handle, call the experts.

If you’re concerned about your digital data, a cybersecurity consultant can help. If it’s physical documents, a records management company can keep them secure.

Whichever type of professional you need, be sure to research their own security.

Take Nothing for Granted

Business can’t keep up with all the ways their data can be compromised with today’s technology. But the bottom line is to never assume something is unbreachable.

Do a security audit to find out what holes you may need to fix and how you can improve. If you have questions about data security methods, like document shredding, record storage, or hard drive destruction, call Federal Records Management & Shredding. We’ll be happy to give you some peace of mind.