FACTA laws make shredding more important than ever
and FACTA legislative acts are federally mandated to protect consumers and
patients from identity theft.
Documents and HIPAA Compliance
The Health Insurance Portability and
Accountability Act (HIPAA) is a federal law mandating higher standards of
privacy and security for health-related information. Health clinics, private practice offices,
including hospitals, nursing homes, health insurance offices, and state
supported clinics are all subject to HIPAA regulation. Shredding sensitive
documents prior to disposal is a key component of HIPAA compliance.
In the rush to prepare for the initial compliance dates, many offices and
facilities purchased low cost paper shredders and soon found these models could
not handle the volume that need to be shredded. Many facilities reacted by
contracting with outside shredding services. Today, many of these shredding services
are increasingly being questioned due to the high costs involved and whether or
not they are truly secure. More and more
compliance security officers are finding that a centralized shredding program
with high quality, industrial grade shredders is the less expensive policy. The initial equipment cost will be quickly offset by no
longer having to pay the high (and always increasing) shredding service fees which include fees for each shred container, trip charges including mileage and other
associated fees. Also, the goal of increased security is accomplished by compliance officers realizing the benefits of purchasing paper shredders, since no intact documents leave the facility.
HITECH HIPAA Signed into Law February 2009
In February of 2009, the Health
Information Technology for Economic and Clinical Health (HITECH) provisions to
HIPAA were signed into law. The HITECH Act expands HIPAA’s coverage, increases
compliance obligations, and greatly strengthens enforcement penalties. The
regulations, developed by the Health and Human Services Office for Civil
Rights, require HIPAA covered entities to promptly notify affected individuals
of a breach, as well as the HHS Secretary and the media in cases where a breach
affects more than 500 individuals (breaches affecting fewer than 500
individuals must be reported to the HHS Secretary on an annual basis). The
regulations also require covered entities to insure that their business
associates (including shredding services) fully comply with HIPAA provisions.
Through the $31.2 billion dollar legislation, the HSS is getting more tools and
staff to enforce HIPAA, and states' attorneys general can bring civil actions.
If there is a breach of protected health information through “willful neglect,”
it could cost $25,000 per incident if the hospital moves to fix the security
weakness and $50,000 per incident if it doesn't, up to a maximum of $1.5 million
The enactment of the HITECH provisions to HIPAA should cause every Healthcare
facility in America to closely examine their security policies and procedures.
With compliance expenses on the rise and many budgets on the decline, there has
never been a better time for Healthcare providers to consider the security and
cost-saving advantages of in-house document destruction.
laws make shredding more important than ever
Shredding documents prior to
disposal has always been a vital step in preventing identity theft, but the
introduction of the Disposal Rule section of the FACTA security law makes
shredding a necessity for businesses of any size, as well as individuals who
employ even one person.
Disposal Rule defined
The Fair and Accurate Credit
Transactions Act (FACTA), was enacted by Congress to minimize the risk of
identity theft and consumer fraud. The Disposal Rule section of FACTA states
that any person who possesses consumer or employee information for a business
purpose is required to properly dispose of the information. This includes
information used to establish eligibility for credit, insurance, or employment.
The Disposal Rule was developed to cut down on identity theft by restricting
the ability of thieves to “dumpster dive” for consumer information contained in
discarded business records. It goes on to say that all employers must take
reasonable measures to protect against unauthorized access to information in
connection with its disposal. These measures include the burning, pulverizing,
or shredding of physical documents and erasure or destruction of all electronic
media. The main difference between FACTA and other security laws such as HIPAA,
Sarbanes-Oxley, and Gramm-Leach-Bliley is that it does not affect a single industry—it
affects every business in America.
In 2008, over 15 million people were
victims of identity theft. The number of victims as well as the number of
identity thieves is increasing as well, and the threat they pose will only
continue to grow. Low-tech methods for
stealing personal information are still the most popular for identity thieves. Stolen items and physical documents accounted
for 43% of all identity theft in 2008, while online methods accounted for only
11%. Our expert staff will help select the right paper shredder and optical
shredder that will hold up to years of
service to reliably secure all your sensitive information at the source.