Questions? (800) 560-2242

* FREE Shipping on orders over $75.00

Contact: Sales@ABE-Online.com

FACTA laws make shredding more important than ever

HIPPA and FACTA legislative acts are federally mandated to protect consumers and patients from identity theft. 

Securing Documents and HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law mandating higher standards of privacy and security for health-related information.  Health clinics, private practice offices, including hospitals, nursing homes, health insurance offices, and state supported clinics are all subject to HIPAA regulation. Shredding sensitive documents prior to disposal is a key component of HIPAA compliance.

In the rush to prepare for the initial compliance dates, many offices and facilities purchased low cost paper shredders and soon found these models could not handle the volume that need to be shredded. Many facilities reacted by contracting with outside shredding services. Today, many of these shredding services are increasingly being questioned due to the high costs involved and whether or not they are truly secure.  More and more compliance security officers are finding that a centralized shredding program with high quality, industrial grade shredders is the less expensive policy. The initial equipment cost will be quickly offset by no longer having to pay the high (and always increasing) shredding service fees which include fees for each shred container, trip charges including mileage and other associated fees.  Also, the goal of increased security is accomplished by compliance officers realizing the benefits of purchasing paper shredders, since no intact documents leave the facility.

  HITECH HIPAA Signed into Law February 2009

In February of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) provisions to HIPAA were signed into law. The HITECH Act expands HIPAA’s coverage, increases compliance obligations, and greatly strengthens enforcement penalties. The regulations, developed by the Health and Human Services Office for Civil Rights, require HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals (breaches affecting fewer than 500 individuals must be reported to the HHS Secretary on an annual basis). The regulations also require covered entities to insure that their business associates (including shredding services) fully comply with HIPAA provisions.

Through the $31.2 billion dollar legislation, the HSS is getting more tools and staff to enforce HIPAA, and states' attorneys general can bring civil actions. If there is a breach of protected health information through “willful neglect,” it could cost $25,000 per incident if the hospital moves to fix the security weakness and $50,000 per incident if it doesn't, up to a maximum of $1.5 million per year.

The enactment of the HITECH provisions to HIPAA should cause every Healthcare facility in America to closely examine their security policies and procedures. With compliance expenses on the rise and many budgets on the decline, there has never been a better time for Healthcare providers to consider the security and cost-saving advantages of in-house document destruction.

FACTA laws make shredding more important than ever

Shredding documents prior to disposal has always been a vital step in preventing identity theft, but the introduction of the Disposal Rule section of the FACTA security law makes shredding a necessity for businesses of any size, as well as individuals who employ even one person.

FACTA Disposal Rule defined

The Fair and Accurate Credit Transactions Act (FACTA), was enacted by Congress to minimize the risk of identity theft and consumer fraud. The Disposal Rule section of FACTA states that any person who possesses consumer or employee information for a business purpose is required to properly dispose of the information. This includes information used to establish eligibility for credit, insurance, or employment. The Disposal Rule was developed to cut down on identity theft by restricting the ability of thieves to “dumpster dive” for consumer information contained in discarded business records. It goes on to say that all employers must take reasonable measures to protect against unauthorized access to information in connection with its disposal. These measures include the burning, pulverizing, or shredding of physical documents and erasure or destruction of all electronic media. The main difference between FACTA and other security laws such as HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley is that it does not affect a single industry—it affects every business in America.

Secure Destruction

In 2008, over 15 million people were victims of identity theft. The number of victims as well as the number of identity thieves is increasing as well, and the threat they pose will only continue to grow.  Low-tech methods for stealing personal information are still the most popular for identity thieves.  Stolen items and physical documents accounted for 43% of all identity theft in 2008, while online methods accounted for only 11%. Our expert staff will help select the right paper shredder and optical shredder that will  hold up to years of service to reliably secure all your sensitive information at the source.

 

livechat