Category Archives: PacNews

How to Ensure HIPAA-Compliant Document   Destruction

The Health Insurance Portability and Accountability Act (HIPAA) was enacted as a federal law in 1996 to combat insurance fraud and medical identity theft. The act’s Privacy Rule states that healthcare providers and their business associates must implement “appropriate administrative, technical and physical safeguards to protect the privacy of protected health information (PHI).” As a result, when disposing of PHI, you must prevent unauthorized access to that information. Here we share our knowledge about ensuring HIPAA-compliant document destruction in your organization.

Use a NAID AAA Certified Provider

Outsourcing the destruction of medical records may ensure HIPAA compliance, but only if your shredding provider is National Association of Information Destruction (NAID) AAA Certified. To achieve AAA status, they must meet strict security regulations verified by an independent Certified Protection Professional (CPP), accredited by the American Society for Industrial Security International (ASIS). CPPs assess the following areas during scheduled and unannounced audits: 

  • Employee screening processes
  • Operational practices
  • Security procedures 

Additionally, NAID requires that all paper must be destroyed with a cross-cutting shredding process that reduces it to a tiny particle size. Together, all of these requirements significantly reduce privacy risks to PHI. 

Update Your HIPAA Business Associate Agreements

Any supplier or vendor that handles PHI for a HIPAA-covered entity is required to sign a HIPAA business associate agreement. This document requires your business associates to abide by HIPAA security and privacy rules, and is legally binding. Your document destruction provider should also sign a HIPAA business associate agreement. If they refuse to do so, you should look for another provider.

Verify Chain of Custody

HIPAA-compliant destruction requires an unbroken chain of custody during the collection, handling and disposal of PHI. Your document destruction provider should have strict policies in place to keep PHI secure at all times. These policies should include:

  • Locked shred collection containers
  • Video recording of the shredding process
  • Transport of PHI in GPS-tracked vehicles
  • Issuing of a Certificate of Destruction

Ask your document destruction partner to give you step-by-step procedures for the entire destruction process.

Destroy Media Containing PHI

Healthcare providers now use electronic health records as much as paper records. Like paper records, electronic health data should be destroyed in a manner that prevents unauthorized access to PHI. Merely deleting files or overwriting PHI stored on hard drives or backup tapes should never be used as a final disposition solution for this information. With the right tools, criminals can recover PHI from deleted media and devices. Instead, use a hard drive shredding service in which specialized shredders crush your media into tiny pieces, making it impossible to recover PHI.

Understanding and using HIPAA-compliant document destruction helps your healthcare organization keep patient privacy intact.

Pacific Records Management provides NAID AAA Certified shred services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

What Offsite Document Storage Can Do For Your Business

Does your business have a paper problem? If you’re struggling to find a balance between archiving your documents and managing them efficiently, don’t worry—there’s a good solution. Here’s what offsite storage can do for your business: 

Offsite Storage Prevents Insider Theft

One of the biggest threats to your sensitive information may lurk within the walls of your organization. Insider theft of corporate information and customer records is an increasing concern for businesses of all sizes. These crimes can go undetected for weeks or months and do extensive damage to your bottom line and business reputation.

Offsite storage reduces insider theft risks by providing secure, controlled and monitored storage for sensitive records. Your documents are stored in a facility where access is limited to background-screened and authorized records management professionals. They retrieve files requested by pre-approved employees in your company and deliver them, maintaining a strict chain of custody. A barcode tracking system lets you monitor and maintain a record of all file activity.

Offsite Storage Frees Up Space

A cluttered office is an unproductive office. Offsite storage frees up space so it can generate revenue for your business. Areas where boxes of records and file cabinets are currently stored can instead be used as workstations or to develop products and consult with clients. 

Offsite Storage Promotes Savings

Commercial records storage offers an affordable solution for storing your business records. Rather than renting more storage space than you need in a self-storage facility, you only pay incrementally for the storage space you use within the records center. When a document storage carton reaches its final disposition date and is destroyed, your storage fee decreases. 

Offsite Storage Preserves Important Paper Records

Even in our digital age, paper records are still viable and necessary. But they are prone to fires, floods, natural disasters and unstable environmental conditions. For example, documents stored in a damp and musty basement will eventually succumb to mold and mildew. If you plan on preserving your documents long-term, they should be stored in a stable environment.

A commercial records center that meets National Fire Protection Agency (NFPA) and State of California Department of Public Health (CDPH) standards is the ideal facility for preserving your business documents. These dedicated document storage facilities have specialized climate and fire protection systems that can protect vital business documents for decades. 

Offsite Storage Improves File Accessibility

Think of how productive you’d be if you could reclaim the hours spent looking for lost files. With offsite storage, you never lose files. They are barcoded and tracked using an advanced inventory management system. Secure client web access allows authorized users from your organization to see the number and type of records you retain, who has what file, and where it’s located. When you request a file, its barcode is scanned before being retrieved from its designated storage location. Then the file is either hand-delivered or sent to you electronically through a Scan on Demand service. You never have to stop what you’re doing to find your information; all file access and delivery is professionally handled for you.

Offsite document storage helps you solve the paper problem by offering your business these practical benefits.

Pacific Records Management provides document storage and data protection services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties.

Recent NAID Study Highlights the Importance of Data Destruction

In a new study released on March 24th, the National Association for Information Destruction (NAID) found that 40 percent of used electronic devices sold on the secondhand market contained personally identifiable information (PII). Usernames, passwords, credit card data, tax details and contact information was found on used hard drives, mobile phones and tablets analyzed in the study. The recovery process used to identify data on more than 250 devices required no advanced forensic training.

These findings underscore the importance of destroying obsolete and outdated electronic devices. Sensitive information on erased or “wiped” computers, back up tapes and hard drives is easily recoverable. As a result, strict measures should be taken to guarantee data on used digital devices is permanently destroyed.

A NAID AAA Certified hard drive shredding service is the most effective solution for ensuring digital data is irrevocably destroyed. Advanced shredding equipment pulverizes each device into tiny pieces, rendering the digital data unreadable. The destroyed devices are then separated into component parts and recycled according to EPA regulations.

To learn more about our hard drive shredding service, please contact us by phone or complete the form on this page.

Pacific Records Management provides shredding services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties.

How a Scheduled Shredding Program Helps Your Business

As a business owner, it’s critical to protect the security of your important business documents and information. Sensitive and confidential documents are an easy target for thieves. Here are several ways a scheduled shredding program helps you maintain a high level of security for your business information:

Scheduled Shredding Establishes a Record of Compliance

How do you make sure your document disposal practices stand up to an auditor or regulator? A scheduled shredding program establishes a reliable, consistent and secure process for destroying sensitive information and complies with the requirements of state and federal privacy laws, including:

  • HIPAA
  • SOX
  • GLBA
  • FACTA

Documented chain of custody is followed throughout the shredding process. As a result, you’ll be confident that your business is compliant with legal and industry regulations.

It Offers Proof of Destruction

Proof of destruction and compliance go hand-in-hand. With a scheduled shredding program, you’ll receive a Certificate of Destruction every time your documents are destroyed. This certificate verifies that your records are destroyed promptly and securely and includes the following information:

  • Date and location of destruction
  • Destruction witness information
  • Invoice or transaction number 

It Prevents Identity Theft and Corporate Fraud

The longer you wait to destroy old, outdated documents, the more risk you assume for your customers, employees and entire business. A scheduled shredding program establishes routine destruction of expired and out-of-date paper records, so your sensitive information never falls into the wrong hands.

It Saves Time

The more productive your employees are, the more profitable your company will be. Scheduled shredding streamlines the document disposal process so your staff can focus on core business tasks. Instead of relying on an office shredder to destroy documents and files, individuals can quickly deposit sensitive paperwork into secure collection containers. Staples, paperclips and rubber bands don’t need to be removed from files, so even more time is saved. Then, on a weekly, bi-weekly, or monthly schedule, your shredding provider collects the contents for secure destruction. 

It Reduces Costs

Besides saving you time, a scheduled shredding service saves you money. It eliminates the need to buy, repair and replace office paper shredders. And since collection containers don’t use any electricity, you save on your energy costs as well. 

Scheduled Shredding Protects the Planet

By ensuring that every document is recycled and reused after it’s destroyed, a scheduled shredding program also protects our environment. Your document destruction provider bales your shredded files and sends them to an authorized recycling partner. At the recycling facility, the shredded material is used to produce a variety of paper products. The recycling process keeps paper waste out of the ecosystem for a healthier planet.

From establishing compliance, to preventing theft and fraud, and saving time and money, a scheduled shredding program is a wise choice for your business.

Pacific Records Management provides scheduled shredding services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties.

Answers to Your Questions about Offsite Records Storage

Throughout the year we receive questions from potential clients about offsite storage—and we love answering them! In this blog post we highlight several of the most commonly-asked questions about offsite storage. 

Q: Why should I store my documents offsite?

A: There are several reasons you should store your documents offsite:

1. Since your documents may include private information, you must prevent unauthorized access to them. Offsite storage in a commercial records center protects your documents from both outsider and insider theft with the following security systems:

  • Intrusion detection technology
  • Digital surveillance
  • Motion sensors
  • Access control and monitoring

2. To protect them from disaster. Most office filing cabinets are neither fireproof nor watertight, which leaves your documents vulnerable to fires, flooding and other disasters. This is why you should store your business records in a secure location separate from your primary business premises. That way, should a flood, fire or other catastrophe occur at your business location, at least your information will stay safe.

3. To make the most cost-effective use of your office space. Offsite document storage cost less per square foot than using leased office space to store your records and files.

Q: Can’t I store my documents in a self-storage unit?

A: Yes, you can store your documents in a self-storage unit, but it is expensive and risky. A commercial records center offers far superior security, safety and management than a self-storage facility. It is designed for the exclusive protection, preservation and management of documents and files. Unlike a self-storage facility, no flammable or combustible materials may be stored inside a records center. Only screened records management professionals may access the facility. Every item is barcoded for quick retrieval and delivery, so you never have to drive to get your documents. Plus, unlike self-storage, you only pay for the exact space you use.

Q: What about My Digital Data? Should It Be Stored Offsite, Too?

A: Absolutely! Any information you need safeguarded should be stored offsite. In fact, disaster recovery experts recommend storing digital data, as well as paper records, offsite.

If your organization has limited IT infrastructure and staff, an e-vaulting solution is ideal. Your data is backed up automatically, then encrypted and transmitted to a secure data center for storage.

If you back up offline to tape, you need the specialized offsite storage environment of a media vault. It serves one purpose only: the protection and preservation of optical and magnetic media. A media vault features:

  • Strict temperature and humidity monitoring
  • Waterless fire suppression systems
  • Shelving systems that minimize light and dust pollution
  • Security surveillance technology

Each tape is individually barcoded so it can be retrieved quickly in support of your data recovery objectives.

If you have a question we haven’t answered in this blog post, please contact us by phone or complete the form on this page. We’ll make sure you get the right answer!

Pacific Records Management provides document storage and data protection services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties.

 

What to Do If Your Identity Is Stolen

Here’s a fact that’s hard to swallow: according to the credit reporting agency Equifax, every two seconds, someone in America becomes a victim of identity theft. That means, at some point in time, you’re likely to have your identity stolen. If it does happen to you, follow these steps to minimize the damage to your finances: 

Breathe

It’s understandable that your emotions may take over if you discover your identity is stolen. Feelings of panic, anger and despair are common. Remaining calm can help you remedy the problem in a clear and thorough manner. Take deep breaths before moving on to the next step. 

Close Affected Accounts

Once you’ve collected your emotions, you can get down to business. First contact your bank, credit card company or financial institution to close the affected accounts. Each should give you forms to dispute fraudulent transactions. Ask for written confirmation that they’ve closed the fraudulent accounts and discharged fraudulent debts. 

Clean Up Your Credit

When your identity is stolen, it’s important to minimize further damage to your credit by placing a fraud alert on your accounts. There are three major credit bureaus to contact:


Fortunately, you don’t need to contact all three companies. Each is required by law to contact the other two once a fraud alert is made. 

File a Complaint with the Federal Trade Commission (FTC)

The FTC is responsible for preventing and remedying identity theft. You can file an identity theft complaint with the FTC online or by phone or mail. An FTC representative will create an identity theft affidavit to help you dispute fraudulent accounts and provide you with an FTC ID Theft Complaint Form. 

File a Police Report

After you’ve created an identity theft affidavit with the FTC, file a report with your local police department. Bring a printed copy of your FTC ID Theft Complaint Form and any supporting information from your bank, credit card provider or credit bureau, as these will help expedite the process. Don’t forget to ask your local investigator for a copy of the police report. 

Record Everything

From your FTC representative, to the local police investigator assigned to your identity theft case, keep a record of the people you talk with, when you spoke to them and notes about the conversation. Make copies of your police report and any written correspondence sent to your bank, credit card company or credit reporting agency. This information should be filed in a secure place for referencing the specifics of your situation and providing proof against any potential future errors on your credit report.

Identity theft is one of the most devastating things anyone can experience, but with the right approach you can minimize the damage and reclaim your financial well-being.

Pacific Records Management provides records and information management services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

Why, Where & How To Store Your Business Documents

Office shelves full of files and boxesDespite the transition to a digital world, paper-based business processes are still common and necessary. Accepting this fact is the first step to tackling your document inventory head-on and ensuring security, efficiency and compliance in your organization. In this blog, we address why, where and how to store your business documents. 

Balancing Risk, Disaster Protection and Cost

There are several reasons why you should have an offsite, rather than in-house, document storage plan. Risk reduction is the first reason. Your business records include proprietary and confidential information, therefore only authorized individuals should have access to them. Offsite storage eliminates internal security risks that allow unauthorized employees to access sensitive information.

The second reason to have an offsite storage plan is disaster protection. Besides preventing unauthorized access, offsite storage protects your documents against fires, floods, and other unexpected disasters at your primary location. Following a catastrophic event, you will still have access to your business information.

Third, offsite document storage saves space. Leased office space is expensive and filling it up with business records isn’t cost-effective or efficient. Offsite document storage allows you to use your office space for what it’s intended: to generate revenue for your business.

Protection, Preservation and Organization

Now that you understand why you should store your documents offsite, the next step is choosing where to store them. A commercial records center offers the best choice for protecting the confidentiality of your documents, preserving their condition during archival retention, and keeping them organized. It’s a specialized document storage facility equipped with advanced systems to keep your business documents safe, secure and organized. It features:

  • Climate controls with monitoring
  • Fire protection technology
  • Digital surveillance
  • Access control and monitoring

Only pre-screened and authorized personnel can access the records center. Your records are barcoded and tracked in a records management system, allowing easy requesting of documents online for delivery to your office any time.

Barcoding, Labeling and Indexing

With the right document storage facility, deciding how to store your business documents is easy. Your records storage partner provides everything needed to make an easy and painless transfer of documents from your office to the records center. Prior to document pickup they will give you barcodes and transmittal forms. Document storage cartons can also be provided for efficient packing of your files. If needed, each carton can be professionally indexed for you. When your documents are ready, they are picked up from your office and transferred to the records center for storage in a GPS-tracked vehicle.

Knowing why, where and how to store your business documents is essential in today’s hybrid Digital Age.

Pacific Records Management provides records and information management services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

Disposing of Medical and Legal Records the Right Way

Medical records envelope attached to a file-folder with Confidential text isolated on white

There’s a right way and a wrong way to dispose of the sensitive records commonly found in medical and legal practices. The wrong way can lead to stiff fines, exorbitant breach notification costs and loss of client trust. If you’re a doctor or an attorney, here we share the right way to dispose of your medical or legal records so you can stay focused on your clients and patients.

Make It Easy

The easier you make document disposal for your employees, the less risk your medical or legal practice will incur. In-house shredding with an office paper shredder is time-consuming. Your staff has to remove staples and paper clips from files before shredding them. Paper jams, which happen frequently, must be fixed as they occur, otherwise documents can’t be shredded. And almost as frequently, the shredding receptacle needs to be emptied. Besides affecting your staff’s productivity, these burdensome processes increase the chance of sensitive medical records and client files ending up in an unsecured trash can.

A shredding and destruction service eliminates this risk by streamlining document disposal practices for your staff. Locked shredding collection containers replace your office paper shredders. Employees can quickly drop sensitive files through a slot in the container without having to remove folders, staples or paper clips. On a scheduled or as-needed basis, screened, uniformed and badged professionals empty your containers, and transport your documents to a shredding plant for secure, offsite destruction or shred them onsite with a mobile shredding vehicle.

Document Compliance

Attorneys that practice real estate law or offer financial or estate planning services must comply with the Gramm-Leach-Bliley Act (GLB). Some law practices, like health care attorneys, may also be subject to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA’s Privacy Rule states that covered entities must implement “appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.”

Whatever regulations you are required to comply with, a professional shredding service can help. Strict chain of custody protocols are followed throughout the document collection, destruction and recycling process. A Certificate of Destruction is issued after shredding is complete to document the time, date and method of destruction and also proves your practice is compliant with state and federal privacy laws.

Not destroying your medical and legal records isn’t an option. Document destruction done the right way saves your practice time, money and risk.

Pacific Records Management provides records and information management services for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

What the HIPAA Final Omnibus Rule Means for Your Business

Hipaa Compliance Icon GraphicWhen the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, health care providers were required to follow privacy and security standards for Protected Health Information (PHI). Since that time, HIPAA rules have expanded to include electronic health care records as well. The latest change to the law, enacted in 2013, is the Final Omnibus Rule. Here we share what this rule means for your business.

Business Associate Designation

The HIPAA Final Omnibus Rule marks the most sweeping changes to patient privacy protection since the inception of the law. These changes apply to health care providers and their “business associates,” which are defined as any organization that stores, receives, creates and maintains PHI on behalf of a covered entity. Under the rule, the definition of a business associate has expanded to include:

  • Organizations or persons that provide data transmission services with respect to PHI for a covered entity
  • Vendors offering PHI records to individuals on behalf of a covered entity
  • Subcontractors that receive, create, or maintain PHI on behalf of a Business Associate

If your company falls under any of these categories, or handles PHI in any way, it must have a business associate agreement requiring:

  • Compliance with the Security Rule
  • Breach reporting standards
  • Compliance with the Privacy Rule

 “Breach” Definition

The Final Omnibus Rule changes the definition of a “breach.” Before it was enacted, limited sets of used or disclosed PHI that did not contain dates of birth or ZIP codes were eliminated from breach notification rules. Now, even limited sets of data, regardless of content, must be handled like all other breaches of PHI. As a result, it’s important to maintain a strict chain of custody when handling all types of PHI.

Breach Notification Rules

Breach notification rules have not changed under the Final Omnibus Rule. Covered entities are still required to notify affected individuals no later than 60 days after the discovery of a breach. They must also provide notice to the media and the Department of Health and Human Services. However, in the instance of a breach, both covered entities and business associates must demonstrate that notification requirements are met or provide documentation that unauthorized use of disclosure did not constitute a breach. In short, your business should have documented policies and procedures in place to detect and respond to breaches of PHI.

If you are a HIPAA covered entity or business associate, the Final Omnibus Rule impacts your organization. If you need further compliance guidance, we can help.

Pacific Records Management provides HIPAA-compliant records and information management solutions for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

4 Ways Your Business Could Lose Its Data

 

If you aren’t prepared, data loss does more than catch you off-guard—it puts your entire business at risk. Fortunately, as the adage goes, “An ounce of prevention is worth a pound of cure.” Here are four ways your business could lose its data and how to prevent them from happening:

1. Disaster

A word cloud of data loss related itemsFires, floods, earthquakes, power outages and even human error pose a risk to your business data. Off-site storage protects your data from a wide range of catastrophic events that could compromise your primary business location. Professional records centers are designed to protect paper documents from fires, floods and natural disasters. When choosing a professional records storage provider in California, look for a facility that meets National Fire Protection Agency (NFPA) and State of California Department of Public Health (CDPH) standards and offers the following features:

  • Strict access control protocols
  • Digital surveillance
  • Fire detection and suppression technology

2. File Mismanagement

Mismanaged information often leads to data loss, especially when file access and retrieval is handled by committee. Without proper oversight, confidential and sensitive business records can be misplaced and even stolen.

A records storage service eliminates this problem. Your files are securely stored offsite, barcoded and tracked in an inventory management system. Secure online access allows you to see the number and type of records you retain, who has what file, and where it’s located. When a file is needed, it’s retrieved from its designated storage location and either hand-delivered to the requestor or sent to them electronically through a Scan on Demand service.

3. Cyber Theft

If your business network isn’t secure, a criminal on the other side of the world could steal your data in the blink of an eye. Malware, ransomware, botnets and distributed denial of service (DDoS) attacks are on the rise, posing a risk to the data of organizations large and small. Protect your network from these threats by installing a firewall and keeping your security software, operating systems and applications up-to-date. Require employees who work remotely to use a virtual private network (VPN).

Don’t get lazy with your passwords. According to the Cloud Security Alliance, 22 percent of companies suffering a data breach report compromised or abused credentials as the root cause. Keep your system hacker-proof by using different passwords for multiple applications. Instead, use a unique a password with combination of numbers, special characters and upper and lower case letters for each login. A password manager can help you keep track of multiple passwords and offer encryption options.

4. Improper Disposal

Think the data you’ve tossed in the trash is gone for good? Think again. Whether it’s a paper document with client information or a backup tape with sensitive financial records, no data is safe in the trash. Thieves case business dumpsters, looking for easy opportunities to steal confidential and sensitive information.

Using a NAID AAA Certified shredding service keeps your documents and media out of the trash where they can easily be stolen. From the secure collection of your unwanted and expired documents to their final destruction and recycling, the entire disposal process is handled by background-screened professionals following a strict chain of custody process.

When it comes to keep your business data safe, preparation and prevention makes all the difference in the world.

Pacific Records Management provides records and information management service for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or complete the form on this page.

Info or Quote Request

  • This field is for validation purposes and should be left unchanged.

Copyright 2017 Pacific Records. All rights reserved.