MicroShred South Florida Shredding Service

Liquid Technology Adds Mobile Hard Drive Shredding to Services

System can provide companies with shredding methods that meet Department of Defense requirements.

View post:
Liquid Technology Adds Mobile Hard Drive Shredding to Services

Cintas Partnering with Florida Post Office on Shredding Event

%excerpt%

Read more here:
Cintas Partnering with Florida Post Office on Shredding Event

U.K. Firms Merge to Provide Records Management Services

Box-It, Stortext will service customers with a diverse range of document management, storage and shredding programs.

View post:
U.K. Firms Merge to Provide Records Management Services

Access Acquires NorCal Shred

California records management firm expands its document destruction capabilities.

Go here to see the original:
Access Acquires NorCal Shred

Woman gets prison over Irving teachers ID theft

DALLAS — A Bedford woman apologized as she was sentenced to 34 years in prison in an identity theft scam targeting educators in Irving.

Sharon Denise Seeley pleaded guilty and was sentenced to 30 years for fraudulent use or possession of identifying information. She was sentenced to two years on each of two counts of credit card abuse.

The 40-year-old woman will serve the sentences concurrently.

About a dozen victims were in court Thursday. Several testified about how ID theft had destroyed their credit ratings and left their lives in turmoil.

Thieves were blamed for getting the data of more than 3,000 Irving teachers and other district employees from an old benefits report. Seeley, who was arrested in 2009 at a mall, says the information she used came from a binder thrown in a trash bin.

(see original article here)

Business Associates Can Pay Directly For Breaches

Business associates can be directly liable for a breach of unsecure protected health information (PHI) and could have to pay OCR directly, a top OCR official told HealthLeaders Media at the 18th Annual National HIPAA Summit Wednesday afternoon.

HealthLeaders Media asked Sue McAndrew, deputy director for Health Information Privacy for OCR, if a business associate could end up paying out of its own pocket for a breach.

The answer is yes.

“Business associates going forward will be directly liable for violations that occur in their possession,” McAndrew said. “The fines would be imposed upon the BA, and if they can’t pay, we send them to jail.”

McAndrew laughed at the line about “jail,” and said it was in jest.

However, she went on to say OCR would consider waiving—or decreasing—some of the penalties after an assessment of the financial state of a violating hospital. She also said that the “settlement door is always open.”

On Wednesday, McAndrews also released breach numbers for the month of January:

• As of January 2010, there have been 35 reports of breaches affecting 500-plus individuals, resulting in 712,000 notices.
• Most of the reports were ePHI contained in lost or stolen unencrypted media or portable device.
• There were more than 300 reports of smaller breaches.
• Most of the paper records were sent to wrong fax numbers, wrong addresses, and wrong individuals.

(see original article here)

Social Security numbers found lying in street

Sensitive documents mysteriously appear in Des Plaines, putting identities at risk

The W-2 form of Jeffrey Simmons of Santa Rosa, California, lies on the ground on the 1000 block of East Touhy in Des Plaines, Ill., on January 28, 2010. The W-2 came from MEDHQ, LLC in Westchester, Ill. Hundreds of documents including W-2 forms, financial and retirements statements, credit card accounts statements, and among others were found blowing in the wind.

When Elida Cruz worked in the banking industry, she assured clients that their personal information would remain confidential.

So, imagine her horror when she learned that much of her own information, including her Social Security number, birth date, phone number and job history, had become astonishingly public, floating down a Des Plaines street in a cloud of half-shredded paperwork.

Hundreds of sensitive, intact documents — including W-2 forms, investment account balances and job applications — were inexplicably swirling around Touhy Avenue and Eastview Drive on Thursday afternoon. After being tipped to the airborne paper trail, the Tribune contacted some of the people and companies listed on the documents.

None of them knew how the papers could have ended up in the street.

“I am pretty much disgusted with this,” said Cruz, 47, of Chicago, who was notified that at least 17 documents with her Social Security number (the apparent remnants of an old job application) had been retrieved. “All of that is sensitive information. You would think your stuff is secure.”

Privacy experts say the loss of confidential paperwork illustrates that even in an electronic age, stray documents remain a danger.

“It’s a lot more frequent than people would suspect,” said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego. “Most of the time it’s just not discovered.”

His group, which pushes for tighter privacy laws, tracks breaches of sensitive information. Though computer hackers are behind most such data loss, careless document disposal still causes problems. Since 2006, the clearinghouse has noted 33 cases of legal, medical and financial paperwork discovered in trash bins.

Losing track of sensitive documents can have serious consequences.

Washington, D.C., attorney Christopher Wolf, founder of the Future of Privacy Forum and a partner at Hogan and Hartson, said state and federal laws on data security have gotten tougher in recent years. Companies that lose records often must announce it publicly, he said — a public relations nightmare.

“These laws certainly have spurred compliance, and every major corporation now understands they have a data security obligation,” he said. “Companies know they can’t put sensitive records on the curbside or throw them in the Dumpster. It’s not to say that never happens, but it’s rarer.”

Many companies contract with vendors to destroy their paperwork. That is the case with MedHQ, a Westchester firm that provides business services to healthcare providers. Some of its employees’ 2009 W-2 forms were found in Des Plaines.

Tom Jacobs, MedHQ president, said he called his shredding company (he declined to name it), but no one there claimed responsibility.

“I don’t know how it could have happened,” he said. “It is really upsetting to know there might be some documents out there that are loose like that. We are down near Oak Brook and don’t have any customers in that area.”

David Collins, owner of Lindy Manufacturing, a metal stamping company in Downers Grove, said his business does all of its shredding in-house. He also had no clue how employees’ 401(k) statements from several years ago could have escaped.

“It disturbs me a lot,” he said. “You just have to trust that these people (with access to sensitive papers) will do the right thing.”

Robert Johnson, executive director of the Phoenix-based National Association for Information Destruction, said a good shredding company maintains an unbroken chain of custody over its documents, with a screened employee taking them from locked container to locked vehicle to secured shredder.

He guessed that a recycling company or waste hauler might have been the source of the Des Plaines paperwork.

“It would explain why materials from disparate sources would have ended up in one place,” he said.

Des Plaines police said Friday they had no reports about the paper trove.

The National Insurance Crime Bureau, whose Touhy Avenue headquarters are close to where the documents were discovered, had its employees collect as many as they could and plans to return them to the people named in the papers.

“If we see who belongs to the stuff, we will get it back to them,” spokesman Frank Scafidi said. “It’s definitely not ours.”

Freelance reporter Krystyna Slivinski contributed to this report.
(see original article here)

Medical files found in trash

PORT ST. LUCIE, FL — Police on turned up medical files in a trash bin near University Medical Clinics that contained information that could be used to commit identity theft, a police spokesman said Wednesday.

Police determined the files, which contained information including patient names, Social Security numbers, phone numbers and addresses, had been discarded from University Medical Clinics in the 1800 block of Southeast Port St. Lucie Boulevard, said Officer Tom Nichols, police spokesman.

A man identified by Nichols as a high ranking official with the company indicated an employee had thrown the files way.

“A garbage bag full of medical records is not an oversight,” Nichols said.

Dr. Samuel Sadow, CEO of University Medical Clinics, said Wednesday he didn’t think any patient information had been compromised.

“We’re very concerned about it and we’re doing our own internal investigation,” Sadow said.

Nichols said the records were returned to the office.

Nichols said the files initially were found by a woman acting on an anonymous tip that they’d been discarded. That woman then notified police of her discovery.

(Read original article here)

BIG DAY FOR HIPAA/HITECH PROVISIONS

While many of the changes to HIPAA contained in the HITECH amendment, such as increased fines, Attorney’s General enforcement, and Health Data Breach notification came into effect already, February 18th, the law’s one year anniversary, marks a number of significant HIPAA/HITECH milestones.

Here is a sample of some that could affect the secure destruction service provider . . .

1. Application of rules to, and accountability for, Business Associates.  (No longer are BAs solely tied to HIPAA by the BA contract with the Covered Entity, but now, in some respects, operate essentially with all the requirements applied to Covered Entities.)
2. Requirement for HHS to begin conducting mandatory audits.
3. Clarification regarding which entities are required to be business associates. (Both HHS and the FTC have already identified secure destruction services as BAs in earlier guidance publications.  It would difficult to see this changing)
4. HHS and FTC study on privacy and security requirements for PHR vendors and applications (PHR vendors are a new type of Covered Entity under FTC jurisdiction who maintain or process health-related data as a result of offering Internet based services.)
5. First annual guidance on the most effective and appropriate technical safeguards for health information. (This could go either way.  When HHS issued guidance on security measures to avoid data breach, they inadvertently caused many Covered Entities to apply the wrong particle size specification.  If guidance is promulgated in this new document with a similar type of reference, it will  make life a bit more complicated for secure destruction services)
6. HHS to implement a health information privacy educational initiative
7. Clarification regarding the ability to impose criminal penalties against individuals

Converge Adds IT Asset Disposition Services to Singapore Plant

Converge, a leading supply chain services company based in Peabody, Mass., has announced the expansion of its international IT asset disposition (ITAD) facilities to support the secure, “green” disposal of obsolete computer equipment.

Converge’s Singapore facility, which it calls a state-of-the-art hub for electronic components distribution, has been expanded to include a full suite of ITAD services.

“Global presence and capabilities have become key decision criteria for enterprises selecting an ITAD partner,” says Converge CEO Frank Cavallaro. “Today we have an unsurpassed worldwide network of facilities and expertise for advanced services that support the entire electronics life cycle.”

The enhanced Singapore ITAD operation joins Converge’s full-service facility in Schiphol, Netherlands, servicing Europe. These new centers complement Converge’s ITAD capabilities in the United States, with major facilities in Peabody and Columbus, Ohio

“The Fortune 1000 customers that we serve absolutely require in-region resources for the risk-sensitive disposal of retired IT assets,” says Chris Adam, Converge vice president of ITAD services. “They demand security and transparency throughout the entire process, from preparing IT assets for shipment to physically transporting them to the most appropriate processing facility. This cannot be accomplished without a uniform process that provides full visibility into each step of the disposition process.”

In addition to Converge-owned facilities, the company has developed a network of “managed partners” worldwide, which it claims provides “a single, seamless process across all its global ITAD service offerings.” The company says its process is tied together by its proprietary Asset Manager Web-based reporting system, which provides clients with real-time visibility into the process and features detailed reporting, metrics and benchmarking tools.

Converge is a global supply chain partner for technology-driven companies. The organization’s three business divisions provide to just-in-time distribution of electronic components, reverse supply chain solutions and secure IT asset disposition.