Read more here:
Archive Systems Expands Arizona Storage Facility
Company taking steps to counter sluggish markets.
SCA Closing Mills
Close to 1.5 million pounds of technology waste recycled last year through its Office Depot Tech Recycling Service.
See the rest here:
Office Depot Touts Success for its Store Recycling Project
Staples Wins NRC Award
Posted on April 17th, 2009 No comments
A Plymouth man says he made a discovery he wishes he hadn’t.He says while leaving the St. Joseph Regional Medical Center in Plymouth a few weeks ago, he came across a dumpster filled with hospital records.
WNDU obtained copies of some of those documents Thursday, and the hospital confirms they are official documents.
Patients listed on the documents also confirm that the records are accurate.
Meanwhile, the hospital is trying to figure out exactly what happened and how the man got these documents. They say his story doesn’t seem to add up.
The man, who wanted to remain anonymous, said something about the dumpster he saw in the parking lot a few weeks ago made him turn his head.
“It said across the side of this dumpster, ‘sensitive documents.’ It was just general open construction type (dumpster). I went over and looked in it and there were documents lying all over, un-shredded, in the bottom of this dumpster,” he said.
The man says he fished some of the documents out of the dumpster and kept some of them, as well a doctor’s appointment book from 2004.
“(The documents) tell the person’s name and what procedure they had done and how much they paid for it, the date that it was done. To me that’s just too much information,” he said.
Hospital officials don’t quite buy the story.
“Well first of all, we don’t have any dumpsters at any of our facilities that say ‘sensitive documents,’ so that right away is false,” said Mike Stack, a spokesman for the St. Joseph Regional Medical Center system.
But the fact of the matter is the man got the documents somehow.
“We are concerned. We don’t know how many of these he has. What these are is basically business reports. There’s no private health information on there, so basically no one’s identity is at risk or anything like that,” Stack said.
There are no social security numbers or detailed medical histories, but still enough to concern some patients.
“We don’t know how many he has. We would like to talk with him so that we could get them back to us or give them back to us, so we can better understand what’s going on here,” Stack said.
WNDU spoke with a few of the patients whose information was on the documents today. Many found it disturbing that someone else was able to get their information, as basic as it is.
One woman was very shaken, saying that information should only be kept between her and her doctor, and she believes that is a violation of her HIPPA rights.
Meanwhile, others were just relieved that there’s really no risk of identity theft from these documents alone.
The man says the dumpster he found the documents in was taken away and replaced with a different dumpster.
The one that sits in the parking lot now is a generic construction dumpster that does not say ‘sensitive documents’ or anything of the sort.
A construction project has been ongoing on that section of the hospital.
(by Ryan Famuliner – wndu.com)
Posted on April 16th, 2009 No comments
Boxes with documents detailing confidential information found next to Laguna Hills medical office building.
LAGUNA HILLS – Boxes with documents detailing confidential patient information, such as Social Security numbers and personal medical history, were found discarded next to a medical office building, which officials said could be a violation of patient confidentiality laws.
The documents, which were retrieved by a doctor about 90 minutes after they were discovered, could have exposed patients to identity theft and could be a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which governs patients’ privacy laws and addresses procedures for discarding medical records.
Sheriff’s officials were called about the discovery of the files at 5:04 p.m. on Nov. 26, 2008. The caller described boxes of private medical records that were found in a trash bin in the rear of a medical building at 24953 Paseo de Valencia. The documents included private information including Social Security numbers and patient medical histories, said Lt. Ted Boyne of the Orange County Sheriff’s Department.
Ralph Cummings, one of several doctors whose office sits on the second floor of the building, was called to the building to retrieve the documents.
In a phone interview Tuesday afternoon, Cummings said the files were mostly his personal financial records, and could recall only one file that included a patient’s personal information. How that file was mixed in with financial records, he did not know, he said.
“I can’t speculate to that,” Cummings said. “We do not and have not dumped medical records in the trash. We are aware of the guidelines.”
According to a statement issued by the Office of Civil Rights at the U.S. Department of Health and Human Services, HIPAA does not require a specific method to dispose of medical documents, but requires entities covered by the rule to “implement reasonable safeguards to protect the privacy of identifiable health information, including when records are disposed of.”
“The rule does not specifically require a particular method of disposal, but is flexible given the many health care settings and types of entities it covers,” the statement read. “However, shredding would be a reasonable safeguard when it comes to disposal and, of course, simply placing records in a dumpster where anyone can access them is not.”
Michael Robinson, spokesman for the U.S. Department of Health and Human Services, said the agency does not comment on ongoing investigations, and could not confirm if a complaint had been received until the investigation, if there was one, was closed.
John McDonald, a spokesman with the sheriff’s department, said it is unclear exactly how many patient files were in the trash container. The deputy at the scene did not make a report on the incident because it was not clear whether a crime had been committed, he said. Still, sheriff’s officials are reviewing the case to see what agency would handle such incidents.
“You’re basically exposing the people whose records they were,” McDonald said.
About an hour after the documents were reported, Cummings was reported to be on his way to retrieve the documents.
“He was basically instructed to dispose of the documents properly,” McDonald said. “They were sensitive material that shouldn’t be left like that.”
The documents were found in a trash bin that is enclosed by a brick wall and an unlocked wooden door. Signs posted nearby state that the area is under surveillance and a camera points directly into the trash bin.
When first contacted by telephone, Cummings said he did not recall the incident.
“I don’t recall that,” he said. “We don’t dump documents.”
Later in the phone conversation, Cummings said he did recall being called about the documents, but said they were not patient documents.
“They weren’t patient files,” he said. “I checked my files and we have nothing missing.”
After being told about the call to the sheriff’s department regarding the documents, Cummings said there was one patient file included in several personal financial documents that he threw away, but no more.
“There was one among the other financial records,” he said.
How a patient’s file was mixed in with personal financial records, he said he did not know.
In 2007, the Office for Civil Rights at the U.S. Department of Health and Human services closed 2,110 complaints regarding possible HIPAA violations in California. Of those cases, 477 cases were investigated and 273 required corrective action.
“If we determine a violation has occurred, then we determine whether criminal or civil penalties apply,” according to the statement issued by the department. “A knowing disclosure in violation of the rule is subject to criminal penalties, and we have referred over 200 cases to the Department of Justice for pursuit of potential criminal violations.”
Civil penalties could incur a fine of $100 for each violation. Knowingly obtaining or disclosing identifiable information could result in fines of $50,000, $100,000, or $250,000 and possible imprisonment.
Cummings said his office is aware of guidelines and does not dump patient files. When discarded, personal medical files from his office are either burned or shredded, he said.
(by Salvador Hernandez – ocregister.com)
Posted on April 15th, 2009 No comments
by David Quinlan
KIRO 7 Eyewitness News Consumer Reporter
SEATTLE – You’ve heard the horror stories of identity thieves hijacking your credit, your name and your livelihood. But what about your medical records? What happens if they get into the wrong hands?
What we found in dumpsters outside pharmacies and doctor offices filled with patients’ medical records — is not only disturbing, but possibly illegal.
Our investigation exposed a wide-spread problem of potential identity theft and has now sparked a state investigation.
Jeff Herman had no idea how we knew so much about him.
We found his prescription drug information, address and phone number in a dumpster outside a Seattle doctor’s office.
“I was shocked and felt a little betrayed,” Herman said. “It’s disturbing to think what’s going on out there with our information.”
In the course of our four month investigation, we uncovered bags full of private patient information recklessly discarded in the trash right outside pharmacies and doctor’s offices.
We even found syringes, urine samples, social security numbers and someone’s STD test results.
At Seattle-based American Data Guard more than 300 tons of private and secure information is dumped, sorted and shredded each month.
Data Guard general manager Kara Rudoff says thieves can use someone’s personal medical information to steal his or her identity and even obtain prescription drugs.
“When you’re dealing with protected health information, you have to keep in mind that those medical records have every piece of information about us,” Rudoff said. “I think this is a good wake-up call to people. This is happening out in the market place. It’s our information on the streets.”
At a Bremerton pharmacy we discovered pill bottles loaded with patient information, anti-depression drug prescriptions and refill orders.
We shared our findings with Steven Saxe of the Washington State Department of Health.
“This would be a violation of federal HIPAA laws,” Saxe said.
Although it is not required for health facilities to shred medical information, it still must be safe-guarded.
“This should be destroyed because it has contact information for patients on it as well as medications the patient is taking,” Saxe said.
At the state’s request, we handed everything we found over to health officials after they promised to investigate why these pharmacies and doctors offices failed to destroy private patient information.
“You raise some good questions,” Saxe said.
As for Herman, he’s talking with his doctor, but worries what other information may have been dumped in the garbage.
“How many times has my social security number been dropped in there?” Herman asked.
In other states, pharmacies have received hefty fines and doctors have even lost their licenses for incorrectly disposing sensitive records.
Washington State Health officials are taking this seriously — they not only are looking into our findings, but encourage anyone who feels their privacy may have been breached to contact their office at 360-236-4700.
Posted on April 14th, 2009 1 comment
Boom Time for Shredders
Identity theft hurts consumers, and it can cost companies that have put private data at risk thousands of dollars in fines.
But the problem has sprouted a growing industry — information destruction — that continues to move forward even though the economy has turned sour.
In central Ohio, roughly a dozen companies are certified in the industry, which includes shredding tons of paper and electronic devices, and wiping information from computers and other electronic equipment.
Established companies in the information destruction industry are growing an average of 10 percent to 25 percent each year, said Tim Oberst, president and chief executive of Ohio Mobile Shredding and president-elect of the National Association of Information Destruction.
The organization went from 180 members in 2002 to 1,150 this year, but it doesn’t track sales figures.
“As people become more aware of the need for information destruction, and as the regulations get tougher, they’re paying a lot more attention to it,” said Robert Johnson, executive director of the association. “Demand for information destruction services will continue to grow.”
Reasons for that demand include more technology turnover and an increase in the enforcement of regulations to properly destroy documents, Johnson said.
“In the last year and half, there has probably been $3 (million) to $4 million worth of fines,” Johnson said.
In Ohio, there have been two recent cases where companies have been accused of improperly discarding information.
Last December, the Department of Commerce filed a complaint against a mortgage company accusing the owner of abandoning hundreds of customer records when he went out of business.
Another notice was filed in October against a Cuyahoga County mortgage company for a similar incident.
Department of Commerce spokesman Dennis Ginty said that because of the distress in the housing market, mortgage brokers are going out of business and some simply abandon their records after they close their offices.
“We are very concerned about possible identity theft and want to make sure that all customer personal information is protected,” Ginty said.
Oberst, of Ohio Mobile Shredding, said his company was the first of its kind in Columbus in 1987, and he has watched the business boom since then.
“The industry started to grow to the point where it became an ‘industry,’ ” Oberst said.
It was tough to sell shredding services when he started out because businesses weren’t particularly concerned, Oberst said.
“Most businesses would say, ‘What do you have to shred? We don’t have anything confidential,’ ” Oberst said. “Their attitude was out, ‘of sight, out of mind.’ ”
“It’s like an everyday thing that has to be taken care of,” Oberst said.
CareWorks, a managed-care organization for workers’ compensation, is one of Ohio Mobile Shredding’s customers. It ships 16 to 18 96-gallon barrels of paper to the company every two weeks, said Dave Gran, the facility manager.
“That personal, confidential documentation has to be destroyed in a certain manner,” he said.
Mobile Shredding does both paper-shredding and product-destruction — which can include anything from ID badges to hard drives.
“From my perspective, if a company really wants to be sure the information isn’t left on the hard drive, we recommend physical destruction,” Oberst said. “The little money you get from reselling a hard drive is not worth the risk.”
Hilliard-based Redemtech, a company that helps large corporations manage technology changes and upgrades, uses a hard-drive overwrite program to destroy the data on its clients’ computers.
The overwrite program puts a data pattern over top of the original information, thereby obliterating it, said Redemtech president Bob Houghton.
“If part of your objective is to preserve the financial value of the assets, if you can preserve the hard drive, it really helps,” Houghton said.
Redemtech handles e-waste — used electronics ranging from computers to cash registers. It erases hundreds of thousands of hard drives a month, Houghton said.
The company generally tries to refurbish and resell items for clients, so it puts an emphasis on inventory control to make sure no data is preserved.
“Every single gram of material that moves through the plant is accounted for, particularly data-bearing devices,” Houghton said.
With states adding regulations on top of existing federal laws, Houghton said many corporations are becoming more concerned about data destruction.
“It’s good because it means increased consumer protection and less chance of identity theft,” Houghton said. “It’s really tough for a corporation to make sure they’re complying across all the jurisdictions they may be doing business in.”
Redemtech’s customers include national banks, top insurance companies and health-care organizations, Houghton said.
Clients now request extra rigor in overwriting data — for example, a company that in the past only wanted one overwrite pass now might ask for three, Houghton said.
“This is simply to ensure there is even less chance that any data is going to be left in a readable state on the hard drive,” he said.
Whether it’s through data overwrite programs or simply shredding documents, proper disposal of personal information is becoming more important as concern over identity theft rises.
“The consumer has become more aware their information is in so many places and they have no idea how the company is protecting it,” Oberst said.
Posted on April 13th, 2009 No comments
SALISBURY — As many as 100,000 patients of Peninsula Orthopaedic Associates are being warned to protect themselves against identity theft after tapes containing patient information were stolen.
In a letter mailed this week, Chief Executive Officer Brian K. Mathias told patients they should place 90-day fraud alerts on their accounts at the three major credit bureaus.
Patients also were advised to keep an eye on benefits statements from their health insurance companies since they may also be at risk for medical identity theft.
“What a mess,” said Ann Suthkowski of Salisbury, who was treated at Peninsula Orthopaedic more than two years ago for bone fractures.
Suthkowski said she planned to give copies of the letter to her attorney and her health insurer as a precaution.
Another Salisbury resident, Theresa Flores, said her daughter, her husband and parents all got letters, too. Since her daughter is only 12 and probably has no credit history, Flores said she’s not sure if she needs to report it to the credit bureaus.
“I am a little concerned, and I don’t know what to do,” she said.
The records from Peninsula Orthopaedic — which has offices in Salisbury and Berlin — were stolen March 25 while in transport to an off-site storage facility, Mathias said in the letter.
“While this information was stored in a proprietary database format and would not be readily accessible to the average person without specialized equipment or software, it is capable of being accessed by a third party,” Mathias wrote.
Patients’ personal information including their Social Security numbers, employers and health insurance plan numbers may have been among the information stolen.
“Our patients’ privacy is a top priority for Peninsula Orthopaedic Associates,” Mathias said in an e-mail to The Daily Times on Friday. “We were notified of a potential security breach on March 25th and began working immediately with law enforcement to investigate this matter thoroughly and quickly.We have notified all of our patients and they can call with questions anytime. At this point, there is no evidence that any of our patients’ information has been compromised.Since the matter is now in the hands of law enforcement, we are not at liberty to discuss the ongoing investigation.”
A spokeswoman for the 56-year-old practice also declined to release any more details because of the ongoing police investigation.
However, she re-emphasized there is no evidence so far than any of the information has been accessed or misused.
“We’re hoping that brings some level of comfort to people,” she said.
(by Liz Holland- delmarvanow.com)
Posted on April 6th, 2009 No comments
Man says he found stacks of credit card info-
An Indianapolis extended-stay hotel may be putting its customers at risk for identity theft. A customer at Homestead Studio Suites said he was throwing his trash away when he noticed stacks of documents in the hotel dumpster. A closer look revealed the documents contained personal information about customers who stayed there.
24-Hour News 8 wanted to find out whether Homestead Studio Suites actually threw away sensitive documents in a regular trash bin. We found folders, files and loose papers in the dumpster that included customers’ names, home addresses, phone numbers and e-mail addresses. Most troubling of all, we found complete credit card numbers, the kind of card used, and expiration dates.
The documents appear to be from several years ago.
A banker told 24-Hour News 8, even though the credit cards have expired, the documents should’ve still been shredded. Experts said the high-tech programs and equipment professional identity thieves use nowadays make it very easy for them to possibly become you.
24-Hour News 8 tried to speak with a hotel manager about their document handling practices. The manager refused and referred us to the corporate offices. We did not mention the dumpster documents to the manager. But right after we left, she quickly walked out to the dumpster while talking on her cell phone.
We called the corporate number several times and left messages asking for an explanation, but we did not get a call back. We tried to contact some of the customers listed on the documents, but we weren’t able to get in touch with them.