Most companies have a privacy policy in place, most likely included in their Company handbook. They may even review this with their employees from time to time -and perform periodic training to reinforce the need to keep their confidential information “their business”, and to minimize the possible risk of a security breach.
But are you doing all you can to make sure your company – and more importantly your clients’, customers’, or patients’ information is not improperly accessed, misplaced, or disposed of?
The importance of an All Shred policy:
Also – do you have an “ALL SHRED” program in place? Why would you need to shred 100% of the papers, files, and documents you dispose of? There are numerous forms and types of sensitive and confidential information. Social security #’s, medical info and history, patents or confidential company info, this information comes in many shapes, and sizes.
Are you confident leaving your office staff to determine what “is”, and is “not” considered confidential 100% of the time? Do you want to expose your business to this type of risk? An “ALL SHRED” program will guarantee you and your company that 100% of your confidential information is totally destroyed. The cost related to such a program is minimal considering the potential ramifications of a security breach.
To be HIPAA compliant you are required to have a “contracted” shredding company on file. An additional and beneficial step you can take is to make sure this company is NAID Certified. Also – insist on a Certification of Destruction along with each service invoice. Keep these on file – for written proof of this process.
The importance of destroying old hard drives:
Also – do you insist that all hard drives are removed and destroyed from obsolete computers? Do you receive a Certificate of Destruction for this process? Does the Certificate of Destruction include a log with serial# of each hard drive destroyed? Insist on this for your protection.
How about other obsolete electronic equipment within your office? Office copiers are as common today as an office computer. These are typically replaced with new technology once the equipment reaches the end of its lease – or maybe sooner. Are you aware that most if not all copiers today contain a hard drive, and that each copy made during your term of ownership is stored on that hard drive? Do you think your office has ever copied sensitive of confidential information?
Again – INSIST that each hard drive is removed and destroyed by a company that is certified to perform this service. And INSIST you receive a Certificate of Destruction along with a list of ALL hard drive serial #’s.
It’s your phone that’s going to ring when something goes wrong.
It is up to you as company Owner, President, CEO, CFO, or IT Manager to properly monitor and review this process. If not – and a security breach is the result, your phone will be ringing – not the receptionist’s or the after-hours cleaning crew’s.
For more information about All Shred services or hard drive destruction, please contact us.