Category: HIPAA

The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, is a significant piece of U.S. legislation that plays a crucial role in the healthcare sector. HIPAA primarily provides protections for employees to maintain their health insurance coverage when they change or lose their jobs. However, it is perhaps best known for its strict rules regarding the use and disclosure of individuals’ protected health information (PHI). HIPAA’s regulations are vital in ensuring the privacy and security of sensitive health information and in fostering trust in the healthcare system.

A central aspect of HIPAA is the Privacy Rule, which sets standards for the protection of individuals’ medical records and other personal health information. It applies to health plans, healthcare clearinghouses, and healthcare providers that conduct certain healthcare transactions electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. It also gives patients rights over their health information, including the right to examine and obtain a copy of their health records and request corrections.

Another critical component of HIPAA is the Security Rule, which complements the Privacy Rule. The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic PHI (e-PHI). This includes ensuring the confidentiality, integrity, and security of e-PHI, protecting against any reasonably anticipated threats or hazards to the security of such information, and guarding against unauthorized use or disclosure.

HIPAA also includes the Enforcement Rule, which contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations, and procedures for hearings. Violations of HIPAA can result in significant penalties, ranging from fines to criminal charges, depending on the severity of the violation and the harm caused.

In summary, the Health Insurance Portability and Accountability Act (HIPAA) is a foundational framework in the U.S. healthcare system, providing critical protections for health insurance coverage and establishing stringent standards for the privacy and security of health information. Its comprehensive regulations ensure that individuals’ health information is handled with the utmost care and confidentiality, reinforcing the integrity of healthcare services and patient trust.

Data and Paper Destruction Laws
Data and paper destruction is a critical aspect of safeguarding sensitive information in the digital age. As a business owner, staying compliant with relevant laws is crucial. Here are some important laws related to the importance of data and paper destruction:

1. HIPAA (Health Insurance Portability and Accountability Act)
- Purpose: HIPAA regulates the protection of healthcare data and personal health information (PHI).
- Relevance: If your business deals with healthcare clients or their data, HIPAA mandates secure disposal methods to prevent data breaches.
- Source: HIPAA Overview
2. GLBA (Gramm-Leach-Bliley Act)
- Purpose: GLBA focuses on safeguarding consumer financial information held by financial institutions.
- Relevance: If your clients include financial institutions or deal with financial data, you must comply with GLBA regulations regarding secure disposal.
- Source: GLBA Compliance
3. FACTA (Fair and Accurate Credit Transactions Act)
- Purpose: FACTA addresses the protection of consumer credit information.
- Relevance: If your business handles consumer credit reports, FACTA requires secure disposal of sensitive data.
- Source: FACTA Guidelines
4. GDPR (General Data Protection Regulation)
- Purpose: GDPR protects the personal data of European Union residents.
- Relevance: Even if your business is based in the U.S., if you process data of EU residents, GDPR compliance mandates secure data disposal.
- Source: GDPR Overview
5. State Data Breach Laws
- Purpose: Various U.S. states have their own data breach notification laws.
- Relevance: Depending on your location and client base, you may need to adhere to specific state laws governing data breach notifications and secure data disposal.
- Source: State Data Breach Notification Laws
6. Sarbanes-Oxley Act (SOX)
- Purpose: SOX mandates financial transparency and accountability in publicly traded companies.
- Relevance: If your clients include publicly traded companies, you may need to comply with SOX requirements for secure document disposal.
- Source: SOX Overview
7. E-Waste Disposal Laws
- Purpose: Laws governing electronic waste disposal vary by state and locality.
- Relevance: Proper disposal of electronic devices containing sensitive data is essential to prevent data exposure and environmental harm.
- Source: Check your local and state environmental agencies for specific e-waste disposal regulations.
Always consult legal counsel or regulatory authorities to ensure your business’s compliance with these laws, as they may evolve over time. Proper data and paper destruction practices are essential for protecting your clients’ information and maintaining your business’s reputation.

This article originally was published at Country Mile Document Destruction.

Related Blog Posts
September 8, 2023
What Businesses want to know about Document Destruction
Businesses that utilize document destruction services typically want to know various aspects of the document destruction business to ensure their sensitive information is properly handled. Here are some key areas of interest for businesses in this industry:
1. Security Measures: Companies want to understand the security protocols and measures implemented by document destruction providers. They seek information on how documents are handled, stored, and transported securely to protect against unauthorized access or data breaches. – Note: Country Mile Document Destruction certifies that once you dispose of your sensitive information in our bins it is never touched by human hands again until it is reduced to a recyclable pulp.
2. Compliance with Regulations: Businesses must ensure that their document destruction practices align with applicable regulations and industry standards. They want to know if the document destruction service provider follows legal requirements. Note: Country Mile Document Destruction keeps up with the latest laws including:
  Health Insurance Portability and Accountability Act (HIPPA)
  Computer Fraud and Abuse Act (CFAA)
  Gramm-Leach-Bliley Act (GLBA)
  The Sarbanes-Oxley Act (SOX)
  Fair Credit Report Act (FCRA)
  General Data Protection Regulation (GDPR)
3. Destruction Methods: Businesses want to be informed about the document destruction techniques employed by the service provider. They may inquire about shredding methods, whether the destruction is done on-site or off-site, and if there are additional measures like pulverization or incineration for extra security. – Note: Country Mile Document Destruction continually upgrades and updates its trucks and shredding machines. Here is a list of our current shredders:
  Shred-Tech MDS 25GT – Shreds paper at a rate of 2,500 to 3,000 lbs per hour
  Shred-Tech MDS 35GT – Shreds paper at a rate of up to 6,000 lbs per hour
  PT 30 Ultra Shred – Shreds paper at a rate of 4,000 to 5,000 lbs per hour
4. Chain of Custody: Maintaining a proper chain of custody is essential for businesses. They seek information on how the document destruction company tracks and verifies the movement and handling of sensitive documents throughout the entire destruction process. This helps ensure accountability and prevent any mishandling or unauthorized access. – Note: Country Mile Document Destruction uses locked security cabinets for storing sensitive data between pick-ups. These Security containers are locked and are equipped with a one-way slot that allows documents to be stored inside securely until a Country Mile Document Destruction Inc. agent arrives.
5. Certification and Auditing: Many businesses prefer document destruction service providers that are certified by reputable organizations, such as the National Association for Information Destruction (NAID). They want to know if the provider undergoes regular audits to validate compliance with industry standards and ensure the secure destruction of documents. – Note: Country Mile Document Destruction uses NAID-Certified data destruction procedures.
6. Environmental Sustainability: In today’s environmentally conscious business landscape, sustainability practices are a significant consideration. Companies may inquire about the document destruction provider’s commitment to recycling shredded materials or their efforts to minimize the environmental impact of the destruction process. – Note: Paper documents are ground into 5/8″ pieces and turned into mulch, then it is dumped inside the recycling facility.
7. Service Options and Customization: Different businesses have unique requirements, so they seek flexibility in service options. They may want to know if the provider offers on-demand or scheduled services, the ability to handle large volumes, or customization options to meet specific needs. – Note: Depending on your paper flow, Country Mile Document Destruction Inc. can be scheduled to come on-site with its mobile unit when it is necessary for you. Our agents then transport your data immediately to the vehicle and shred your documents on-site.
8. Pricing and Contracts: Cost considerations play a crucial role in decision-making. Businesses want to understand the pricing structure, whether it is based on the volume of documents, frequency of service, or other factors. They also inquire about contract terms, including termination clauses and service level agreements (SLAs). – Note: Contact us for our very competitive rates. In fact, send us a copy of your current shredding service bill, and more than likely we can beat it! How? By cutting out the middle man and passing the savings along to you.
9. Data Privacy and Confidentiality: Companies place a high value on the privacy and confidentiality of their documents. They want assurance that the document destruction service provider maintains strict confidentiality throughout the entire process and has proper protocols in place to safeguard sensitive information. – Note: You will receive a Certificate of Destruction from us. After all of the data has been destroyed, Country Mile Document Destruction Inc. recycles the paper residue.
10. Testimonials and References: Before selecting a document destruction provider, businesses often seek testimonials or references from other clients. They may want to know about the provider’s track record, reliability, and reputation in the industry. – Note: We keep our customers as secure as their documents but here is one testimonial we would like to share.
  “Country Mile Document Destruction is a company that is dependable and reliable. Knowing our financial records are completely destroyed, gives us peace of mind. – Rachel R. Raygo, CCUE President 2205 Hall Ave. Suite 107 Marinette, WI 54143
By addressing these key areas of interest, document destruction service providers can effectively communicate their capabilities, instill confidence in potential clients, and establish themselves as trustworthy partners in the secure disposal of sensitive information.

Related Blog Posts
June 7, 2023
Why It Can Be Against The Law If You Don’t Destroy Your Documents Correctly
Shredding Services by Country Mile Document Destruction

Safely destroying your sensitive documents will help prevent lawsuits, give you peace of mind, and protect your identity. But did you know that if you don’t do it in certain circumstances you would be breaking the law?

Circumstances Where Document Destruction and Retention is Required by Law

Medical

In 1996 the federal government passed the Health Insurance Portability and Accountability Act (HIPPA) so that businesses have safeguards in place. If these rules are not followed you could face a hefty fine. – https://www.cdc.gov/phlp/publications/topic/hipaa.html

You can read more information about HIPAA here.

Sensitive Information on your Hard Drive

In 1984 the federal government passed the Computer Fraud and Abuse Act (CFAA) regulating how businesses deal with sensitive data. Information that has been deleted from your hard drive can still be accessed using special software. The hard drive’s platters have to be destroyed to make the data on it unreadable in order for your data to be securely destroyed. – https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf

You can read more about the CFAA here.

Financial Documents

The Gramm-Leach-Bliley Act (GLBA) was passed by the federal government to set up restrictions and guidelines in place that govern how financial institutions dispose of and handle their data. – https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act

You can read more about the GLBA here.

Legal Documents

32 states and Puerto Rico have laws in place that protect identifying information collected by law firms, other businesses, and government entities that have to follow a special guideline on how information is stored, how long you have to store it, and how to destroy documents in paper or digital form. The information stored on such files has to be made unreadable or undecipherable according to the National Conference of State Legislators. In New York, N.Y. Gen. Bus. Law § 399-H – https://www.nysenate.gov/legislation/laws/GBS/399-DDD

Regulation on How Long You Retain Information

In 2002 the Sarbanes-Oxley Act was created to govern businesses on how long they have to retain their records before you can shred them. If you have any questions you can contact Country Mile Document Destruction to find out if these restrictions apply to you and find out what the retention times are. – https://www.congress.gov/bill/107th-congress/house-bill/3763

You can read more about SOX here.

Businesses with Customer Data

The Fair and Accurate Credit Transactions Act (FACTA) is an amendment to the Fair Credit Report Act (FCRA). This amendment was added to protect the consumer from identity theft. The FACTA is a guideline on how to properly dispose of and protect your customers’ sensitive or personal data such as account numbers, social security numbers, etc. – https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003

You can read more about FACTA here.

Residential Dumpster Diving

The Wisconsin legislature, on February 1st, 2000 enacted section 895.505 (Dumpster Diving Law) of the Wisconsin Statutes which could hold businesses and others civilly and criminally liable for not disposing of, or using “personal information” in accordance with the new law. – https://docs.legis.wisconsin.gov/2001/statutes/statutes/895/505/1/b

Did you know that if a person places their garbage on the curb off of their property it is legal for anyone to take it? Private detectives obtain information for their clients in this manner.

Why a Paper Shredder is Not Enough

A paper shredder makes the documents almost impossible for a person to piece together if there are enough pages shredded. A cross-cut paper shredder makes it even harder for a person to piece together the document like a jigsaw puzzle.

But did you know there is software and equipment out there that all you have to do is feed the pieces into a machine and the computer will sort it for you? That’s right, the computer can tell you what the document reads in a very small fraction of the time that it can be done manually, and shredding a document in this way is NOT in accordance with the law. Even confetti-like-sized pieces can be deciphered.

Did you know that you can buy software to do this yourself at home? An Israeli company sells software that can turn any PC and scanner into an “unshredder.”

That is our little blurb for today. I hope you enjoy the rest of your week!

Country Mile Document Destruction is NAID Certified. What Does That Mean?

Being NAID Certified (https://naidonline.org/certifications/) is a guarantee that you are protected by law and that your documents are destroyed in the proper manner. Not only that but Country Mile Document Destruction destroys the documents right there on the spot with one of its many mobile destruction trucks.

The documents are not only shredded but reduced to a pulp that turns it into ‘mush’ that is then recycled.

You can contact Country Mile Document Destruction to properly and legally destroy your documents for you. You can contact them using the following Information.

Ann Younk of Country Mile Document Destruction

Phone: (906) 753-9905

Email: Info@cmdocdestruct.com

Website: https://cmdocdestruction.com/

Call Us Today!

Related Blog Posts
April 23, 2021

Category: HIPAA

Data and Paper Destruction Laws

1. HIPAA (Health Insurance Portability and Accountability Act)

2. GLBA (Gramm-Leach-Bliley Act)

3. FACTA (Fair and Accurate Credit Transactions Act)

4. GDPR (General Data Protection Regulation)

5. State Data Breach Laws

6. Sarbanes-Oxley Act (SOX)

7. E-Waste Disposal Laws

Related Blog Posts

What Businesses want to know about Document Destruction

Related Blog Posts

Why It Can Be Against The Law If You Don’t Destroy Your Documents Correctly

Related Blog Posts