3 Examples of How a Data Breach Can Impact Your Company
Information security and records management go hand in hand when it comes to protecting your organization from a costly security breach. Whether you’re a health facility managing confidential medical records, an accounting office handling tax files, or a small business storing HR and Accounts Payable records in file cabinets, you are vulnerable to security and compliance violations. No matter your industry or the size of your business, we’re all human — and sometimes humans make mistakes. That’s why leveraging the expertise of a professional information management company can help alleviate the stress of managing and protecting paper records and ensure you stay compliant.
Below are three examples of companies who were fined for the negligent handling of private information:
1. An $800,000 HIPAA settlement between the Department of Health and Human Services and an Indiana community health system for an incident involving paper records dumping is the latest reminder that patient information needs to be safeguarded regardless of whether it’s electronic or paper-based. HHS opened an investigation into Parkview Health System after receiving a complaint from a retiring physician alleging that the provider organization had violated the HIPAA Privacy Rule. It seems Parkview employees left 71 cardboard boxes of confidential medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home.
What’s the lesson? While it may seem obvious that you should never leave confidential records of any kind exposed in a public place, if Parkview would have used an offsite document storage provider, the retired physician’s patient records could have been stored in a secure facility where they could be requested and retrieved by authorized staff only. This would not only free valuable office space, but also prevent the unauthorized transportation of private records.
2. A small Denver compounding pharmacy has been slammed with a $125,000 federal penalty for a breach involving improper disposal of paper records. It’s the second such HIPAA enforcement action within a year by federal regulators tied to an incident involving records dumping by a covered entity. An investigation was launched after the agents received notification from a Denver news outlet regarding the disposal of unshredded documents containing the protected information of 1,610 customers in an unlocked, open container on the organization’s premises.
What’s the lesson? Regardless of size, organizations need to implement a secure document destruction protocol in order to protect sensitive customer information from being exposed or falling into the wrong hands. Even as electronic records and “paperless” offices become more prevalent, it’s critical that policies are put in place to ensure secure disposal of hard copy records after they have been scanned. Utilizing a document shredding provider can alleviate the burden of destroying paper records in house and help keep you compliant.
3. Home Depot will pay more than $27.8 million — including $18 million in fines and costs — for improperly disposing of hazardous waste and illegally tossing out private customer information without first rendering it unreadable. The complaint alleged that more than 300 Home Depot stores and distribution centers in California were routinely throwing documents with sensitive customer information into store trash bins, which could have potentially exposed the data to identity thieves.
What’s the lesson? Properly safeguarding personal identifiable information is important no matter the size of your company or what industry you’re in. Without a document retention and destruction policy in place, it’s difficult to keep track of customer files and to know when and how to destroy them. Assign a staff member to research your state and federal regulations regarding document retention and implement a written policy that includes a shredding service and offsite document storage service. Placing convenient shred consoles in the office is also a great way to ensure confidential documents aren’t being thrown in a regular trash bin, potentially exposing customer and business information.