Month: April 2016

HITECH rule an important enforcement tool . . .

BlueCross-BlueShield of Tennessee has agreed to pay a$1.5 million settlement and carry out a corrective action plan in the wake of a 2009 breach that affected more than 1 million individuals. In addition to the $1.5 million payment, the settlement calls for the health insurer to review, revise and maintain its privacy and security policies and procedures; conduct “regular and robust” training for all employees on their responsibilities under the HIPAA privacy and security rules; and perform reviews to ensure compliance with the corrective action plan, according to anHHS announcement.

“This settlement sends an important message that OCR expects health plans and health-care providers to have in place a carefully designed, delivered and monitored HIPAA compliance program,” says Leon Rodriguez, director of the HHS Office for Civil Rights. “The HITECH breach notification rule is an important enforcement tool, and OCR will continue to vigorously protect patients’ right to private and secure health information.”

What to do if you might be a victim of identity theft . . .

Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).

Fill out IRS Form 14039 and fax or mail back to IRS.

Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.

Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.

Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.

Contact one of the three credit bureaus: Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.

Save storage space, keep your business legally secure . . .

Retention schedules are one of the most important aspects of a documents life cycle. Different documents have different legal requirements and these requirements may be as short as a month or as long as twenty five years.

Retention schedules are important for several reasons, such as saving you storage space, but most importantly it keeps your business legally secure. In the event of a lawsuit, Federal Rule 26 requires that each party provide all relevant records to the opposing counsel. By destroying records according to a set schedule, your company can appropriately limit the amount of materials it must search through to comply with this law.

Business should also be aware of the documents discarded on a daily basis. This trash often contains information that could be used against the company or worse, private information belong to your clients. Discarded daily records include phone messages, memos, and misprinted forms, drafts of bids and drafts of correspondence.

Crown Shredding and Records Storage can work with you to develop a secure document destruction program that’s best for your business.

707 Avenue K Southwest, Winter Haven, Florida 33880 . . .

WE HAVE A NEW HOME!
707 Avenue K Southwest
Winter Haven, Florida 33880

CROWN SHREDDING is growing!
We are proud to share a few photos of our new facility, with our friends. VIEW PHOTOS . . .

Looking forward to the future, we will begin providing document storage and records management services, along with our current shredding services. We invite you to stop by and take a tour!

We also want to take this time to thank you for being a partner with CROWN SHREDDING. We could not continue to expand our services without your trust and support.

5 ways to protect your phone today . . .

SECURITY TIPS for SMART PHONES

Your smartphone holds all of your personal information and in the wrong hands can cause damages that you may never recover from. Does yours even have the lock activated?

Here are 5 ways to protect your phone today:
Don’t leave your phone unattended.
Install a password on your phone.
Activate tracking and remote wiping.
Be cautious when downloading unknown Apps.
Avoid FREE WI-FI, ask your provider about tethering.

Importance of establishing records retention schedules . . .

A records retention schedule is only as good as the retention program it supports.  Help your clients understand that records retention is an important component of many of the laws with which most corporations must comply.  Sell the program, not the schedule, and you will have dedicated clients . . . READ ARTICLE by Marylee Jacobs

Property Management firm fined $15,000 after Data Breach of laptop containing personal information . . .

The Massachusetts Attorney General announced that a property management firm was fined $15,000 after the theft of a company laptop containing the personal information of over 600 Massachusetts residents.

According to the Massachusetts Attorney General, an employee of the property management company had a laptop containing unencrypted personal information stolen from her car during the night. This incident was found to be in violation of Massachusetts’ Data Breach Regulation.

In addition to paying $15,000 in civil penalties the company must:

• Ensure that personal information is not unnecessarily stored on portable devices;
• Ensure that all personal information stored on portable devices is properly encrypted;
• Ensure that all portable devices containing personal information are stored in a secure location; and
• Effectively train employees on the policies and procedures with respect to maintaining the security of personal information

More than twice as many individuals have been affected by healthcare data breaches in 2013 than in 2012 . . .

So far, more than twice as many individuals have been affected by healthcare data breaches in 2013 than in 2012. And the main reason is a handful of mega-breaches. The very scary part is that three large, highly publicized data breaches have not been tallied yet. If confirmed the tally of individuals affected by breaches could surge by almost a million!  Not yet included on the 2013 list so far are:

Horizon Blue Cross Blue Shield of New Jersey:  This breach included the theft of two unencrypted desktop computers from the company’s headquarters which affected nearly 840,000 individuals.

The University of Washington Medicine:  This breach affected 90,000 patients.

Cottage Health System in California:  This breach affected 32,500 people who had their personal health information exposed on Google due to a business associate whose servers were not appropriately protected.

The key to preventing healthcare data breaches includes conducting a thorough risk analysis to identify security risks; encrypting computing devices, especially mobile devices and minimizing the amount of sensitive data stored on end-user’s devices.

Key steps to preventing healthcare data breaches of all sizes, experts say, include conducting a thorough risk analysis to identify security risks; encrypting computing devices, especially mobile gear; and minimizing the amount of sensitive data stored on end-users’ devices.

Call the IRS and inform them you believe you are a victim of identity theft . . .

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).
Fill out IRS Form 14039 and fax or mail back to IRS.
Contact the Social Security Administration. If you contact them by phone they will tell you to contact the Federal Trade Commission.
Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.
Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report.
Contact one of the three credit bureaus: Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at888-397-3742.
Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history. In my limited experience, Equifax the most helpful; they worked diligently to make sure I was taken care of. The service representative reviewed my credit to see if any fraudulent accounts had been opened. Fortunately I was OK.

Review your credit reports once every couple of months and look for any errors or fraud. All three companies offer a service at varying degrees of cost. Remember you are entitled by law to a free copy of your credit report at least once a year.

Don’t forget to send them a full copy of the police report. They will need this to keep your fraud alert on file for more than 90 days. All three companies are required to pass on your victim statement to the other two bureaus; however it is probably a good idea to call all three after a few days to follow up.