Author: Crown Information Managment

Due Diligence for Information Management Vendors

Useful Suggestions on How to Identify Quality Vendors

Utilizing third-party assistance for the non-core activities of your business is a common practice. It increases operational efficiencies and reduces the burden on in-house costs and administration. However, selecting the right vendor for your outsourcing requirements is a process in itself. If you wish to create reliable, safe and lasting partnerships, you need to invest substantial time and effort in evaluating the vendors and conducting proper due diligence. After all, you want to bring on board a partner that has strong risk management practices, process integrity and customer-orientation.

It’s Tax Season – Shredding Tips

Know What to Shred and What to Keep

It’s that time of year again! Tax season is upon us. The time of the year when you will pull out confidential papers from files and boxes, exchange sensitive information with your accountants, and eventually file your taxes online. Tax related frauds are the most common form of identity theft. A 2017 Federal Trade Commission (FTC) report indicates that tax-related frauds account for 29.2% of the reported incidents of identity theft.

Data Breaches Can Happen Anywhere

Predictions for 2019 by Information Management Experts in Florida

For many years, your primary information security concern was how to meticulously maintain the original, physical records, and protect them from being lost or stolen. However, today, paper records may be the safest way to protect your records! What presents fraudsters with an exponentially larger potential to amass valuable, sensitive information is your web presence and online activities. In fact, your digital footprint extends far beyond the information that you voluntarily share, post, or store for your personal, social, and professional needs. Imagine how much of your personal and confidential data sits with government authorities, health care providers, educational institutions, tax authorities, banks, credit bureaus, and several others. It is safe to assume that your information is only as secure as the online platform it rests on.

Breach Notification Letter Causes Patient Confidentiality Breach

Aetna settled a lawsuit for $17 million Wednesday over a data breach that happened in the summer of 2017. The privacy of as many as 12,000 people insured by Aetna was compromised in a very low-tech way: The fact that they had been taking HIV drugs was revealed through the clear window of the envelope.

Archival Storage Is Here!

Welcome to our new archival ready, storage area! The photos show the air conditioning and humidity controls being added, as well as the shelving. Our first archival storage clients have already moved into this special area! If you need a safe spot to place your Vital and/or Historical records call us today.We can also accommodate memorabilia, that may be awkward in size or shape. Contact us if you want more information!

Crown Adds a New Automatic Generator!

Hurricane Season is just around the corner! One of Crown’s commitments was to add an automatic generator, in case of power outages. We have accomplished that goal! This automatic generator will be able to keep all our security systems, operation systems, and temperature control, up and running during power outages, without missing a beat!

Breach Reported By Orlando Health, May Involve Pulse Nightclub Victims

A Florida healthcare provider, Orlando Health, is notifying patients impacted by a breach, involving insider record snooping during the treatment period, of patients brought from the Pulse Night Club Incident.

During high-profile emergency situations and other crises, it is a challenge for healthcare organizations to protect the privacy and security of patient information, from inappropriate access, of people who are part of the organizations workforce. Curiosity &snooping seem to be part of human nature. With that said, it is extremely important for healthcare organizations to be diligent in limiting access, monitoring access and providing repercussions for those who don’t follow the rules. In a letter to patients, dated July 12 2016, Orlando Health, which operates several hospitals in central Florida, said: “While conducting patient record access audits, we learned that on June 15, an Orlando Health employee accessed patient records outside of the employee’s current job responsibilities. had no reason to access these records and we believe the employee was viewing these records out of personal curiosity. The employee was sanctioned, per Orlando Health policy.” The letter goes on to state that “the employee could view limited information in electronic medical records, including patient name, date of birth, weight, hospital location, hospital account number, hospital medical record number, date and time of admission, physician and visit reason. The information did not include any other clinical information. The employee did not have access to your full Social Security number or other financial information. The information was not downloaded or printed, and we have no evidence that your information has been used in any way or removed from the hospital.” The letter does not specify that patients affected by the breach were victims of the June 12 Pulse nightclub shooting. Nor does the letter indicate how many patients were impacted by the privacy incident. It was however, reported to WFTV, “that patients receiving the letter, and in some cases phone calls, from Orlando health, were treated for shotgun and other injuries sustained at the attack.”

In a statement, Orlando Health tells Information Security Media Group: “Numerous team members across our system require access to vital records and information in order to provide our patients with the highest levels of care. All team members are made aware, that they too, have a responsibility to maintain our patients’ privacy, and protect their personal information. As a result of this incident, we are re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access. Any instance of team members accessing patient records outside of their current job responsibilities violates our policies, and steps are taken internally to discipline anyone involved. We want to assure our patients that the policies and procedures we have in place protect their information, and we are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us.”

Don’t Assume! Know!

According to a 2016 study published by Blancco Technology Group, out of 200 used computer drives purchased, from eBay and Craigslist, 67 percent of the drives held personally identifiable information and 11 percent contained sensitive corporate data. The only way, to be sure, that your information is gone, is to destroy the hard drive. Crown Information Management can destroy those hard drives for you, providing you with a complete chain of custody.