&
Volume 9, Issue 6
November / December 2012
Security Shredding Storage News
Serving the Security Shredding & Paper Recovery Markets Visit us online at www.securityshreddingnews.com
ATTENTION: New HIPAA Rules to Impact Document READERS !
Are you looking for Products, Equipment or Services for your business? If so, please check out these leading companies advertised in this issue: Collection & Storage Containers Big Dog Shred Bins – 10 Bomac Carts – pg 7 Jake, Connor & Crew – pg 5
Destruction Industry By P.J. Heller
Equipment Financing TransLease Inc – pg 12 Lock & Locking Systems Lock America Intl. – pg 10
D
Mobile Truck Shredders Alpine Shredders Ltd – pg 14 Shred-Tech Limited – pg 6 ShredFast – pg 8 Vecoplan LLC – pg 7 Moving Floor System Keith Manufacturing – pg 6 Paper Balers IPS Balers, Inc. – pg 10 Replacement Parts Dun-Rite Tool – pg 12 ShredSupply – pg 9 Stationary Shredders & Grinders Allegheny Shredders – pg 5 Schutte-Buffalo Hammer Mill, LLC – pg 16 UNTHA America – pg 15 Waste commodity purchasers Dan-Mar Components – pg 13
PRSRT STD U.S. Postage
PAID
Mentor, OH PRSRT STD Permit No. 2 U.S. Postage
PAID
Mentor, OH Permit No. 2
ocument destruction companies that handle protected health information for healthcare providers may face greater scrutiny — and hefty mandatory fines — in the coming year as the government steps up enforcement of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA). New rules to be announced soon are expected to make business associates — such as document destruction companies or other service providers — subject to the most substantive provisions of HIPAA, as well as all of its Security Rule, rather than allowing them to rely on their business associate agreements. Also expected are automatic mandatory fines for violations of “willful neglect” by either the healthcare industry or business associates of $10,000 to $50,000 per record, up to a maximum annual cap of $1.5 million. That maximum figure applies only on a per provision basis; violations of separate provisions are capped separately, not cumulatively. A document destruction company involved in a data breach that is subsequently found not to have trained its employees and to not have any written policies in place could be cited for willful neglect. “So whatever the data breach was, the U.S. Department of Health and Human Services (HHS) is going to hold them to the highest standard, the highest level of fines, because they’re finding it inexcusable that any organization touching data would not have written policies in place and employee training in place,” notes Bob Johnson, chief executive officer of NAID (National Association for Information Destruction). Health and Human Services reports that business associates have been responsible for 62 percent of the total number of patient records breached, according the Association of Corporate Counsel, a global bar association.
Another major issue to impact healthcare providers and their business associates will be an audit program anticipated in the coming year. The audits are mandatory under HITECH (the Health Information Technology for Economic and Clinical Health Act). HITECH was passed by Congress as part of the 2009 American Recovery and Reinvestment Act, more commonly known as the “Stimulus Bill.” “Health and Human Services has announced there will be a formal unannounced auditing program of both covered entities and business associates,” Johnson says. Covered entities include healthcare providers, health plans and healthcare clearinghouses. Although it is not known how many resources will be devoted to the audit program, “everybody’s on notice that they’re going to be checked by Health and Human Services at some point or they stand the possibility of it, and you never know where it’s going to come from,” he says. Leon Rodriguez, director of HHS’ Office for Civil Rights, has confirmed that
Continued on page 3
Inside This Issue
4 Using ARMA’s GARP Principles to Create a Compliant Records Management Program
6 Chicago Election Board Confirms 1200 Personnel Files Exposed 10 NAID Acquires Shred School 13 Easing of Medical Record Restrictions Ensures Post-Sandy Patient Care