Security & Compliance

Security & Compliance

Risk Mitigation

Patriot Shredding is NAID AAA Certified and adheres to all compliance laws and regulations as they pertain to protected health information (PHI) and personally identifiable information (PII). The NAID program establishes standards for a secure destruction process including operational security, employee hiring and screening, the destruction process, and responsible disposal. Our certification is testament to our operating strengths and validates our commitment to protecting our clients against data security exposures.

Laws & Regulations

A large number of local, state, and federal regulations require businesses to protect sensitive and proprietary client records and stored information. Our expertise allows us to mitigate the associated risks. We are fully compliant with all state and federal data protection laws so you never have to worry about a breach of patient or customer information.

HIPAA
Health Insurance Portability & Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to protect against abuse and fraud within the health insurance industry. According to this Act, all healthcare organizations in the United States must “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” This includes information that relates “to the past, present, or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of healthcare.”

HIPAA was put into place to protect the information, whether medical or financial, of patients that is involved in some sort of health-related practice. This includes insurance companies, chiropractors, hospitals, psychologists, psychiatrists, therapists, billing centers, medical centers, doctors, dentists, and any other individual or institution that handles health-related personal information.

For more information on the Health Insurance Portability and Accountability Act (HIPAA), visit: http://www.hhs.gov/ocr/hipaa/

HITECH
Health Information Technology For Economical & Clinical Health

The Health Information Technology for Economic and Clinical Health (HITECH) Act was put in place in September 2009 that required anybody under the Health Insurance Portability and Accountability Act (HIPAA) or their business associates to provide report in the case of any breaches of “unsecured protected health information” (PHI).

HITECH requires that “a covered entity must notify each individual whose unsecured PHI has been believed to have been accessed, acquired, used or disclosed as a result of a breach.” If the breach is to include more than 500 residents of a state the “covered entity” must notify Healthcare Security Services (HSS) and the media. Additionally, if a business associate (service provider or third-party administrators) requires access to unsecure PHI’s then they are also required to notify the covered entities of breach that occurred while in their possession.

FACTA
The Fair and Accurate Credit Transactions Act

The Fair and Accurate Credit Transactions Act (FACTA) was put into place to protect and penalize from identity theft and consumer fraud. This federal legislation is administered by the Federal Trade Commission (FTC) who put in place the FACTA Disposal Rule “which puts in place requirements for proper document disposal and destruction, and recognizes the problems that can and do arise when private information is disposed of in an irresponsible manner.”

Private information, under FACTA, means “all personal identifying materials which extend beyond just a person’s name”, including: social security number, driver’s license number, phone number or e-mail address, and physical address

In order to adhere to the FACTA Disposal Rule, businesses and individuals need to ensure that information is not vulnerable to theft or fraud by taking “reasonable measure”; such as burning, pulverizing, or shredding, to securely destroy and dispose of private information. Failure to abide by FACTA can result in stiff penalties or even legal action from the victim or federal and state authorities.

GLBA
The Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) (also known as the Financial Services Modernization Act) was enacted to “to protect private consumer information held by financial institutions.” The GLBA also “requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties.” It also requires that financial organizations must have a written, comprehensive security of information program in place. The GLBA applies to most businesses within the United States that are involved in the financial services industry.

We "Insure" You're Secure!

We are the only shredding company in our market to qualify for Downstream Data Coverage, a professional liability insurance specifically covering our clients from data breach exposure.

  • Google
  • Facebook
  • Yelp
5/5
5/5
5/5

Resources