Peace of Mind- Shred Shop adds layer of security with HIPAA certification
Medical identity theft is the nation’s fastest-growing form of identity theft, with about 2.3 million cases in 2014 alone, according to Consumer Reports. If an individual’s health insurance is used by someone else for doctor visits, procedures, or procuring medications and devices, the ramifications can be costly and can destroy the victim’s credit. The patient can also be denied coverage if caps are reached, for example.
The Federal Trade Commission recommends consumers keep paper and electronic copies of their medical and health insurance records in a safe place and shred outdated health insurance forms, prescriptions and physician statements.
Donna Brown, office manager at the Shred Shop of Memphis, specializes in deconstructing hard drives and other devices with sensitive information. The Shred Shop offers secure file storage and shredding services for corporate and personal clients and is a certified woman-owned small business. (Daily News/Houston Cofield)
Many individuals and health care providers alike look to document destruction and secure storage professionals like Shred Shop of Memphis, 318 Collins St., for peace of mind.
Brenda Alan Huff, owner of Shred Shop of Memphis. The Shred Shop offers corporate and personal secure file storage and shredding and is a certified woman-owned small business. (Daily News/Houston Cofield)
Other industries that use Shred Shop to manage confidential information include law firms, accounting firms, government agencies, schools and small businesses. Customers can watch while their documents are weighed, shredded and baled for recycling.
“We try to fill a niche that the larger companies can’t do mainly because of their size,” said Brenda Allen Huff, who founded Shred Shop, an independent and certified woman-owned business, in the fall of 2005. “It’s very hard to take care of residential and the really small jobs. It’s just not cost effective for their big trucks and all. But we have done a six-pound pickup and we’ve done a 41,000-pound pickup.”
Huff said customers appreciate watching the destruction process, but with medical identity theft on the rise, she wanted to go the extra mile for her clientele in the local health care industry. This meant becoming formally compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which provides data privacy and security provisions to safeguard medical information.
“I decided it was time we get the formal certification,” Huff said. “It wasn’t that we weren’t as careful as we could be before, but this allowed us the formal training – that extra layer of security.”
Shred Shop is a member of National Association for Information Destruction (NAID). Through her contacts there, Huff became aware of Tom Dumez of Prime Compliance – also known as “The HIPAA Man.”
Michigan-based Dumez is a certified security compliance specialist who provides consulting services to information destruction companies and their clients to help them in matters of HIPAA compliance. He usually trains companies larger than Shred Shop.
Huff was unable to locate a local trainer. Dumez’s services came with a sizeable price tag and required her to fly him from Michigan to Memphis, but Huff believed the HIPAA compliance training and certification would be beneficial for her many health care industry clients.
The Shred Shop of Memphis specializes in deconstructing hard drives and other devices containing sensitive information. (Daily News/Houston Cofield)
“It was quite a bit of money to have him come, but I think it was well worth it,” she said of Dumez, who provided a risk assessment and made suggestions for improvements to protect sensitive client information. Those suggestions include limiting exposure and fine-tuning chain-of-custody procedures.
“We’re taking anything he says seriously and trying to make those changes to reduce any risk of anything going wrong,” Huff said. “He provided the policies and procedures and he’s there – available to us to answer any questions throughout the year.”
Kelly Dobbins, president at Mid-South Drug Testing Inc., 950 Mount Moriah Road, said her company is required to store background checks for at least seven years. She relies on Shred Shop for its secure storage services and its hard drive removal and destruction services – a recent addition.
“A lot of people don’t think about their hard drives and the fact that they shouldn’t be giving their computers away to anyone unless you’ve removed that hard drive,” Huff said. “You could have all of your medical information on there, too, so it’s a dangerous thing to let a hard drive get out without being destroyed. People can make a lot of money off medical records. We’re trying to make it easier and cost effective for people to destroy that information, too.”
Dobbins, who has known Huff for about a decade, said that, as a small business owner, she prefers doing business with other local small business owners and she’s been pleased with Shred Shop’s services.
“Our documents at Mid-South Drug Testing contain confidential information,” Dobbins said. “We don’t want anyone to have access to our records, and being HIPAA compliant means the Shred Shop has taken yet another step in security. They will also be able to destroy files and hard drives in a manner that is complaint with HIPAA.”