Printer-friendly format

March 24, 2008
“According to a statement issued by the National Heart , Lung, and Blood Institute (NHLBI), a notebook was lifted from the locked trunk of an employee.
The good news, as is so often the case, is that the theft appears to be random. That is, the thieves seem to have gone for the hardware, and not for the data it holds. It doesn’t appear as if any financial information was stolen, or data that could directly lead to identity theft, such as Social Security numbers or credit card data. What is definitely missing are the health records of roughly 2,500 hundred participants in a cardiac MRI study conducted between 2001 and 2007. The records included name, date of birth, medical record numbers, and MRI data.”
— George Hulme The Information Week

April 8, 2008
The University of Miami disclosed on Friday that one of it storage vendors lost a number of back-up tapes containing the personal information of more than 2.1 million patients. The University located in Coral Gables, l. said in a news release that the data includes names, social security numbers, addresses and health information for patients of University of Miami physicians or anyone who visited a university health facility since January 1, 1999.”
— Dan Kaplan- SC Magazine

June 11, 2008
“Authorities say 2.2 million records filled with personal information were stolen from a couriers personal vehicle earlier this month form the University of Utah Hospital & clinics. This puts the private data of patients for the last 16 years at risk. In the stolen information ore than 1.3 million social security numbers were compromised”
— Minneapolis Star Tribune



Three months, Three security breaches, over 4.3 million people affected. ALL AVOIDABLE!
Responsibility is a very grown-up word. Saying it does not make it so. Acting on it does. I’m not trying to make anyone feel guilty, I’m trying to save you millions of dollars and your reputation. Let’s examine the first case where the records were stored on a lap top computer and the computer was locked in the trunk of a car. It seems harmless enough. You can’t stop a thief from breaking into your car and stealing items. My question is this. What was that information doing on a lap top, out of the environment it was to be used in? No-one and I mean no-one should be allow to transport data of a proprietary nature on their lap top. I don’t care if it’s encrypted or not. Information is worth money and if a thief didn’t know it before, he sure knows it now.

Here’s my point: There should be a protocol set in place for all record removal! Every practice needs to evaluate the risks of taking information away from the original collection point. If the information must be relocated, then there should be a procedure in place to do so as securely as possible.

Let’s move on to article two and three. This time we have the data stolen from a secure vendor who is suppose to take responsibility for your data and transport and store it. You’ve done your job, you’ve hired a company to take over the responsibility for you. WRONG! Your responsibility continues in the selection of your vendor and the monitoring of their protocol. Do your homework! Does the person who picks up your data drive a company owned vehicle, with radio system or telephone call in system? Can your vendor tell you where your information is when it leaves your office and it’s on route to the storage facility? Do they have a system of checks and balances in place if there is an accident or the vehicle breaks down? You need to ask the right questions! NEVER ASSUME! It’s your reputation on the line.

I’d like to leave you with this final thought. HIPPA has been in place now for twelve years. It’s time to take responsibility for your practice and all proprietary information associated with. Cover your assets for the long term. Don’t penny pinch when it comes to security. When comparing vendors don’t base your decisions on just the bottom line. I’m sure all of you have heard the saying “You get what you pay for.” It never rings more true than in the case of managing the transportation,storage and destruction of your companies information. If you don’t believe me, ask the 4.3 million people mentioned in these articles, who have been put at risk.

For questions you may reach Marylee at 407 453 1261 or Marylee@crownshredding.com
Marylee Jacobs, Crown Shredding


Marylee Jacobs is the Orlando Metro Area Sales Manager for Crown Shredding. She has over twenty years of leadership experience in business development and marketing. She is known for her rare blend of creative and operational strengths.

She is a member of The Association for Information Management Professionals and the Central Florida Medical Group Managers. Her past successes include her 10 years with Silver Stage Productions Inc. as the Executive Director, where she received several awards including Performance Magazine’s Best Live Stage Show.
Marylee has an undergraduate degree in Business Administration and her graduate degree in Marketing. She is currently and active member of the Orlando Chamber of Commerce and the South Lake County Chamber of Commerce. Marylee currently resides with her husband in Clermont, Florida.



www.crownshredding.com




July 2008


Click here for a PDF of this article

Tags:

None

Login and voice your opinion!