Over two months ago, the Ontario legislature passed a third reading of the Personal Health Information Protection Act (PHIPA). It resulted in amendments meant to improve the accountability and transparency of the healthcare system, including changes to the penalties for privacy breaches. Anyone working in the healthcare industry would do well by reviewing these revisions, ensuring their method of collecting, storing, and disposing of Personal Health Information (PHI) is within accordance to the amended act.
PHIPA is still a relatively young bill, having only been introduced in May of 2004. Since then, it has regulated the way healthcare workers can collect, use, disclose, and dispose of PHI. Under this bill, PHI means any data as it relates to a patient’s past, current, or future medical files. It’s an umbrella term that encompasses a considerable amount of information. PHI is deemed anything used by a healthcare worker to identify or treat a patient, including family medical histories, prescriptions, hospital records, and lab test results.
The original bill outlined clear strategies on how to collect and record PHI. Physical files should be locked in filing cabinets in rooms with restricted access, while digital records should be protected by passwords, encryption, and firewalls. Only those who have been properly trained and authorized to handle these documents should have access to the rooms and computers used to store them. Once obsolete, these records follow similarly controlled methods of disposal. In order to protect outdated and unnecessary PHI, PHIPA requires the complete and utter destruction of both physical and digital copies.
These basic features of PHIPA have not changed in the latest reading, but the minor modifications have improved the transparency of the bill in hopes of strengthening patient privacy. Firstly, it’s now mandatory for healthcare organizations to report any breaches of privacy to the Information and Privacy Commissioner. Changes also include removing time restrictions on prosecutions, eliminating the need to start prosecutions within 6 months of the breach. Perhaps the most important amendment – from healthcare professionals’ perspectives – is the increase in fines for those individuals and organizations found guilty of breaking PHIPA. Nearly doubling in amount, these penalties can range from $50,000 – $100,000 for individuals and $250,000 – $500,000 for organizations or businesses.
It would be a shame to be fined half a million dollars over something so easily preventable. Employee screening and training is a critical step in safeguarding the chain of custody and shouldn’t be overlooked. Neither should mobile shredding services. Simply by scheduling regular pickups of paper medical files and obsolete electronics, the healthcare industry can avoid disposing of PHI incorrectly, saving themselves from prosecution and hefty fines.
Our shredding services are performed by highly vetted individuals, who follow NAID-certified processes to ensure security at every stage. From collection to destruction and finally recycling, the documents and devices are properly secured until our shredding representatives can provide twin guarantees of destruction and recycling.
PHIPA applies to far more professionals than just healthcare providers like doctors and nurses. Anyone working within the industry must abide by this law, including freelance caregivers, pharmacists, lab technicians, paramedics, physiotherapists, naturopaths, and mental health care workers. That’s a huge range of professionals who need help ensuring they stay within the letter of the law. Whether you’re a self-employed massage therapist or a director of a medical laboratory, your business needs professional shredding services. Luckily for you, we service the entire healthcare industry with dependable shredding, and you need only call or send off a request form to schedule your first appointment.
July 25th, 2016
We all know fast food isn’t good for us, but now we have an entirely new reason to second guess a trip through the drive-thru. Earlier this year the hamburger chain, Wendy’s, reported what they’re calling ‘unusual activity’ on credit cards used at their restaurants located in the US. Now, several months onwards, the security firm hired to investigate the claims have come up with some answers – but not nearly enough.
The slow process is partly due to the fact that many of the restaurants are owned by independent franchisees. Wendy’s is America’s 5th largest fast food restaurant in terms of sales, and it has approximately 5,800 franchise locations across North America. According to their investigation, fewer than 300 of those restaurants were targeted in a malware attack that compromised the point of sale (POS) system. The breach started sometime late last year, and some financial institutions have recorded continued fraud reports on affected accounts as late as April of 2016.
Though no reports of how many customers affected by the breach have been published, Wendy’s confirms the malware has been disabled and removed from the corrupted POS. They are currently working with its security firm, federal law enforcement, and credit card companies in order to locate the source of the malware and complete their investigation.
If it concludes anything like Target’s credit card breach, then Wendy’s could be looking at a hefty fine in reparations totalling somewhere in the millions. Recall American Thanksgiving of 2013, when malware was installed in Target’s POS and stole 40 million payment card numbers and 70 million customer records that included contact details. Since then the company has been sentenced to repay $19 million to banks.
Many of us think nothing of heading out for lunch and tapping our credit cards to pay for our meal. Unfortunately, attacks targeting large-chain businesses are on the rise. While there’s no way of knowing which company’s POS is infected before you visit, there are ways of mitigating – if not preventing – the effects of identity fraud. You should be aware of any of the accounts under your name, especially the ones you use on a daily basis at places like fast food restaurants or department stores. When you keep an eye on the transactions of these accounts, you can quickly identity fraudulent charges and alert your bank of any unusual activity before it gets too serious.
Another way to protect yourself from possible attacks is by limiting the access you allow to your personal information – both digitally and physically. For many of us, the Internet has replaced a lot of services that, in the past, we would have obtained in-person at a brick and mortar store or organization. Though it’s made life easier now that we can do everything from banking or ordering food online, it’s also made it more difficult to safeguard our personal information. Be aware of the websites that you frequent and only share your contact and financial information to trusted services with verified sites and advanced firewalls.
For those services with enduring physical copies of your transactions – things like taxes, utility bills, and any other receipt or piece of mail that contains account numbers and contact details – you should be equally vigilant. Store those records that you need to keep in a safe place within your home and don’t just throw away those documents you want to get rid of. Any piece of paper with your personal information on it should be properly disposed of through our secured mobile shredding service. Our mobile shredding trucks will incinerate these papers so that any information is impossible to recover.
We like to think of our shredding service as a part of any healthy information diet. We can’t help but visit the Wendy’s of the world every once in a while, but if you take the appropriate steps to protecting your identity’s health, these fast food trips won’t cause any undue harm. Stay on top of your transactions and make sure to call us to schedule your document shredding appointment today.
July 12th, 2016
You don’t have to be in the legal field to appreciate the need for a secure chain of custody. The way you and your business obtains, records, shares, and disposes of paper and electronic documents is important, regardless of your industry. Implementing fortified policies that secure physical and digital data is one of the best measures you can take to prevent fraud, but it isn’t the only way to protect your confidential material. A sound network security deters hackers from preying on your organization, but it does nothing to prevent something as simple as human error from threatening your company.
You can have the most sophisticated system put in place to safeguard your files, but they’re only effective when all of your employees can follow them. A simple mistake, whether through malice or ignorance, can negate the intricate physical and technological securities you have. You may have the utmost faith in your employees, but employee negligence is the one of the number one causes of fraud. According to the Ponemon Institute, over 80% of all corporate data breaches were due to human error. A fact confirmed by the Identity Theft Resource Centre (ITRC) and the Privacy Rights Clearinghouse, both of which presented similar findings through independent studies. All it takes is an accidental email, a misplaced company phone, or mishandled files, and all of your elaborate precautions can be for naught.
When people are the weakest link in your chain of custody, it’s important that you invest in regular training. A one-time afternoon spent going over policies and procedures isn’t enough; people will eventually forget one or all of the steps involved in securing data and they’ll jeopardize the company when they do.
Next to education, limiting access to confidential material to top personnel only is another way you can secure the lines of information. Minimize contact by handing over the destruction of sensitive paper and digital files to a service that specializes in safe methods of removal.
As a NAID certified shredding service, we’re well-informed of the best ways to dispose of vulnerable material. We supply your office with locked containers to collect the paper and electronics that you need destroyed. These sealed bins, boxes, or bags can’t be accessed by anyone but our bonded, insured, and uniformed personnel, thus reducing the number of people who have the ability to read or retrieve any discarded information. Once these containers are full, our shredding experts will come to you, and they’ll shred your collected material on-site – after which they’ll deliver the destroyed contents to a secured recycling facility. There are no intermediaries or other employees involved in any of these steps; just our small group of dependable representatives.
When you limit the number of people who have access to important information, you’re strengthening the security policies that you put in place. Consider the lengthy chain of custody you currently have. If it involves far too many employees, give us a call. We can set up a regular pick-up for shredding according to your schedule. Whether that’s weekly, monthly, or something other arrangement, we’ll find a schedule that fits with your needs. You only have to pick up the phone!
June 21st, 2016
Funny how you don’t know how much stuff you own until you try to pack it all up. It may not look like a lot spread throughout your home, but as soon as you start gathering it up in boxes, your belongings can seem like they triple. Closest are full to bursting; the spaces under beds are packed; your home office is more paper than furniture. Before you know it, what was supposed to be a quick job turns into a gigantic responsibility. While we might not be able to help you navigate your couch down the stairs and into your moving van, we can assist your move in another way. We can dispose of your papers and electronics to reduce the amount of stuff you have to move.
Purging before a move isn’t news. Moving experts have always advised moving homeowners to carefully go through their stuff before they pack it all up. They suggest sorting your belongings into three piles: keep, discard, and sell or donate. As the foremost security experts in the GTA, we’d like to make an addendum by adding one final category: the shred pile. A lot of the paper and old electronics we keep in our homes contain very important personal data that shouldn’t go into your garbage or recycling bins. By placing these items in the trash, you run the risk of exposing confidential passwords, account numbers, and contact information.
For most people, the biggest collection of paper is in their office. It’s a place where we stash any number of invoices, bills, financial statements, receipts, contracts, and other important data. In the interest of keeping them for ‘just in case’ purposes, these rooms become home to towering piles of paper where desk drawers and filing cabinets are teeming with documents you might not need. Before you know it, the mess can spread to your spare room, garage, or basement.
You could pack all of this up into banker’s boxes and transport the mess from one home to the next, or you can take a proactive step to keep your new house clutter free – and your move a little less painful. Our shredding services can be booked for one-time purges for exactly this reason. All of our shredding is done on-site by fully bonded, insured, and uniformed personnel. If you need time to sort through your various papers before we arrive, we can also provide you with complimentary boxes or bags to help contain the mess.
We also have secure electronic data destruction that you can schedule alongside your paper pickup. Our powerful mobile shredders are strong enough to destroy old hard drives, computers, CD-ROMs, and other various devices. If your basement is a burial ground for obsolete computers, dusty keyboards, and other electronic leftovers from yesteryear, don’t pack these up for your next home. Get them shredded by the experts.
Moving is stressful. It’s considered to be the most anxious life event, preceded only by death and divorce. Why make yours any harder than it has to be by having to pack more than you should — or worse, risking identity theft by throwing out what you shouldn’t. Lighten the load of your move by scheduling a one-time purge with our professional team. Together, we can make your move a little simpler and lot more secure.
June 15th, 2016
We’re strong advocates for the environment. Next to your information’s security, it’s our primary concern, and we’ve built a business around how we can make responsible, green choices in our day-to-day operations. We aren’t the only ones. Large sectors of the corporate world are adopting eco-friendly strategies to create sustainable businesses, including many of the corporations that call the GTA home. Going green at the office (or anywhere else you call work) is a simple yet effective way of making a difference. And it’s easy, too! By making tiny adjustments to your routine, you can create an efficient office that’s environmentally friendly, economical, and secure.
If this is your first foray into green business practices, the road ahead of you can be daunting. It’s especially discouraging when you read about huge corporations making complex renovations to their operations and buildings. Some, like Patagonia, the outdoor equipment clothing company, were founded on these principles, while others, like Bank of America, have adopted policy changes only recently in order to improve their levels of sustainability. While your commitment may rival these and and other eco-friendly business, you budget may not.
Luckily, making green choices doesn’t have to come with a huge price tag. In fact, by adopting sustainable business practices, you’ll save money in the long run. And you won’t be alone making these changeovers. Both the federal and provincial governments provide financial assistance to those businesses that retrofit their offices with energy efficient fixtures and appliances. You can go online to see which tax incentives, rebates, and even loans are available for your green overhaul. For those looking to reduce their use of water, the Government of Ontario provides incentives to help offset the cost of installing efficient drainage systems. For those looking to update their electronics, the Government of Canada offers the Power Saving Blitz program.
There are also tax breaks and rebates that can be used to make smaller changes in the office. With the government’s help, you can convert wasteful light sources to energy efficient compact fluorescent lights (CFL) or light-emitting diode (LED) lighting. It’s as simple as unscrewing one bulb for another. With a little more work, you can install occupancy sensors onto every light switch. This feature will automatically turn off the light source when it can’t detect movement in the room. With these set up, never again will you accidentally leave the lights on over the weekend.
A truly paperless society may be a ways off, but we can get closer to the ideal with the choices we make today. Count down on needless waste by adjusting your company’s platform so that it uses digital records and communications instead of their wasteful paper counterparts. Attachments and memos can be distributed with only a click of a button, making it easier to share ideas between colleagues.
For those documents that must have a physical copy, be sure to use post-consumer waste (PCW) products and packaging. These paper products are manufactured using recycled material that would otherwise be sent to a landfill, which reduces our reliance on newly felled trees in order to create paper. Be wary of how you dispose of these documents when you’re done, too. Most companies now know not to throw the majority of their paper in garbage bins. We’re huge proponents of the 3Rs, and you can never have too many recycling bins in the office and common areas of your organization.
In addition to our shredding service, we provide recycling receptacles for the various businesses that operate in the GTA. From locked bins and consoles to canvas bags and tent cards, we have a variety of containers to store ‘to be recycled’ material. All of our receptacles have been especially designed to store confidential material, so you can feel good about recycling even the most classified financial statements or client records. These containers remain locked until we pick them and shred their contents. We then transport the destroyed material to a secure recycling facility.
Together, we can make a big impact on the environment. For every metric tonne of paper that is shredded and then recycled, 17 trees, over 26,000 litres of water, and 4100khW are saved. As you search tax incentives to retrofit your office, don’t forget to give us a call. Our commercial shredding services can help you make the change to a greener business. These simple changes to your corporate routine can reduce waste, improve energy efficiency, and decrease your negative eco-footprint.
June 10th, 2016
Cybersecurity is an ever-changing landscape. As legitimate businesses reinforce defences with more effective security, cybercriminals craft an improved offence with more aggressive attacks. As the two sides parry back and forth, the nature of electronic threats will evolve. It should come as no surprise to learn that, in addition to the age-old phishing scams and Trojan horses, the arsenal of the average cybercriminals has expanded to include something called ransomware.
Ransomware is a different kind of malware from phishing. Whereas phishing relies on tricking the targeted individual into releasing their confidential information, ransomware doesn’t attempt to steal this information. Instead, its software prevents an individual from accessing their files by unleashing an encryption virus that locks some or all of their data. Rather than collecting this information to defraud money from the unsuspecting user, ransomware restricts access. They use such an complicated encryption that it’s impossible to decrypt without an ecryption key – which cybercriminals using this software will provide for a price.
The number of ransomware attacks has increased over the past three years, with highly successful trojans like CryptoLocker, TorrentLocker, and Cryptowall. According to Intel Security Group (which was previously known as McAfee) the number of ransomware attacks in 2013 more than doubled than those that transpired in 2012. Since then, Symantec has reported a 35% increase in ransomware, affecting not just desktop and laptops but expanding to target smartphones, tablets, and Apple products.
If you or one of your employees have been victim of a ransomware attack, you have two options. Unfortunately, neither of them is in your best interest. Since the encryption on this kind of malware is so advanced, there’s no way to decrypt them. The FBI has officially stated that the only way to get your files back is by paying the ransom. The price of your data will vary depending on your industry and nature of your information, but you can expect to pay anywhere from $200 and $10,000. That can be a bitter pill to swallow; however, so is the alternative. If you can’t pay up, the affected computer is out of commission. You’ll have to replace the device and start from scratch in terms of files.
The latter may end up costing you more time and money than the ransom fee, but there’s no way of knowing these criminals will release your information once their ransom is met. There’s no ‘right’ way to how to handle these attacks. The better alternative is to invest in the appropriate preventative measures so that your business’ electronics are never seized by this newer malware. Training is absolutely essential. Your employees won’t know how to avoid ransomware if they don’t know what it is. Make sure they know how to identify what a ransomware email looks like, and reiterate your policy on downloading files and other attachments.
As you update your staff’s training, take this as an opportunity to evaluate the state of your business’ overall cyber security. It’s important that, in protecting yourself against newer threats, you don’t forget about old ones. When you’re ready to throw out old hard drives and computers, remember that they’re still vulnerable to attack. Thieves can find them and reveal hidden files, even if you had wiped your electronic clean. Before you throw anything out, make sure to call us. We can destroy any device so effectively that there’s no possible way to reconstruct the electronic.
The rate of ransomware may be skyrocketing, but as long as you take the appropriate measures to educate your staff and protect your tech, you won’t have anything to worry about.
May 17th, 2016