Shredding to Avoid Expensive Government Fines

With all the talk about the new healthcare law and, hopefully, the millions of people who will now have health coverage who didn’t before, it seems like a good time to remind healthcare providers and patients about the laws regarding “Protected Health Information (PHI)”.

The laws regulating the secure storage and disposal of PHI are becoming more and more well known.  HITECH and HIPPA were put in place to ensure patient information is protected as the industry makes strides towards more easily accessed health information for providers.

The laws require that all personnel handling the disposal of protected health information (PHI) be properly trained in the process. No PHI document is to be dumped into public waste management facilities. All PHI paper materials are to be destroyed by: shredding, burning, or pulping. Prescription bottles with patient information are to be stored in opaque bags and destroyed properly by a disposal vendor. Any digital information is to be cleared or purged from the system.

These laws have been put into place to ensure everyone’s safety. It is extremely important that these guidelines are followed meticulously. Providing the best care for patients requires diligence in keeping their sensitive information safe.

Non-compliance is not only irresponsible to patients—it is EXPENSIVE.  Penalties upwards of $250,000 can be fined for “willful neglect”. It is the hope of the government that a safer environment will be created for patients.

For more information or assistance in shredding sensitive information, visit www.hvshred.com

FTC Advice for Target Department Store Victims

Borrowing again from the FTC’s valuable resources, this information is key for any potential victim of the recent breach at Target Stores.  By its own admission, Target announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and three digit security code CVV1 (a security code stored on your card’s magnetic stripe).

In light of this announcement, the FTC recommends:

*If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.

*Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report. For information about how to correct errors in your report, visit ftc.gov/freereports.

To file a complaint, visit ftc.gov/complaint.  For information about identity theft, visit ftc.gov/idtheft.

For more information on identity theft best practices, please visit www.hvshred.com

More on Tax Identity Theft Awareness

Following up on last week’s blog announcing the FTC’s Tax Identity Theft Awareness Week, here is a review of steps to take if you have the unfortunate experience of falling victim.

If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.

A first step is to contact the IRS and report the fraud to the IRS

Send a copy of your police report or an IRS ID Theft Affidavit Form 14039 and proof of
your identity, such as a copy of your Social Security card, driver’s license or passport.

Update your files being sure to record the dates you made calls or sent letters. Keep copies of letters in your files.

To limit further damage, once you’ve contacted the IRS, you should also consider putting a fraud alert on your credit reports and ordering fresh copies of your credit reports for review.

For more information on best practices regarding identity theft protection, please visit www.hvshred.com

Tune in January 13-17 for Tax Identity Theft Awareness Week

The FTC (the government office tasked with identity theft related issues) recently announced January 13-17 as Tax Identity Theft Awareness Week.

What follows is excerpted from the FTC’s recent blog.

“The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN, however, the IRS doesn’t start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.
If someone uses your SSN to file for your tax refund before you file, they may get your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.
If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you won’t include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you got wages but didn’t report them. The IRS doesn’t know those wages were reported by an employer you don’t know.
If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.”

For more on identity theft prevention, please visit www.hvshred.com

Cyber Monday Best Practices

Thanksgiving is in the rear view mirror and that means the holiday shopping season is now at full steam ahead.

As we have noted in the past in this blog, we have found the FTC (the government office charged with dealing with Identity theft issues) to be a useful resource. What follows is the tips recently posted for best practices for on-line shopping.
With the on-line holiday shopping season heating up with “Cyber Monday”, please review these tips before “heading to the stores”

• Read reviews. Type the name of the product or company into a search engine along with words like “review,” “complaint,” or “scam.” Be sure to read a few reviews — don’t rely on just one source.
• Look for coupon codes. Search the store’s name with terms like “coupons,” “discounts,” or “free shipping.”
• Know the terms. Find out what the refund/exchange policies are, and if there are any charges (like shipping costs or restocking fees) if you return a product.
• Pay by credit card. Credit cards give you protections that other methods of payment may not. If there’s a problem, you have the right to dispute charges and temporarily withhold payment while your dispute is investigated.
• Use secure checkout. Before you enter your credit card information online, check that the website address starts with “https”. The “s” stands for secure. If you don’t see the “s,” don’t enter your information.

For more helpful tips for best practices related to identity theft protection, please visit www.hvshred.com

Bringing Efficiency to 2014 Document Storage

As we dig into the meat of the final quarter of 2013, we suggest businesses take a serious look at their current document filing practices.  Many companies keep on storing more documents year after year because they have no idea when they are supposed to get rid of them.  By default, they typically remain in a heap in the back corner of the most distant warehouse, tucked away in a basement or attic, or out of sight out of mind at an expensive storage facility.  No matter what, the paperwork is eating up valuable resources that should be put to better uses.  For companies that have been in operation for many years, this can become a considerable burden—especially if management has been purchasing expensive filing cabinets to store the old records or paying rent at a storage facility.

We suggest management work with the company’s CPA’s and lawyers to construct a document-destruction policy. The policy should take into account the document retention requirements of all federal, state, and local regulatory agencies, always adopting the longest required retention periods.

The next step is to eliminate all items for which there is no legal reason to keep.  Bringing in an on-site shredding service provides the assurance of witnessing the proper disposal as well as the benefit of the certificate of destruction to demonstrate due diligence with respect to the law.  In addition to seeing significant savings in storage space and efficiency, companies can also feel good about the fact that the shredded paper will be recycled.

For more information on on-site document destruction, please visit www.hvshred.com

Scam Come True

Most of us have experienced the scam email from the friend/relative overseas in desperate need of money fast.  In a strange but true experience, our family at HV Shred got the phone call.  In textbook fashion, the scammers targeted a most vulnerable population–senior citizens.  Seniors are most likely to be home to get these calls as well as perhaps not fully mentally present to think clearly and hang up.  Fortunately, the seniors in our situation are still “with it”–instead of a sad story of lost money, we have a funny–“Can you believe that actually happened to us?” story.

On a typical run of the mill morning, Grandma got a phone call from her supposed grandson traveling in Peru.  The supposed grandson had a cold (explaining why his voice may seem different) and really needed Grandma’s help to bail him out of a situation where he’d been detained by local authorities.  The scam was quickly squashed when Grandpa grabbed the phone and asked “What is your last name?”-the response to which was a dial tone.

The moral of the story is–these scams are actually happening.  Please educate all loved ones to be wary.  Under no circumstances should anyone share personally identifying information over the phone or in an email when the communication is initiated by the requesting party.  Hang up the phone! Delete the email!  Keep on guard!  It happens, but let’s make sure it doesn’t happen to us!

For more on best practices for identity theft prevention, please visit www.hvshred.com

Deter, Detect, Defend against CryptoLocker Ransomware

One of the blogs we monitor to keep our community aware of the latest scams is the Internet Crime Complaint Center.  A recent posting on that site focused on “CryptoLocker Ransomware”.  According to the FBI, CryptoLocker is a file encrypting Ransomware.  Businesses receive an email with alleged customer complaints and contains an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader than downloads and installs the actual CryptoLocker malware.

The wording in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files victims need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300.00 to be paid in order to decrypt the files.

According to the post, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, victims need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.

As with any virus or malware, the way to avoid it is with safe browsing and email habits. Specifically, in this case, be wary of email from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected email from postal/package services and dispute notifications.

If you have been a victim of an internet scam, please file a complaint at www.ic3.gov.

For more on best practices to steer clear of identity theft and related scams, please visit www.hvshred.com

Another IRS Centered Scam

At HV Shred, one of our goals with this Blog is to keep our community informed of the latest scams.  Last month, the FBI reported that it was continuing to receive reports of spam e-mails that use FBI officials’ names and titles in online fraud schemes. Although there are different variations of these schemes, recipients are typically notified they have received a large sum of money. The latest round of e-mails uses the name of new FBI Director James B. Comey.

Some of the e-mails reported to the Internet Crime Complaint Center continue to use the alleged “Anti Terrorist & Monetary Crimes Division” of the FBI. All e-mails encourage the recipient to send money for various reasons.

Do not respond. These e-mails are a hoax.

As a best practice, neither government agencies nor government officials send unsolicited e-mail to members of the public. United States government agencies use the legal process to contact individuals.

The public should not respond to any unsolicited e-mails or click on embedded links in these messages because they may contain viruses or malicious software.

If you have received a message that purports to be from the FBI, disregard its instructions and file a complaint at www.IC3.gov

For more information on best practices to stay safe from Identity Theft, please visit www.hvshred.com

Chamber Provides Last Chance to Recycle TV’s for Free

Note: Next Friday, November 1st and Saturday, November 2nd may be the last time locals in the Hudson River Valley can recycle their CRT containing devices (televisions and computer monitors) for free!!!

Regulars to this blog know beyond best practices in document security we also aim to be a resource for electronics recycling.  We have helped coordinate electronic waste recycling days and will continue to do so.

There is a major change in the program that we need to bring to the public’s attention.  In a recent message from the eWASTE Alliance Network, as of November 1st, many recyclers will be imposing a fee to dispose of Cathode Ray containing devices—televisions and computer monitors.

Some background:  Since the passage of the New York State Electronics Recycling & Reuse Act (regulated by the NYS DEC), manufacturers of Covered Electronic Equipment (CEE) are obligated to provide free and convenient recycling of CEE for NYS consumers. This law is one of 24 state-run Extended Producer Responsibility (EPR) Laws which exist across the United States.

Because consumers can now “recycle for free” in these states, the volume of material in the marketplace, specifically “Cathode Ray Tube” (CRT) TV’s and Monitors has risen dramatically. The costs to collect and recycle are significant, and recyclers are not compensated nearly enough to cover all the costs resulting from safe reliable collection and recycling services.  Recyclers will still maintain FREE collection of all New York State Covered Electronics EXCEPT CRT-containing devices.

In the meantime, the Alliance has expressed hope that the NYS DEC and the manufacturers of the covered electronic equipment will come together to work closer with recyclers and other stakeholders to develop a more sustainable program.

Please take advantage of the Dutchess Chamber’s E-Recycling event to get rid of your e-waste—and the last opportunity for the foreseeable future to get your televisions and computer monitors recycled at no cost to you!

More details at www.hvshred.com