Bins4 Shredding is pleased to present another in a series of guest blogs by shredding industry experts. This article, on compliance, is provided by Tom Dumez.
As someone that has been entrenched in the records and information management industry since 2000, I bring a unique perspective to compliance in this industry. This industry includes companies that store records, scan records, and shred records-records of any kind. Because of my experience of working at a full suite records management company, and because I have visited well over 100 other operations in these industries through my business Prime Compliance, I know firsthand how some, if not most, companies operate. One of the areas that has historically lacked has been compliance. Having said that, let me explain further.
I have seen a tremendous amount of improvement over the past 10 years. Companies used to avoid talking about HIPAA. They didn’t even believe that they were ‘business associates’ at first. I see this thinking today in another new association, and I am going to work with them to provide a better understanding of what the law says about this, just like I (and a couple of other people) had to do in the record storage association. I then saw this same mentality in the shredding association, and it took a lot of education by people like myself, Bob Johnson, Angie Singer Keating, and a host of others to convince the membership of that industry about the importance of compliance with HIPAA.
To many people, ‘compliance’ means checking a box. But it goes well beyond just checking a box. The industry associations now require some type of risk assessment and training prior to gaining their certifications. I do both of these. Many of your customers are also asking to see your risk assessment reports, as well as providing them proof that your staff has been trained to best protect their information. And now, your prospects are asking to see your certifications, which is all the more reason to seriously consider going through the process to become certified. I know that this requires financial resources, but how much business could you lose if you cannot prove that you are held to the highest industry standards before it becomes almost a necessary cost of doing business and doing it well? It now may not seem so expensive.
My opinion is that in regards to compliance, it will only become more important. With laws like the GDPR and the California Privacy Act recently implemented, there is more pressure than ever to protect the information that you work with, and your personal information as consumers. I can help you with that by assessing your policies, procedures, and practices and then providing reasonable solutions. Training your staff is just as critical-they are your biggest risks.
This article is proudly supplied by:
Tom Dumez, President
Tom is a a NAID Approved Consultant, and has helped more than 20 companies get their first time AAA Certification. He has also helped several companies obtain their PRISM Privacy+ Certification. Tom has an industry-specific risk assessment as well as an industry specific employee HIPAA training program. These are both the longest running programs in the industry.
Bins4 Shredding is an industry leading, secure container manufacturer. Both companies, Prime Compliance and Bins4 Shredding, are long-time presenters at Shred School. They both enjoy educating new entrants to the document destruction industry. In the same spirit, this series of guest blogs is designed to inform shredding companies - regardless of how long they have been in operation. Progressive shredding companies are always learning and evolving.