Compliance Consulting

Laws & Regulations

Confidential Information

cc

 

Risk Assessment and Strategy

All organizations have a requirement to protect confidential information for businesses and individuals.

An effective risk management process is an important component of a successful information management and disposal program.Green County and its business associates will provide information on the selection of cost-effective methods to mitigate risk.  Our solutions offer better protection of confidential information and how this information is stored, processed and eventually disposed.

Upon the completion of the Risk Assessment, we will offer your organization a listing the findings and make recommendations to protect your company.
With all of the rules and regulations that govern the largest to the smallest businesses in the country, Green Country can implement a policy to protect and comply with all of the federal and state laws pertaining to your specific industry.

 

Records and Information Management Program Development

Green County and its business associates will provide information on the selection of cost-effective methods to mitigate risk.  Our solutions offer better protection of confidential information and how this information is stored, processed and eventually disposed. Upon the completion of the Risk Assessment, we will offer your organization a listing the findings and make recommendations to protect your company. If your organization would like Green Country and our business associates to develop any policies or procedures, we can provide those services on a contract basis. With all of the rules and regulations that govern large and small businesses, Green Country can implement a policy to protect and comply with the federal and state laws pertaining to your specific industry.

Most shredding and storage companies only offer an “off the shelf” generic policy for either destruction or storage.  Our policy development will cover all areas of risk within the companies data management or address only the areas that need updating.

 

Employee Training and Education

At Green Country, we understand how important the proper management and disposal of confidential information is to your company.. With the increasing number of laws and regulations pertaining to the proper disposal of confidential information, we know that your first line of defense is the development of a written Compliance Policy as well as an Employee Awareness and Acknowledgement of the policy.

Green Country has many tools that they use for compliance training for your employees. Through this training it teaches your staff the reason on why following the policy and procedures is critical to the organization and to their continued employment. We will even provide a permanent copy for ongoing training of new employees and annual retraining of all employees.

In addition, we can equip your employees with written instructions on your organization’s specific standards to follow Green Country can also supply an employee acknowledgment verifying that your employees have be trained and understand the written policies and agree that ongoing compliance is a condition of their employment.

 

Laws & Regulations

HIPAA - Health Insurance Portability And Accountability Act Of 1974

What is HIPAA?

  • Addresses the security and privacy of health data
  • Requires health care organizations to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information”
  • Applies to health information (such as medical records) held or disclosed in any form

Who is affected?

Any organization with access to patient information:

  • Clinics and hospitals
  • Pharmacies
  • Pharmaceutical companies
  • Doctors and nurses
  • Insurance companies

What are the Fines?

  • Complaints lead to compliance review and report
  • Noncriminal violation (including disclosures made in error):
    Fines of $100 – $50,000 per violation and up to $25,000 – $1.5 million per year, for similar violations
  • Potential criminal penalties:
    • Wrongful disclosure: $50,000 fine, 1 year in prison, or both
    • Offense under false pretenses: $100,000 fine, 5 years in prison, or both
    • Offense with intent to sell information: $250,000 fine, 10 years in prison, or both

How to reach compliance?

  • Implement policies and procedures related to access of information to ensure protected health information (PHI) is properly secured and not disclosed.
  • Keep “Business Associate Agreements” with outside vendors who have access to protected health information
  • Must have and maintain documentation in accordance with your internal document retention policy

Green Country will do a no-obligation evaluation of your healthcare facility’s information management needs.

HITECH Act - The Health Information Technology For Economic And Clinical Health Act

What is HITECH?

  • The Health Information Technology for Economic and Clinical Health Act (HITECH Act) extends certain HIPAA requirements, such as the administrative, physical and technical safeguard requirements for health information, to Business Associates
  • Requires Business Associates that are aware of violations of HIPAA to take certain steps to cure the violation and report to governing entities.

Who does this affect?

  • Any organization with access to protected health information (Covered Entities)
  • Business Associates of Covered Entities and certain third-party service providers
  • Vendors of Public Health Records

What are the fines?

  • Tiered-penalty structure based on the organization’s level of knowledge of the violation:
  • If entity did not know of violation, penalties of $100-$50,000 per violation
  • If violation is due to reasonable cause and not willful neglect, penalties of $1,000 – $50,000 per violation
  • If violation is due to willful neglect and failure is corrected within 30 days, penalties of $10,000 – $50,000 per violation
  • If violation is due to willful neglect and failure is not corrected within 30 days, penalties of at least $50,000 per violation
  • Additional enforcement authorized for State Attorney Generals

How to be compliant?

  • Develop written privacy and security policies and procedures related to handling protected health information
  • In the event of a security breach, notify affected individuals and the Federal Trade Commission without unreasonable delay and within 60 calendar days

A Green Country expert will do a no-obligation evaluation of your facility’s information management needs.

FACTA - Fair And Accurate Credit Transactions Act Of 2003

What is FACTA?

  • Helps people prevent or reduce the harm from identity theft
  • Requires that any individual or business who maintains, compiles, or possesses consumer information from reporting agencies (Credit reports, credit scores, reports businesses, etc.) for a business purpose “must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”

Who is in this category?

  • Any individuals and organizations that use consumer reports, including: consumer reporting agencies, lenders, insurers, employers, landlords, government agencies, mortgage brokers, car dealers, attorneys, private investigators, and debt collectors

What are the fines?

  • Federal fines up to $2,500 per violation
  • State fines up to $1,000

How to reach compliance?

Take reasonable measures to implement and monitor compliance with policies and procedures to ensure that consumer information cannot feasibly be read or reconstructed by:

  • The burning, pulverizing, or shredding of papers
  • The destruction and erasure of electronic media
  • Conducting due diligence and hiring a document destruction contractor to dispose of material specifically identified as consumer report information

A Green Country expert will do a no-obligation evaluation of your facility’s information management needs.

Red Flags Rule

What is Red Flag Rules?

  • Helps consumers prevent  and reduce the harm from identity theft
  • Financial institutions and certain other creditors must have written identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft

Who does it apply to?

The Red Flags Rule applies to “financial institutions” and “creditors” that maintain “covered accounts.”

  • A “financial institution” is a savings and loan, bank,  credit union, or other entity that holds an account belonging to a consumer that allows the owner to make payments or transfers.
  • A “creditor” is any entity that regularly extends, renews or continues credit, arranges for someone else to extend, renew or continue credit, or an assignee of a creditor who is involved in the decision to extend, renew or continue credit.
  • A “covered account” is an account that is either (i) an account used primarily for personal, family or household purposes and that involves multiple payments or transactions or (ii) an account for which there is a foreseeable risk of identity theft (such as small business accounts).

What is the impact? (penalties and fines)

  • Civil penalties of up to $3,500 per violation
  • Injunctive relief is also available

How to reach compliance?

Develop and maintain a written identity theft prevention program that is appropriate for your business based on its size and potential risks of identity theft.

The four basic steps to designing a program to comply with the Rule are:

  • Identify relevant red flags;
  • Detect red flags;
  • Prevent and mitigate identity theft; and
  • Update your program periodically

A Green Country expert will do a no-obligation evaluation of your facility’s information management needs.

FCRA - Fair Credit Reporting Act Of 1999

What is it?

  • Promotes accuracy, fairness and privacy of personal information gathered by Consumer Reporting Agencies (CRAs)
  • CRAs must provide notice forms similar to those prescribed by the Federal Trade Commission
  • Governs other files of information collected on consumers that may not be on file with credit bureaus

Who does it apply to?

CRAs that gather and sell credit information such as:

  • Credit bureaus
  • Employment screening services, Tenants or agencies whose information is limited to a consumer’s check writing history
  • Organizations for profit who furnish consumer reports to third parties

What are the fines?

  • Anyone who obtains information from a consumer reporting agency under false pretenses — $3,500 and/or two years in prison
  • Same for any employee of a CRA bank who provides data from a bank’s files about a consumer to a person not authorized to receive it

How to be compliant?

  • Provide a summary of rights under the law to consumers and a notice of responsibilities under the law to parties who obtain consumer reports or regularly furnish CRAs with consumer information.
  • If a consumer has disputes with information provided, all information provided by the CRA regarding the dispute must be investigated, reviewed, and reported to the CRA.

A Green Country expert will do a no-obligation evaluation of your facility’s information management needs.

GLBA – Gramm-Leach-Bliley Financial Services Modernization Act of 1974

What is it?

Protects consumers’ personal financial information and requires companies to give consumers privacy notices that explain the financial institutions’  sharing practices of their information.

  • Financial Privacy Rule — governs the collection and disclosure of customers’ personal financial information by financial institutions. It applies to companies who receive such information.
  • Safeguards Rule — requires all financial institutions to design, implement and maintain safeguards to protect customer data. Applies not only to financial institutions that collect information from their own customers, but also to financial institutions that receive customer information from other financial institutions.
  • Pre-texting Provisions — protect consumers from individuals and companies that obtain their personal financial information under false pretenses.

Who does it apply to?

GLBA applies to “financial institutions” which includes companies such as financial loan brokers, some investment advisers, tax preparers, providers of real estate settlement services, and debt collectors that offer financial products or services

What are the penalties?

  • Financial institution are subject to a civil penalty of not more than $100,000 for each violation
  • Officers and directors subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation
  • Criminal penalties up to 5 years in prison

How to be compliant?

  • Implement a security plan to protect the confidentiality and integrity of personal consumer information
  • Disclose all privacy policies and procedures
  • Give notification when sharing information with third parties for non-financial reasons
  • Give customers privacy notices and have limitations of using info

A Green Country expert will do a no-obligation evaluation of your facility’s information management needs.

SOX – Sarbanes Oxley Act

What is it?

  • Increases corporate responsibility and financial reporting, and imposes new duties and significant penalties for non-compliance on public companies including their executives, directors, auditors, attorneys and securities analysts

Who does it apply to?

  • Companies that are required to file periodic reports with the SEC, as well as legal, accounting and records/information management professions within public companies traded on U.S. stock exchanges who work with companies on financial and corporate reporting

What are the fines?

  • Any individual who destructs, changes, or falsifies records with the intent to impede, obstruct, or influence an investigation will be fined and or imprisoned not more than 20 years.
  • Whoever knowingly and willfully destructs corporate audit records or any rule or regulation disseminated by the Securities and Exchange Commission will be fined and or imprisoned not more than 10 years

 

How to be compliant?

  • Maintain a record and information management policy, which details certain policies and procedures, including a document destruction policy focusing on how to stop destruction if an investigation is anticipated
  • Regularly review and update this policy with company attorneys.

A Green County expert will do a no-obligation evaluation of your facility’s information management needs.

 

Green Country Shredding – Tulsa OK Phone: 918.749.5885

On-Site Shredding, Off-Site Shredding Hard Drive & Media Destruction, Document Storage

Serving Tulsa and the surrounding Oklahoma areas.

GREEN COUNTRY SHREDDING FAQ's
What does your company shred and what has to be removed?

-We can shred anything that is a paper product.

-We also provide destruction for hard drives, CD’s, diskettes, x-rays, tape reels, and other types of media shredding. Please advise us if items other than paper need to be shredded.

– If it needs to be shredded, call us and we can discuss the material for destruction.

-You can leave paper clips, binder clips, and staples but we do ask if you would remove any         three ring binders.  If you do not have resources available to remove three ring binders, we can make a price adjustment in your quote and remove the binders for you.

-Please call and a Green Country Shredding representative will help you with any further questions.

 

Does your company shred for residential or just commercial?

-We provide both commercial, residential and drop-off shredding.

– Call our office for all options available.

 

Can we witness our documents being shredded?

-Yes. We have video monitors on the side of our on-site trucks so you can see your paper being shredded.

 

What size jobs do you accept?

-No job is too small or too big.  We shred for clients with just a few boxes and for businesses that have 20,000 boxes.

 

What happens to the paper after it has been shredded?

-All of the paper we shred will be recycled and processed according to NAID AAA certification standards. Shredded paper is never sold for packing material and is never available to the public prior to pulping at the paper mill.

 

What are my container options?

-Containers are available at no charge for our scheduled customers.

-All containers are lockable and range from small under the desk styles to 96 gallon rolling bins.

-Please call and a Green Country Shredding representative will help you with any further questions.  Pictures of containers are also available on our web page.

 

 

 

What are your frequencies that my container will be picked up?

-We provide frequencies that fit the customer needs.  We range from three times a week to every three months.

-We also provide one-time shredding services for clean outs and purges.

 

Can I have an unscheduled pick up?

  • Yes, just call a Green Country Shredding representative and we get you on the next available scheduled route in your area. Next day service is usually available.

 

What additional fees can I expect?

  • Green Country Shredding does not require a yearly service contract to sign. In addition, there are not any extra costs such as fuel surcharges, security fees, or shredding time charged by the minute.
  • Please notify Green Country Shredding if your items for shredding need to be removed from an attic, basement or other location without elevator access. There are not any hidden fees, but we do want to provide an accurate quote for your shredding project
  • Green Country is always happy to provide a quote in writing for your records.