Whether you are a hospital, part of an independent doctors’ network, or a solo healthcare practitioner, the requirements and obligations regarding the collection, maintenance, and eventual destruction of personal and confidential medical information are significant. The loss or mishandling of any of that information can result in fines, penalties, and even the loss of license.
And despite everyone’s best efforts, 56% of healthcare organizations have experienced a data breach, with 29% stating a breach occurred in the past 12 months.
Source: Stericycle, Data Protection Report, 2021.
Get A Quote
Recommended Information Security Services for Healthcare Facilities
Protecting your confidential information isn’t just a best practice; it’s the law!
Like most industries that work with private and confidential information, the healthcare sector is heavily regulated and governed. And laws designed to protect identities, medical information, financial data, and personal privacy come with strict rules – and heavy fines for violating them. We can help you stay compliant.
In addition to your industry regulations governing information privacy, here are a few of the key information security laws that also apply:
-
Personal Information Protection and Electronic Documents Act (PIPEDA)
-
Privacy Act
-
General Data Protection Regulation (GDPR)
-
Sarbanes-Oxley Act
Personal Information Protection and Electronic Documents Act (PIPEDA)
Governs how private sector organizations collect, use, and disclose personal information. The act requires organizations to adopt secure physical destruction of personal information to safeguard against any loss, theft, or unauthorized access.
Privacy Act
Extend the present laws of Canada that protect the privacy of individuals concerning the personal information held by a government institution. It ensures government institutions dispose of any personal information safely that accordance with guidelines.
General Data Protection Regulation (GDPR)
Applies to all companies that handle the personal data of EU residents, including companies that are established outside the EU if they offer goods or services to EU residents or monitor their behaviour.
Sarbanes-Oxley Act
Is an act set up for publicly traded companies to protect investors by improving the accuracy and reliability of corporate financial disclosures. The act also requires secure document retention and destruction – to better protect against corporate and accounting fraud.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Governs how private sector organizations collect, use, and disclose personal information. The act requires organizations to adopt secure physical destruction of personal information to safeguard against any loss, theft, or unauthorized access.
Privacy Act
Extend the present laws of Canada that protect the privacy of individuals concerning the personal information held by a government institution. It ensures government institutions dispose of any personal information safely that accordance with guidelines.
General Data Protection Regulation (GDPR)
Applies to all companies that handle the personal data of EU residents, including companies that are established outside the EU if they offer goods or services to EU residents or monitor their behaviour.
Sarbanes-Oxley Act
Is an act set up for publicly traded companies to protect investors by improving the accuracy and reliability of corporate financial disclosures. The act also requires secure document retention and destruction – to better protect against corporate and accounting fraud.
Learn to recognize the risks.
In healthcare, it’s a safe bet that every document you or your employees handle contains some form of confidential information. Whether it’s patient records or pharmacy reports, or your own financial reports and billing data, you have a lot of information to secure.
If you create, collect, or dispose of these types of documents, you and your organization could be at-risk for an information breach.
- Patient Insurance Information
- Payroll and HR records
- Supplier contracts
- Medicaid/ACA Information
- Financial Statements
- Tax Filings and Internal Audits
- Medical Invoices and Payments
- Balance Sheets
- Staff Schedules and Contact Info
- X-rays and MRI Files
- Income Statements
- Social Security Numbers
The Shred-it Advantage: Leading in Secure Document Destruction
Shred-it protects organizations' information for their people, customers and brands. With 30 years of experience, our primary focus on document security helps ensure your confidential information remains confidential. We offer paper, hard drive, and speciality shredding services.
Service Reliability
With the largest shredding fleet and the largest service footprint in North America, we are where you are.
Security Expertise
With the most NAID AAA certified mobile/on-site and plant-based facilities, we keep your information safe.
Customer Experience
With the highest customer satisfaction among all vendors, we are 100% committed to your protection and satisfaction.
Healthcare Organizations Understand that it Pays to Be Prepared
62%
of healthcare organizations
agree a data breach would impact their reputation
Stericycle, Data Protection Report, 2021
Only 27%
of healthcare organizations
have a paper shredding service
Stericycle, Data Protection Report, 2021
.
The 2021 Shred-it Data Protection Report (DPR) goes into depth to analyze the perceptions and practices around information security across various industries. Learn more about how businesses can protect their organization from information security threats.