Protecting data is of the utmost importance for any business that handles personal information, especially for those of us with healthcare or financial services customers. It is our job to protect your PHI – personal healthcare information.
Data breaches seem to be as common as catching a cold, as more and more organizations succumb to the acts of hackers. Sadly, 60% of data breach victims are small- to medium-sized businesses as they are at the greatest risk for attack.
With that being said, it is more important than ever to safeguard sensitive information such as email addresses, addresses, social security numbers and health records... just to name a few. This is why Mount Vernon is SOC2 certified and in 2019 we will become SOC2/HITRUST compliant. In addition, our parent company, RRD, has secure facilities that can meet your needs in various areas around the country. This compliance means we will have strict security measures in place to protect any personal information that we handle.
The Mount Vernon staff – all of us – are required to go through special training to make sure we follow very specific protocols for handling sensitive communications. The print shop also has to meet rigid HIPAA standards to obtain the certification.
When it comes to protecting sensitive data, here are some tips that you need to consider, both in a partner and for your own safety.
1) Create a culture of security-minded employees: Educate your employees to be mindful of security practices so they become automatic, no matter what the project entails. For example, locking your computer when you’re away from your desk. It seems basic, but it’s effective. This is yet another reason why our entire staff goes through the certification process.
2) Control access to personal information: Only give access to the team that needs it. Set up safeguards like limited access to certain areas of the building, shredding overages, etc. Taking the right precautions will allow your business to be HIPPA compliant, avoiding an audit by those who enforce it, like the HHS Office for Civil Rights (OCR).
3) Network access: It is tempting to use networking tools such as peer-to-peer file sharing and instant messaging, but those should be used with extreme caution. Wireless signals should operate in an encrypted mode so only the intended recipient can pick up the signal and access the sensitive data.
4) Strong Passwords help: Although passwords can’t stop hackers, they are everyone’s first line of defense and have the ability to slow down or discourage an attack on data.
5) Protect staff’s mobile devices: If employee devices cannot support encryption, don’t use them. Be sure to set up strong access controls for phones too.
I’m glad that other segments are cracking down on the handling of sensitive data as well. Organizations like unions, and the finance and insurance industries, are also requiring a higher level of security compliance when searching for communication partners who are SOC2 compliant. The bar has been raised.
The next time you are looking for a solution provider to handle sensitive data, check to see if they have security measures in place. I can assure you we do!
Photo by Markus Spiske on Unsplash