| home  |  articles  |  about  | contact  |  free software  |

| scan |  transform  | index  |  process  |  search  |  store  |

 

Physical Document Storage

DocSci offers physical document storage:

Access

You have continuous access to your information. Normal delivery is completed the next business day after your request. We deliver up to 2% of the total number of boxes in storage on a monthly basis at no extra charge. We can rush a box, a file or even a document to you within four hours for a small fee.

Security

Our secure storage facilities are HIPAA compliant, monitored 24 hours per day and climate controlled.

Records retention scheduling

We provide certified, confidential records destruction or recycling options, based on your business rules.

Active Records Management

Our active records and folder management programs provide ways to store, index and retrieve current data. This service includes delivery within 24 hours. We also honor emergency requests for active records every day of the year.

Inventory management

We inventory other paper goods including letterhead, brochures, manuals, forms, etc. Our product fulfillment and distribution center is highly automated to meet your needs on demand.

How does it work?

  • We come to your office to pick up your boxes of paper documents.
  • We transport them to our secure storage facility in Tukwila, WA and Jacksonville, FL.
  • We inventory and bar code every box, re-boxing as necessary.
  • We put the boxes into our climate controlled, automated warehouse.
  • Whenever you want a box, just call and we’ll deliver it right to your door.
  • Our work is guaranteed.


Compliance

Most organizations have new privacy requirements today. If these requirements are not met, consequences can be severe. DocSci is part of a comprehensive solution for these new requirements.

For example, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), mandated the Department of Health and Human Services (HHS) to publish new rules that would ensure:

  • Standardization of electronic patient information
  • Unique health identifiers for individuals, employers, health plans and health care providers
  • Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

HIPAA affects virtually all health care providers, health plans, public health authorities, healthcare clearinghouses, life insurers, self-ensured employers and calls for severe civil and criminal penalties for noncompliance:

  • Fines up to $25K for multiple violations
  • Fines up to $250K and/or imprisonment for the misuse of information.
  • The final Security Rule was published April 21, 2003. Compliance for most entities is required by April 21, 2005.

Excerpts from HIPAA’s Technical Safeguard document referring to requirements that an adequate compliant storage solution should address are summarized below along with brief description of how DocSci addresses that requirement.

“Sec. 164.312 Technical safeguards.”
“(a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4).”


DocSci uses Microsoft’s Authentication System, security certificates and smart cards, to verify a client’s identity. Once identity is authenticated, pre-established business rules and access controls set within DocSci and published to Microsoft’s Active Directory are used to determine if a client has the required permissions to access the resources they are requesting.

“(2) Implementation specifications:”
“(i) Unique user identification (Required). Assign a unique name and/or number for identifying and tracking user identity.”

DocSci supports the Microsoft Authentication System which establishes a unique single user logon. DocSci provides an audit trail that documents user identity and time-stamps access to information.

“(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.”

DocSci offers the capability to encrypt and decrypt all files or selected files using the Advanced Encryption Standard (AES).

“b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”

DocSci provides an audit trail of all access to the protected health care information.

“(c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.”

DocSci controls access to the managed files and provides audit trails detailing user access and any file changes. DocSci also takes care of creating original and duplicate copies of files when they are modified.

“(2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”

DocSci uses digital fingerprint technology to detirmine if a file has been tampered with.

Document Science provides compliant and secure storage solutions that feature:

  •  Integrity
  •  Scheduled retention time period
  •  Audit trails
  •  Encryption
  •  Disposition scheduling and tracking
  •  Compliance with HIPAA, SOX, FDA, SEC, HR and other laws and regulations
  •  Protection against catastrophic loss through redundant, secure storage


This document is not a legal opinion or intended to be legal advice. Please seek legal counsel for your specific questions related to compliance.

Destruction of Paper and Electronic Documents

DocSci provides for the scheduled destruction of physical documents at our secure facilities.

A Missing Fundamental – Disposition of Retained Records


The DocSci solution addresses a drawback that both tape and optical solutions have regarding the disposition of records. Both tape and optical disc have been the solutions of choice for long term archival storage.

Record retention is critical to compliance laws, and record deletion is critical for protection against electronic discovery. Record retention policies dictate different retention periods for different documents based upon the type of document, industry, author, and regulations. It is not uncommon when a document gets put into storage for it to be copied multiple times onto tape with the physical tape being stored in a variety of locations, often off-site at a secure facility.

Due to the nature of the media and technology used in both tape and optical storage, the only way to delete any specific record is to destroy the entire disc or tape. This is not feasible because typically the tape or disc has a variety of documents on them with multiple retention periods. Also with multiple backup copies at different locations, finding all copies of a particular record when its retention period has ended is a significant challenge. This leaves corporations vulnerable to discovery requests and the possibility of a ‘smoking gun’ being found beyond the acceptable and necessary retention periods. DocSci’s technology addresses this problem.

At the end of a record retention period and with the proper security clearance an administrator can delete the appropriate records. If the physical location of the file is on line and accessible then it will be physically deleted, or if copies of the files are off-line and/or on tape or optical media then the encryption key for that specific file will be scrubbed rendering the actual file unreadable.

DocSci utilizes the AES encryption standard which is impossible to decrypt. Once the encryption key is destroyed it is impossible to reconstitute the file rendering the file virtually destroyed. European companies by law need to delete records with personnel information contained within them, while North American companies by design want them destroyed at the end of their retention period. DocSci's solution that can fully address this important issue.

 

Document Science, LLC ("DocSci")
704 228th Ave. NE #603
Sammamish, WA 98074
(425) 391-3945
(425) 830-9713



© Document Science, LLC 2004-2005