|
|
Physical Document
Storage
DocSci offers physical document storage:
Access
You have continuous access to your information. Normal delivery is completed
the next business day after your request. We deliver up to 2% of the total
number of boxes in storage on a monthly basis at no extra charge. We can rush
a box, a file or even a document to you within four hours for a small fee.
Security
Our secure storage facilities are HIPAA compliant, monitored 24 hours per day
and climate controlled.
Records retention scheduling
We provide certified, confidential records destruction or recycling options,
based on your business rules.
Active Records Management
Our active records and folder management programs provide ways to store,
index and retrieve current data. This service includes delivery within 24
hours. We also honor emergency requests for active records every day of the
year.
Inventory management
We inventory other paper goods including letterhead, brochures, manuals,
forms, etc. Our product fulfillment and distribution center is highly
automated to meet your needs on demand.
How does it work?
- We come to your office to pick up your boxes
of paper documents.
- We transport them to our secure storage
facility in Tukwila, WA and Jacksonville, FL.
- We inventory and bar code every box, re-boxing
as necessary.
- We put the boxes into our climate controlled,
automated warehouse.
- Whenever you want a box, just call and we’ll
deliver it right to your door.
- Our work is guaranteed.
Compliance
Most organizations have new privacy requirements today. If these requirements
are not met, consequences can be severe. DocSci is part of a comprehensive
solution for these new requirements.
For example, the Health Insurance Portability and Accountability Act of 1996
(“HIPAA”), mandated the Department of Health and Human Services (HHS) to
publish new rules that would ensure:
- Standardization of electronic patient
information
- Unique health identifiers for individuals,
employers, health plans and health care providers
- Security standards protecting the
confidentiality and integrity of "individually identifiable health
information," past, present or future.
HIPAA affects virtually
all health care providers, health plans, public health authorities,
healthcare clearinghouses, life insurers, self-ensured employers and calls
for severe civil and criminal penalties for noncompliance:
- Fines up to $25K for multiple violations
- Fines up to $250K and/or imprisonment for the
misuse of information.
- The final Security Rule was published April
21, 2003. Compliance for most entities is required by April 21, 2005.
Excerpts from HIPAA’s
Technical Safeguard document referring to requirements that an adequate compliant
storage solution should address are summarized below along with brief
description of how DocSci addresses that requirement.
“Sec. 164.312 Technical safeguards.”
“(a)(1) Standard: Access control. Implement technical policies and procedures
for electronic information systems that maintain electronic protected health
information to allow access only to those persons or software programs that
have been granted access rights as specified in Sec. 164.308(a)(4).”
DocSci uses Microsoft’s Authentication System, security certificates and
smart cards, to verify a client’s identity. Once identity is authenticated,
pre-established business rules and access controls set within DocSci and
published to Microsoft’s Active Directory are used to determine if a client
has the required permissions to access the resources they are requesting.
“(2) Implementation specifications:”
“(i) Unique user identification (Required). Assign a unique name and/or
number for identifying and tracking user identity.”
DocSci supports the Microsoft Authentication System which establishes a
unique single user logon. DocSci provides an audit trail that documents user
identity and time-stamps access to information.
“(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt
and decrypt electronic protected health information.”
DocSci offers the capability to encrypt and decrypt all files or selected
files using the Advanced Encryption Standard (AES).
“b) Standard: Audit controls. Implement hardware, software, and/or procedural
mechanisms that record and examine activity in information systems that
contain or use electronic protected health information.”
DocSci provides an audit trail of all access to the protected health care
information.
“(c)(1) Standard: Integrity. Implement policies and procedures to protect
electronic protected health information from improper alteration or
destruction.”
DocSci controls access to the managed files and provides audit trails
detailing user access and any file changes. DocSci also takes care of
creating original and duplicate copies of files when they are modified.
“(2) Implementation specification: Mechanism to authenticate electronic
protected health information (Addressable). Implement electronic mechanisms
to corroborate that electronic protected health information has not been
altered or destroyed in an unauthorized manner.”
DocSci uses digital fingerprint technology to detirmine if a file has been
tampered with.
Document Science provides compliant and secure storage solutions that
feature:
- Integrity
- Scheduled retention time period
- Audit trails
- Encryption
- Disposition scheduling and tracking
- Compliance with HIPAA, SOX, FDA, SEC, HR
and other laws and regulations
- Protection against catastrophic loss
through redundant, secure storage
This document is not a legal opinion or intended to be legal advice. Please
seek legal counsel for your specific questions related to compliance.
Destruction of Paper and Electronic Documents
DocSci provides for the scheduled destruction of physical documents at our
secure facilities.
A Missing Fundamental – Disposition of Retained Records
The DocSci solution addresses a drawback that both tape and optical solutions
have regarding the disposition of records. Both tape and optical disc have
been the solutions of choice for long term archival storage.
Record retention is critical to compliance laws, and record deletion is
critical for protection against electronic discovery. Record retention policies
dictate different retention periods for different documents based upon the
type of document, industry, author, and regulations. It is not uncommon when
a document gets put into storage for it to be copied multiple times onto tape
with the physical tape being stored in a variety of locations, often off-site
at a secure facility.
Due to the nature of the media and technology used in both tape and optical
storage, the only way to delete any specific record is to destroy the entire
disc or tape. This is not feasible because typically the tape or disc has a
variety of documents on them with multiple retention periods. Also with
multiple backup copies at different locations, finding all copies of a
particular record when its retention period has ended is a significant
challenge. This leaves corporations vulnerable to discovery requests and the
possibility of a ‘smoking gun’ being found beyond the acceptable and
necessary retention periods. DocSci’s technology addresses this problem.
At the end of a record retention period and with the proper security
clearance an administrator can delete the appropriate records. If the
physical location of the file is on line and accessible then it will be
physically deleted, or if copies of the files are off-line and/or on tape or
optical media then the encryption key for that specific file will be scrubbed
rendering the actual file unreadable.
DocSci utilizes the AES encryption standard which is impossible to decrypt.
Once the encryption key is destroyed it is impossible to reconstitute the
file rendering the file virtually destroyed. European companies by law need
to delete records with personnel information contained within them, while
North American companies by design want them destroyed at the end of their
retention period. DocSci's solution that can fully address this important
issue.
|
|
