Confidentiality, Privacy and Compliance
The confidentiality of our customers’ records and data is our top priority at Stevens & Stevens. Therefore, we’ve implemented a combination of systems, processes and procedures that not only adhere to privacy regulations, but go a step further by enhancing our clients’ overall corporate information security and compliance programs. As a result, we’ve earned a reputation throughout our business community for setting the standard for records and data protection.
A Thorough Screening and Training Process
Upholding the confidentiality of client records and data begins with our hiring process. Prior to joining our team we require all of our perspective employees to take aptitude testing and go through extensive background checks. Our background check provides for screening in the following areas:
- Criminal background
- Credit history
- Motor vehicle driving record
Upon hire, each employee is required to sign a confidentiality agreement and undergoes comprehensive privacy training which includes HIPAA and PCI Compliance. Also, Stevens & Stevens is a Drug Free Workplace.
Strict Chain of Custody Procedures
Safe and secure transportation of your valuable records and data is critical. All Stevens & Stevens’ vehicles are specially outfitted for records and media transport and are equipped with security systems and monitoring features which include:
- climate controlled cargo areas
- alarmed security systems
- GPS tracking and monitoring specially outfitted for records transport.
Only uniformed Stevens & Stevens’ employees handle and transport your records and information assets. Each driver is equipped with a cell phone which allows them to be in constant communication with our operations staff. Our delivery vehicles are locked at each stop no matter the duration of the service.
A Verifiable Audit Trail
You should always be able to produce a written audit trail which documents the access and movement of your records and data. Stevens & Stevens’ strict chain of custody process allows for tracking before, during and after the retrieval and delivery and transfer processes. Our drivers use handheld wireless scanners which integrate with barcode tracking technology to facilitate accurate tracking of our clients’ records and data between their offices and our storage facility. These portable devices ensure:
- retrieval delivery and pick-up accuracy
- automated documentation
- real-time tracking of containers and files
Data from our scanners is downloaded into our inventory management database allowing for a complete audit trail for the movement of all containers and files.
Privacy and Compliance
Stevens & Stevens is dedicated to maintaining the confidentiality and security of all media (hard copy or electronic) stored at our facilities in accordance with the requirements of applicable laws and utilizing the best technology available to the industry. We recently received the Privacy+ Certification from PRISM International. This certification demonstrates our level of excellence in the safeguarding of client information contained in paper and electronic records.
Protected Health Information (PHI)
In accordance with HIPAA and HITECH regulations, Stevens & Stevens’ stores and destroys all client information in full compliance with the Privacy Rule. In order to meet this obligation, all documents and media containing PHI are stored in our electronically monitored, secured facility with access limited to only our screened team members who are trained in their obligations with respect to the privacy of all stored materials. No documents or media are allowed to leave our facilities except as directed by the covered entities who own those materials.
With a long history of past experience serving the healthcare and medical community, Stevens & Stevens has hands-on familiarity and practice meeting the requirements of Business Associate Agreements.
For the destruction of records or media containing PHI, Stevens & Stevens strictly adheres to the requirements of the HITECH Act which states that any paper, film or other hard copy media be shredded in a manner such that the PHI cannot be read or otherwise cannot be reconstructed.
Destruction and Disposal of Personal Financial Information and other Records
Similarly, with respect to the destruction of information personal financial information and other confidential information, we follow the same security standards as applies to the protection of PHI. For the destruction of any format, we follow shredding methods that conform with NIST Special Publication 800-88, Guidelines for Media Sanitation.
For more information about our confidentiality, privacy and compliance practices, please contact us by phone or fill in the form on the page.