One of my last blogs discussed the risks of third-party contractors and their responsibilities for protecting information. This blog will address yet another third-party risk – your janitors.
A janitor was recently arrested for removing boxes of records from a Southern California health care clinic. Interested only in getting money for the paper, the janitor sold 14 boxes of patient records to a recycling center for $40. This janitor was not interested in identity theft, but the next one might be…
In an earlier case, a janitor stole personal information from patient files at a Chicago hospital, participating in an identity theft ring that affected more than 250 patients.
Is your organization addressing risks with the cleaning crew?
1) Do you know your cleaning crew?
2) Do they have a good reputation?
3) Have all janitors and other crew members signed off on your organization’s policies for protecting information?
4) Are you monitoring their activity on an ongoing basis?
5) Are you limiting access to secured systems?
6) Do they understand the consequences for mishandling sensitive information?
7) Are suspicious incidents (missing papers, back-up devices, etc.) reported to the appropriate personnel?
Organizations should also ensure employees are protecting sensitive information with simple best practices for the office:
1) Don’t leave sensitive files/information on your desk
2) Properly dispose of/shred sensitive information. Don’t just toss documents in garbage cans or recycling bins.
3) Lock and secure file cabinets containing patient information.
How is your organization addressing risks with third-party contractors?