Peace of Mind

Peace of Mind
Shred Shop adds layer of security with HIPAA certification
Aisling Maki

Medical identity theft is the nation’s fastest-growing form of identity theft, with about 2.3 million cases in 2014 alone, according to Consumer Reports. If an individual’s health insurance is used by someone else for doctor visits, procedures, or procuring medications and devices, the ramifications can be costly and can destroy the victim’s credit. The patient can also be denied coverage if caps are reached, for example.

The Federal Trade Commission recommends consumers keep paper and electronic copies of their medical and health insurance records in a safe place and shred outdated health insurance forms, prescriptions and physician statements.

Many individuals and health care providers alike look to document destruction and secure storage professionals like Shred Shop of Memphis, 318 Collins St., for peace of mind.

Other industries that use Shred Shop to manage confidential information include law firms, accounting firms, government agencies, schools and small businesses. Customers can watch while their documents are weighed, shredded and baled for recycling.

“We try to fill a niche that the larger companies can’t do mainly because of their size,” said Brenda Allen Huff, who founded Shred Shop, an independent and certified woman-owned business, in the fall of 2005. “It’s very hard to take care of residential and the really small jobs. It’s just not cost effective for their big trucks and all. But we have done a six-pound pickup and we’ve done a 41,000-pound pickup.”

Huff said customers appreciate watching the destruction process, but with medical identity theft on the rise, she wanted to go the extra mile for her clientele in the local health care industry. This meant becoming formally compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which provides data privacy and security provisions to safeguard medical information.

“I decided it was time we get the formal certification,” Huff said. “It wasn’t that we weren’t as careful as we could be before, but this allowed us the formal training – that extra layer of security.”

Shred Shop is a member of National Association for Information Destruction (NAID). Through her contacts there, Huff became aware of Tom Dumez of Prime Compliance – also known as “The HIPAA Man.”

Michigan-based Dumez is a certified security compliance specialist who provides consulting services to information destruction companies and their clients to help them in matters of HIPAA compliance. He usually trains companies larger than Shred Shop.

Huff was unable to locate a local trainer. Dumez’s services came with a sizeable price tag and required her to fly him from Michigan to Memphis, but Huff believed the HIPAA compliance training and certification would be beneficial for her many health care industry clients.

“It was quite a bit of money to have him come, but I think it was well worth it,” she said of Dumez, who provided a risk assessment and made suggestions for improvements to protect sensitive client information. Those suggestions include limiting exposure and fine-tuning chain-of-custody procedures.

“We’re taking anything he says seriously and trying to make those changes to reduce any risk of anything going wrong,” Huff said. “He provided the policies and procedures and he’s there – available to us to answer any questions throughout the year.”

Kelly Dobbins, president at Mid-South Drug Testing Inc., 950 Mount Moriah Road, said her company is required to store background checks for at least seven years. She relies on Shred Shop for its secure storage services and its hard drive removal and destruction services – a recent addition.

“A lot of people don’t think about their hard drives and the fact that they shouldn’t be giving their computers away to anyone unless you’ve removed that hard drive,” Huff said. “You could have all of your medical information on there, too, so it’s a dangerous thing to let a hard drive get out without being destroyed. People can make a lot of money off medical records. We’re trying to make it easier and cost effective for people to destroy that information, too.”

Dobbins, who has known Huff for about a decade, said that, as a small business owner, she prefers doing business with other local small business owners and she’s been pleased with Shred Shop’s services.

“Our documents at Mid-South Drug Testing contain confidential information,” Dobbins said. “We don’t want anyone to have access to our records, and being HIPAA compliant means the Shred Shop has taken yet another step in security. They will also be able to destroy files and hard drives in a manner that is complaint with HIPAA.”

Here are some ways you can protect yourself from Medical Identity Theft

Special to The Telegraph

Identity theft affects millions of Americans every year, causing financial ruin and damaging credit histories that can take months or years to repair.

Unfortunately, a specific type of identity theft is on the rise: medical identity theft. But, what is medical identity theft, and how does it differ from a classic case of identity theft?

Medical identity theft occurs when someone steals your personal information in order to obtain medical care, buy drugs or submit fake billings to Medicare in your name, according to the U.S. Department of Health & Human Services. Unlike financial identity theft — which occurs when someone illegally uses your personal financial information to empty your bank account or rack up charges on credit cards taken out in your name — medical identity theft can have other serious consequences and is more difficult to clear up.

Any type of treatment, diagnosis or surgery that occurs with a stolen identity could become a part of your medical record. This could affect your access to medical care, insurance benefits and the acquired debts could end up on your credit report.

For someone to commit medical identity theft, your Social Security number isn’t necessarily needed as your name, birthday and address could be enough. According to the private cybersecurity research firm, Ponemon Institute, an estimated 2.3 million cases of medical identity theft were identified in 2014, a 22-percent increase from 2013.

The Better Business Bureau and the Federal Trade Commission offer the following advice to help prevent your medical information from falling into the wrong hands:

▪ Watch out for red flags. Signs of medical identity theft may include receiving a bill for medical services you never received, medical collection notices on your credit report you don’t recognize or a call from a debt collector about a medical debt you don’t owe. If you see a mistake, contact your health insurance provider and report it.

▪ Keep copies of your medical records. Keep copies of your medical history, receipts and/or bills from treatments or doctor visits. Also, keep a record of your prescription history including the doctor who prescribed a prescription and the pharmacy that filled it. Federal law allows you to have copies of your medical or billing records, and if your request is ever denied you have the right to appeal.

▪ Read the statements from your health insurance company. Make sure to read your medical and insurance statements regularly and completely, as these documents can show warning signs of identity theft. Read the Explanation of Benefits statement your health insurance company sends after treatment. Also, check the name of the provider, the date of service and the service provided. Check that the claims paid match the care you received. If you see a mistake, contact your insurance company and report the problem.

▪ Protect your personal information. Read your credit card and bank statements carefully and often. Shred all personal and financial documents, including outdated medical documents and old prescription labels. Also, don’t share medical or insurance information by phone or email unless you initiated the contact and know who you’re dealing with.

▪ Check your credit report. BBB recommends checking your credit report with the three credit bureaus at least once a year. This will help you detect any fraud, and it’s easy and free. Visit for your copy.

Some of these steps may seem excessive now but just ask someone who has had their identity stolen, especially their medical identity, and they will agree that these steps would have been much easier than fighting to regain their good name.

For more trustworthy consumer tips, visit

Kelvin Collins is president/CEO of the Better Business Bureau of Central Georgia and the CSRA Inc., serving 41 counties in Middle Georgia and the Central Savannah River area. This tips column is provided through the local BBB and the Council of Better Business Bureaus. Questions or complaints about a specific company or charity should be referred directly to the BBB at 478-742-7999, or by emailing


Read more here: