Secure records come in many variations: criminal records on microfilm rolls, health information on patient charts, and personally identifiable information on finance documents, to name a few. If you want to reduce your hard copy load, you’ll want to scan the files into an electronic format. But who can you trust to keep your records safe while they’re out of your hands?
The final decision to choose a scanning partner to digitally convert your secure records is completely up to you, and you have to feel comfortable with who you work with. Below we describe what secure scanning is, what kinds of records are considered sensitive, methods to physically and digitally protect your records, and a sample set of credentials you can look for when you’re choosing your scanning partner.
What Is “Secure Scanning?”
Simply put, secure scanning is the method by which you keep your records and data safe and prevent them from getting into the wrong hands during the digital conversion process.
Although every record is treated as confidential to our respective client, not all scanning is the same, and not all records are created equal. There are varying degrees of security depending on the type of material being scanned and the level of security desired by our client, regardless of the record types.
Security can also be separated into physical and digital categories: just because there’s a lock on the front door (physical), that doesn’t mean that the electronic data is being transmitted and stored properly (digital). It’s important to consider both types of security when you’re researching scanning partners.
Which Kinds Of Records Need Secure Scanning?
As we mentioned above, all records should be scanned in a secure way, although different types of records may be handled in a distinct manner based on regulations, policies, and so on. Below are some of the various types of records and the differences required for conversion.
Private data is information that may not be so secure as to be labeled “confidential,” but it’s still information that’s private to you. Another way to look at it is that it’s information that might be available to other people on request, but it’s not publicly available like a newspaper.
Examples include customer invoices, building plans, and financial records. These are all record types that aren’t so sensitive that they fall into guidelines like HIPAA, but they’re important to you and need to be protected.
To keep these records secure, your scanning partner should have a physically secure facility that requires identification prior to entry and a production/scanning area that keeps visitors from being able to wander around without an escort. On the digital side, only authorized personnel should have access to your records and only for the purposes of completing the project.
Healthcare data includes PHI (protected health information) and ePHI (electronic protected health information), and this type of record has numerous restrictions to ensure it’s secure. The HIPAA guidelines (Health Insurance Portability and Availability Act) are critical when dealing with health records and it provides guidance on the information flow of healthcare data.
Some of the methods to ensure security of healthcare data is to choose a partner that completes HIPAA audits, trains their employees on HIPAA practices and how to handle PHI/ePHI, and has secure scanning facilities for production and storage of your records. Digitally, encrypted storage and transmission of data is critical in case of a security lapse, and only assigning access to the minimum number of individuals to a project to limit exposure.
Criminal Justice Information (CJI)
Criminal records are processed in a very specific way when we’re chosen as your scanning partner. Although you’re not required to adhere to the Criminal Justice Information Services (CJIS) Security Policy, we decided as a company to process criminal justice information (CJI) following the policy guidelines. This decision allows law enforcement agencies and any other department with criminal records looking to have access to the CJIS database to partner with a vendor that complies with the Security Policy.
There are many protocols that must be followed to be compliant with the CJIS Security Policy, such as access control, media protection, physical protection, personnel security, and training, to name a few. Instead of going into detail here, we recommend that you read our in-depth article about “CJIS Digital Scanning” to understand the processes and how we handle these records.
What Are The Different Ways To Keep Records Safe?
The two methods of securing records before, during, and after a digital conversion project are by physically protecting them and digitally protecting them. Since there are innumerable ways to protect records and data, we’ll describe some of the methods we use to give you an idea of what goes on when you start a digital conversion project.
Physical security measures are the means to keep your hard copy records safe while we have them during a project. Because of the sensitive nature of some of the records we work with, it’s not enough to just have a room full of scanning machines with our people chugging along. Safeguards and procedures to segregate certain types of documents add a level of protection.
The key takeaway from this section is that our facilities are like onions – there are multiple layers of protection to keep your records safe.
Digital security measures are how we protect your records once they’re in an electronic form. This covers all aspects of the digitization process including scanning, processing, delivery, and storage.
What Kinds Of Credentials Should A Company Have?
The company you choose to work with should have the credentials and certifications that make you comfortable. Each company you take a look at will handle their processes in a distinct way, and most likely none of them will be 100% perfect. By taking a well-rounded approach and considering the options available to you, you should be able to weigh the most important factors to you when it comes to scanning your sensitive records and choose the partner that you feel is the most competent.
There are probably hundreds of credentials and certifications available when it comes to secure scanning, processing, and handling – with the availability of online courses, almost every topic can be granular. A quick web search for “online certifications for secure digital processing” shows you that there are plenty of super-specific courses and certifications – these are great, but it might be going a bridge too far to ask your scanning partner to get into this level of detail. Most scanning companies are looking at higher-level compliance because it applies to the organization as a whole.
Some security credentials that we have include:
When you have sensitive or confidential records, it’s normal to feel concerned about who’s handling them and how they’ll be scanned. We can’t force you to trust us with your documents, but we’re ready to speak with you and answer your questions.
Give us a call at 800.359.3466 or send an email to email@example.com to chat with one of our reps and see if we’re a fit for each other.
Read other posts related to security and digital conversion, starting with three recommendations below:
“Security” is an information page completely related to our security processes, procedures, and methods.
“CJIS Digital Scanning” is our overview of how to scan criminal justice information (CJI) for law enforcement agencies. If your office is handling and processing CJI, this is a starting point for you to understand what CJIS means and why it’s important to you.
“Digitization & The Chain Of Custody” describes the importance of tracking your records during a conversion project. With sensitive information, this is absolutely critical and is something you should be asking a potential scanning partner about.