ALL ABOUT TOM
Tom worked in the RIM industry from 2000 until late 2012 at a full service records management company based in Grand Rapids, MI. He is a Certified HIPAA Professional and a Certified Security Compliance Specialist. Tom's focus is compliance with local, state, and federal regulations through policies, procedures, employee handbooks, risk assessments, documentation, contracts and agreements, and planning and implementing compliance solutions. He also provides consulting services to other RIM companies and their clients to help them regarding compliance matters. Since 2009, Tom has been both marketing and performing an employee HIPAA training program that was created specifically for the RIM industry, and includes scanning and information destruction companies. Tom also has an effective training program for covered entities (CEs). This training also includes moving and storage companies, as the handling of protected health information during a move can be a critical component when reducing the risks of a breach. Tom can also perform this training for city and county governments, police departments and other law enforcement agencies, fire departments, EMT's and ambulance personnel, correctional institutions, and courts and their employees.
Tom has traveled internationally as a guest speaker and as a trainer, also presenting many educational sessions for PRISM International, ARMA, NAID and AITP.
In 2012, Tom founded Prime Compliance, LLC. As it's President, Tom continues to provide a 'real world' educational opportunity to your employees. He is passionate about teaching people how to lower risks. His trainings are dynamic and engaging, and you will leave ready to tackle the world of HIPAA!
Tom has been married to his beautiful wife Lori since 1979. They have two grown children (and two more children through marriage), two grandsons and a granddaughter. In his spare time, Tom enjoys playing drums at church, fishing/hunting, spending every minute he can with Lori, and being a very hands-on grandpa.
New provisions were signed into law in 2009, as part of the ARRA. These laws have affected the RIM industry, and they could impact your business if you fail to educate your employees. They pose one of our greatest risks.
Have you noticed any increased pressure from your clients regarding liability? Are you prepared to deal with this? Your clients are now being held more accountable to ensure that the companies that they do business with (business associates) can provide reasonable assurances that they know how to protect information.
What, if anything, can you provide to your clients to assure them that you can effectively do what they pay you to do? The costs, fines, and penalties related to a breach of information are staggering. BA's have been specifically named as being found responsible for breaches. Are you willing to risk putting your business in jeopardy because you don't know what to do or where to turn?
I would love to help you take the business that you drive to a more compliant level. How? By educating your employees, it can significantly lower the risks. There were also some changes made in January, 2013. These will have an impact on how you conduct your business. See the DHHS report, and my summaries, on the regulatory page.
HITECH was designed to ensure that privacy, security, confidentiality, integrity and availability of electronic protected health information (EPHI) are maintained. Business associates are now held to the same level of accountability as covered entities, and because of this additional responsibility, should position themselves to become as educated as possible in order to avoid getting caught in a bad situation. If you handle any tape media, hard drive storage, flash drive/thumb drives, electronic backups or store EPHI on servers, or perform scanning services or send emails that contain EPHI, you can be impacted by HITECH laws.
Are your company owned portable devices encrypted? What level of encryption is acceptable? The reality is that there is now a very blurred line between the covered entity and the business associate. BA's are not expected to follow certain parts of the law, but are held to the same accountability standard if they are found in violation. Help your employees become more knowledgeable about HIPAA and HITECH by providing an opportunity for them to learn. There were also some changes made in January, 2013. These will have an impact on how you conduct your business.