The Importance of HIPAA Compliance

HIPAA Compliance

Working in the Records and Information Management industry means security and compliance are of the utmost importance. No one understands that better than Tom Dumez with Prime Compliance. Tom is an industry veteran who regularly provides HIPAA compliance training to Records Storage and Document Destruction companies throughout the United States. Williams is proud to say we have renewed our HIPAA compliance for 2019, and during Tom’s last visit with us, we had the opportunity to chat about the process and why it is so important.

Tom Dumez – Prime Compliance


WDM: What is your background in the RIM industry?

TD: I went to work for a records storage facility in 2000. I started at the bottom, and over the years had the opportunity to learn more and accept increased responsibility as the business grew. At different points, I was performing and scheduling box pickups, route/driver/fleet management, human resources, and compliance consultancy. I was also selling and travelling to do HIPAA training and risk assessment to other record centers to aid in becoming compliant with HIPAA. HIPAA compliance really began to impact the industry in 2010.

I left the records storage company I was working at in 2012 to start Prime Compliance. If you check my website at, you will see that Records and Information Management is at the center of both my logo and at the center of what I focus on. Here we are in 2019 and I am busier than ever. In 2014, my training program was NAID Board Approved to be an alternative training to their own program, and it is still approved today. I am also a NAID Board Approved Consultant. I have worked with RIM companies all over the U.S., and also in Guam, Puerto Rico, Trinidad, and later this Spring, the British Virgin Islands. Information protection is a global issue. Breaches are caused by different events all over the world and can impact nearly everyone at some point.


WDM: How long have you’ve been providing a compliance program and how did you start?

TD: Since 2010. I worked to analyze the law with what a record center does, including shredding, scanning, storage, vaulting, etc. I started with one RIM vendor, and as I received a few certifications I created a training program for the staff. At the PRISM Annual Conference in 2010, followed by NAID in 2011, I bought exhibitor space and started to promote HIPAA compliance in an effort to help others. It took off, and 9 years later, I have worked with upwards of 150 different companies.


WDM: What types of companies do you typically work with in the compliance process?

TD: Records storage, document destruction, scanning, and data vaults are the primary businesses that I focus on. However, a few other industries that I have worked with include health and wellness, dentistry, and optometry.


WDM: What is HIPAA?

TD: HIPAA stands for the Health Insurance Portability and Accountability Act. It became law in 1996 and didn’t really impact RIM businesses until 2009/2010. HIPAA dictates how Protected Health Information (PHI) must be kept secure, private, and confidential. RIM companies are now required to adhere to the same laws as medical entities. My goal is for RIM companies to learn, through my training program, how to protect PHI even better than medical entities.


WDM: What is a common misconception if any, about HIPAA?

TD: The main misconception is that HIPAA only protects medical records. That simply isn’t true. It protects PHI, which can be found in a variety of places, including medical records, legal files, and HR files as prime examples. Regardless of what industry you are dealing with, other people’s information is always governed by a regulation, and because HIPAA has high standards to protect it, I want my clients to be the best, regardless of which marketplace they are in.


WDM: What is involved with the HIPAA compliance process?

TD: As you know because I have worked with Williams Data Management for many years, I do a complete risk assessment and then report back on the findings of that during my visit. Additionally, I spend hours training each staff member, providing best practices and procedure when it comes to the handling of PHI. I answer any questions or concerns from each staff member and provide answers to help mitigate risk.


WDM: Why should clients care that their RIM provider is HIPAA compliant?

TD: Clients should only look for a company that can provide proof that a RIM company has performed a current risk assessment, along with the results of that assessment, and proof that they have had a quality HIPAA training program for all staff and management, like Williams Data Management does (and can provide). Including all staff guarantees that everyone hears the same information from the same source to uniform procedure when it comes to protecting other people’s information. I also provide a certificate to each employee. Businesses from any industry should only use a RIM services provider that truly knows what their responsibilities are and that can prove that they know what they are doing. This also helps keep the client in compliance too. Each customer is bound by a regulation to protect the information that they collect and use. I want my clients to be the trusted resource for their clients, and I cannot think of a better way than being able to prove that than through documentation and training. Your customers and prospects must know that William Data Management is the best in the industry and can prove that to their customers.


WDM: Thank You Tom! It was great chatting with you.

TD: My pleasure.

Williams’ commitment to compliance and protecting client data is at the forefront of every service we provide. We are here to help your business maintain compliance with regulations that govern your industry. Feel free to reach us at 888.920.4549 or start a chat with us. We can provide a solution that fits your business and provide you the piece of mind that your vital information is protected.