Businesses that handle confidential information must understand privacy laws written to protect consumers, patients and employees. Several well-known federal regulations mandate privacy protection standards for the disposal of financial, medical and consumer information. Here’s an overview of the privacy laws that may affect your business:
The Health Insurance Portability and Accountability Act (HIPAA)
Enacted in 1996, HIPAA is one our nation’s oldest privacy protection regulations. Under the law, health care providers such as physicians, hospitals, pharmacies and other organizations transmitting protected health information (PHI) are considered “covered entities.” In addition, businesses that store, receive, create and maintain PHI on behalf of covered entities are considered “business associates.” Both must comply with HIPAA’s Privacy Rule and Security Rule. Each rule requires covered entities and business associates to implement physical, administrative and technical safeguards for PHI. Penalties for lack of compliance include monetary fines as well as possible jail time. Given the Department of Health and Human Services’ (HHS) more aggressive enforcement of HIPAA regulations in 2016, it’s critical to have a secure information disposal plan in place for the upcoming year.
The Fair and Accurate Credit Transactions Act (FACTA)
While not as old as HIPAA, FACTA’s penalties for improper disposal of private information are just as strict. It states that “any employer whose action or inaction results in the loss of employee information can be fined by federal and state government, and sued in civil court.” FACTA’s Disposal Rule, enacted in 2005, addresses the secure disposal of sensitive information derived from consumer reports and affects organizations such as:
- Mortgage brokers
- Car dealers
- Insurance providers
- Government agencies
- Landlords and property managers
It also says that any employer utilizing credit reports as part of their hiring process, must protect and properly dispose of consumer information. While the Disposal Rule does not outline specific disposal information disposal methods, it states that businesses should use “reasonable measures” to dispose of information.
Gramm-Leach-Bliley Act (GLBA)
Like FACTA, GLBA requires financial institutions to develop and maintain a written information security plan for protecting consumer information. GLBA requirements include:
- Designation of at least one employee to manage safeguards
- Risk analysis plans for each department handling personal information
- Develop, test and monitor an information security program
- Change safeguards as needed
Given these requirements, your business should have a clear and concise plan for how records are stored, controlled, accessed and destroyed.
A professional document destruction provider is an indispensable partner in making sure that your business adheres to the information disposal requirements of HIPAA, FACTA and GLBA.
Records Management Center provides businesses throughout Augusta, Evans, Thomson, Martinez, GA, Aiken, SC, as well as the Central Savannah River Area, with professional paper shredding and information destruction solutions. To learn more, please contact us by phone or complete the form on this page.