Federal Privacy Laws and Document Shredding
Did you know that secure disposal of personally identifiable information (PII) and protected health information (PHI) is mandated by federal laws? The following federal regulations contain provisions that require secure disposal of records containing PII and PHI:
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Fair and Accurate Credit Transactions Act (FACTA)
- The Family Educational Rights and Privacy Act (FERPA)
- The Gramm-Leach-Bliley Act (FACTA)
In this blog, we offer tips for making sure your shredding practices comply with federal privacy laws.
Chain of Custody
Businesses and organizations are liable for the protection of PII and PHI from the moment it is created until the time it is destroyed. In-house shredding practices can lead to breaks in the chain of custody that expose your company to privacy breaches and non-compliance fines.
Outsourcing your shredding is the best way to maintain a chain of custody for PII and PHI. Your document shredding provider offers secure containers for collection of your paper waste. When filled, background-screened, bonded, and insured professionals collect the contents and destroy them while following a strict chain of custody.
Federal privacy laws require organizations to take reasonable measures to prevent unauthorized access to PII and PHI. As a result, PII and PHI should never be shredded with store-bought office shredders and discarded in dumpsters or recycling containers. This may enable your documents to be reassembled by hand or using specialized software.
A trusted shredding provider uses industrial-grade shredders to shred your documents into tiny particles, then mixes them with particles from other sources so they can’t be reconstructed.
Businesses and organizations must be able to prove their information disposal practices. Companies that do not maintain a written record of when and how PII and PHI is disposed of may face non-compliance penalties.
After destroying your documents, a secure shredding provider issues a Certificate of Destruction with the time, date, and method of destruction. This detailed information offers proof of your company’s compliance with federal regulations.
A qualified shredding provider offers the security, documentation, and chain of custody you need to stay compliant with federal privacy regulations.
For more information about our shredding services, please call us at 615-242-9600 or complete the form on this page.