Regulations That Demand Secure Information Disposal
Do you recall playing a game with friends only to realize you’ve been playing it incorrectly all along? Rules sometimes get overlooked, adapted or misunderstood, leading to alternative ways of play that persist for years. Games like Monopoly, Scrabble and even Poker and Blackjack have incorrectly hinged on “house rules,” and have been played differently until someone comes along and challenges the rule.
Similar misunderstandings can occur within a company regarding regulations for secure information disposal. Procedures may have been passed down, slightly altered with each explanation. The most reliable sources for the correct guidelines are the latest laws mandating secure information disposal, which outline specific details on handling information at the end of its use.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA mandates organizations dealing with health-related information to have documented policies safeguarding Personal Health Information (PHI). Adherence to document retention periods is critical, ensuring information isn’t destroyed prematurely or stored beyond their designated retention dates. A Certificate of Destruction from a professional shredding company serves as proof of proper and timely information disposal. Examples of protected information under HIPAA include:
- Insurance information and claim forms
- Medical history, billing information and notes
- Sign-in logs
- Health related images
Gramm-Leach-Bliley Act of 1999 (GLBA)
The GLBA requires banking and financial institutions, regardless of size, to establish, implement and maintain methods of protecting consumer information. Covered entities include:
- Insurance companies
- Income tax return preparers
- Financial advice organizations
- Credit counsellors
Fair and Accurate Credit Transactions Act of 2003 (FACTA)
FACTA aims to curb fraud and identity theft by regulating the disposal of confidential information. It applies universally to all US persons and businesses holding consumer information, mandating its proper destruction before disposal. FACTA sets forth requirements for information privacy, accuracy, disposal and sharing of consumer information.
Using a Third-Party Shredding Company
Entities obligated to dispose of sensitive information can engage the services of a secure shredding company for proper document destruction. A Certificate of Destruction, as provided by reputable shredding companies, verifies compliance with HIPAA, the GLBA and/or FACTA. Opting for a NAID AAA Certified shredding company ensures compliance with data protection laws through scheduled and surprise audits by trained, accredited security professionals.
Richards & Richards is Nashville’s oldest NAID AAA Certified shredding company. We guarantee compliant disposal of sensitive information, in accordance with federal and state data privacy laws. We provide a Certificate of Destruction with every completed shredding job. Call us at 615-242-9600 or complete the form on this page for assistance with compliant document destruction.