What You Should Know about Privacy Laws and Document Disposal
Are you fulfilling regulatory requirements for the disposal of sensitive information? In this blog, we review federal privacy legislation and discuss methods making sure your document disposal practices follow the law.
The Health Insurance Portability and Accountability Act (HIPAA)
Every organization that handles and transmits protected health information (PHI) must adhere to HIPAA’s Privacy Rule and Security Rule. Both rules require HIPAA covered entities and business associates to implement physical, administrative, and technical safeguards for PHI. The Department of Health and Human Services’ Office of Civil Rights (OCR) monitors and enforces HIPAA compliance.
Penalties for lack of compliance may include monetary fines and legal action against corporate officers. If your company stores PHI, you must destroy it when it reaches a final disposition date. A professional shredding company that issues a Certificate of Destruction can help your business comply with HIPAA.
The Fair and Accurate Credit Transactions Act (FACTA)
FACTA’s Disposal Rule requires proper disposal of personally identifiable information (PII) to protect against “unauthorized access to or use of the information.” If your business collects consumer data including credit applications and other financial data, you must dispose of it according to FACTA Disposal Rule guidelines.
Family Educational Rights and Privacy Act (FERPA)
Under FERPA, organizations held responsible for breaching confidential student information can be subject to a withholding of federal funds and payments. As a result, educational institutions must have protocols for securely disposing of student records.
Gramm-Leach-Bliley Act (GLBA)
GLBA requires financial institutions and government agencies to protect financial data from unauthorized access. Under the act’s Financial Privacy Rule, consumers must be provided with a privacy notice that explains:
- How information is collected
- Where that information is shared
- How the information is used
- How it is protected
If your business provides financial services, it must maintain a written policy for disposing of consumer records.
A trusted, local a information destruction partner can help your business adhere to these federal regulations and local and state laws.
Richards & Richards offers shredding and destruction services for businesses throughout Nashville.
For more information about our shredding services, please call us at 615-242-9600 or complete the form on this page.