We take records management and client privacy very seriously. Are you compliant?
Fair and Accurate Credit Transactions Act (FACTA)
Effective June 2005, this law requires businesses that collect customer information to ensure that the information is protected from "unauthorized access or use." In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed by shredding, burning or pulverizing. The federal government's website states that "although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the Federal Trade Commission encourages those who dispose of any records containing a consumer's personal or financial information to take similar protective measures."
Health Insurance Portability & Accountability Act (HIPAA)
This 1996 law and the accompanying 2002 regulation known as the Privacy Rule restrict how health care providers may handle and disclose patient health information. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation.
SDMS can help your business comply with these requirements by: Storing protected health information in a secure commercial records center
■ Signing a business associate agreement with your medical practice to limit your liability for stored health information
■ Destroying inactive medical records in accord with state medical society guidance and in compliance with HIPAA regulations
■ Provide authorized access to records and documents through a documented, simple request system
Gramm-Leach-Bliley Act (GLBA)
This 1999 law requires financial institutions and businesses that receive personal information in the course of conducting their business to establish safeguards for the handling and disclosure of that information.
SDMS can help your business comply with this law by:
■ Storing sensitive hard copy information in our secure commercial records center
■ Limiting access to sensitive information only to individuals you approve in advance
■ Shredding and recycling discarded documents including sensitive paper documents to prevent identity theft
This 2002 legislation creates new requirements for businesses and accountants to maintain corporate audit records or review working papers for 5 years beyond the year in which an audit is concluded. The new law also creates penalties for destroying or altering documents that are relevant to contemplated or ongoing investigations or official actions. Sierra Data Management and Storage, Inc. can help businesses and accounting firms and their clients comply with the law by:
■ Storing audit records off site to limit the potential for tampering or inappropriate destruction
■ Creating electronic versions of paper records to provide "back ups" of original documents in the event the originals are inadvertently lost, altered, or destroyed.