|Confused about when to store and when to dispose of documents? You're not alone. New federal laws require business and professionals to store and destroy key business records. Paper Cuts can help you establish document retention and destruction policies to ensure that you comply with federal document management requirements.
Click here to request a document retention guide for business or health care.
Below we briefly describe several new federal laws and their requirements. Follow the links for more information on these new laws.
|Who is affected?
||Consumer reports and identifying information
||Fair & Accurate Credit Transactions Act (FACTA)
|Health care providers
||Patient medical records
||Health Insurance Portability & Accountability Act (HIPAA)
||Consumer identifying and credit records
||Gramm Leach Bliley (GLB)
|Publicly held businesses and accounting firms
||Accounting audit and working papers
||Sarbanes Oxley (SOX)
Effective June 2005, this law requires businesses that collect customer information to ensure that the information is protected from "unauthorized access or use." In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed by shredding, burning or pulverizing. The federal government's website states that "although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the Federal Trade Commission encourages those who dispose of any records containing a consumer's personal or financial information to take similar protective measures."
Health Insurance Portability and Accountability Act
This 1996 law and the accompanying 2002 regulation known as the Privacy Rule restrict how health care providers may handle and disclose patient health information. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation. Paper Cuts can help your business comply with these requirements by:
- storing protected health information in a secure commercial records center
- storing electronic files on our secure servers
- signing a business associate agreement with your medical practice to limit your liability for stored health information
- destroying inactive medical records in accord with state medical society guidance and in compliance with HIPAA regulations
- Converting paper medical files to encrypted electronic files to:
Gramm Leach Bliley
- Save office space
- Provide easy access to records
- Limit access only to individuals you provide with designated passwords and encryption software
This 1999 law requires financial institutions and businesses that receive personal information in the course of conducting their business to establish safeguards for the handling and disclosure of that information. Paper Cuts can help your business comply with this law by:
- storing sensitive hard copy information in our secure commercial records center
- storing sensitive electronic documents on our secure servers
- limiting access to sensitive information only to individuals you approve in advance
- shredding and recycling discarded documents including sensitive paper documents and electronic media to prevent identity theft
This 2002 legislation creates new requirements for businesses and accountants to maintain corporate audit records or review working papers for 5 years beyond the year in which an audit is concluded. The new law also creates penalties for destroying or altering documents that are relevant to contemplated or ongoing investigations or official actions. Paper Cuts can help businesses and accounting firms and their clients comply with the law by
- Establishing a retention and destruction schedule for audit documents that complies with federal law
- Storing audit records off site to limit the potential for tampering or inappropriate destruction
- Creating electronic versions of paper records to provide "back ups" of original documents in the event the originals are inadvertently lost, altered, or destroyed.