Records Management is all about the organization and governance of business information. But a corporate records management policy also needs to be adaptable enough to keep up with legal and regulatory standards. Keeping up with changing laws can be a challenge for any business. We live in a time inwhich rapid technological advances are changing the way information is stored and accessed. As a result, many regulations have been modified or revised to address privacy protection standards.
The Gramm-Leach-Bliley Act (GLB)
Enacted in 1999, GLB contains a Safeguards Rule that requires financial institutions to develop a written information security plan outlining processes for protecting clients’ personal information. The plan must include:
- designation of at least one employee to manage safeguards
- risk analysis plans for each department handling personal information
- develop, test and monitor an information security program
- change safeguards as needed
As a result, your business should have written documentation concerning the storage and disposal of records as well as how information is controlled and accessed.
The Health Insurance Portability and Accountability Act (HIPAA)
The healthcare privacy law has been in effect since 1996, but recent changes may affect your business. The Omnibus Rule which took effect on March 26, 2013 changes the definition of a “business associate.” Business associates of covered healthcare entities may now include the following:
- an entity that offers a personal health record on behalf of a covered entity
- any subcontractor that accesses personal health information (PHI) of a covered entity
- an individual who creates, receives, maintains or transmits PHI on behalf of a covered entity
If your business provides services to a healthcare entity, you will be held liable for any breach of PHI while the records in question are in your possession.
The Fair and Accurate Credit Transaction Act (FACTA)
While FACTA passed in 2003 to require financial institutions to protect personally identifiable information (PII), the Disposal Rule passed in 2005 may have a direct impact on how you dispose of your records. This provision calls for the proper disposal of information to protect against “unauthorized access to or use of the information.”Thus, when collecting employee or client data, it is critical to dispose of that information in a timely and appropriate manner. Unfortunately, the disposal practices of many businesses fall short. For example, documents or files are often kept well beyond retention timeframes, or they are disposed of in a negligent manner.
Next steps for meeting regulatory compliance
Understanding how these regulations impact your business can help you implement improved processes for storing, accessing and disposing of hardcopy and electronic information. An outsourced records and information management solution allows for a combination of the following regulatory compliant services under a single solution provider:
- Offsite Records Storage
- Certified Document Destruction
- Document Scanning
- Data Protection
Pacific Records Management provides document imaging solutions for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa & Solano Counties. For more information, please contact us by phone or fill in the form on this page.