The regulations and codes that pertain to shredding services and document destruction vary from industry to industry. As a shredding company servicing Georgia, North Carolina, and South Carolina, being aware of these regulations is important as they dictate the best method for disposing of sensitive information.
Healthcare providers and hospitals are governed by the HIPAA laws, which are designed to protect the privacy of patients and the information that is obtained at the doctors’ office. Financial institutions such as banks are governed by the Gramm-Leach-Bailey Act (GLBA), which requires banks to deliver privacy notices and give customers the option to not have their information shared with third parties. Lastly, the Fair and Accurate Credit Transaction Act (FACTA) dictates that businesses deal with the information on consumer receipts and reports so that they cannot be constructed or reread.
The 3 Big Regulations for Document Destruction
The HIPAA Laws
The Health Insurance Portability and Accountability Act, or HIPAA, is a regulation code mandated in 1996 that sets the standard for how the health information of patients is used. It was designed to protect the security and privacy of individuals’ health information. Information protected by the HIPAA “Privacy Rule” includes an individual’s past, present or future physical or mental health condition, as well as any health care that has been provided to the individual or any payment made for those services.
The Privacy Rule of HIPAA places strict rules on how the information of patients can be handled. This means that the document destruction of hospitals and healthcare providers must be dealt with very carefully. It is critical that shredding companies dealing with medical information use the utmost level of care when handling the documents.
The Gramm-Leach-Bliley Act (GLBA)
GLBA compliance is mandatory for financial institutions. The Financial Privacy Rule of the GLBA rules over the collecting and disclosing of the personal and financial information of customers. Institutions are required to provide customers with a privacy notice at the time a consumer relationship is established, letting them know the privacy rights of their information. The customer also has the right to opt out of having their information being shared to the public.
Financial institutions also deal with a lot of sensitive information that needs to be dealt with carefully. It cannot simply be balled up and thrown away in a trash bin. Document destruction services must be carried out carefully and meticulously to ensure that they are compliant with the GLBA and the way it protects the privacy of customer information at these financial institutions.
The Fair and Accurate Credit Transactions Act (FACTA)
This act regulates the way information is handled by businesses after a transaction with a consumer. Identity thieves seek information wherever they can find it, even in a dumpster. The FACTA Disposal Rule dictates that reasonable measures must be taken to ensure the safety of customer information, including to “burn, pulverize, or shred papers containing consumer report information,” and to “destroy or erase electronic files or media containing consumer report information.”
This is why it is so important that the shredding company entrusted with the sensitive information of clients is careful in how the documents and data are dealt with. There can be no corners cut and no shortcuts taken when dealing with sensitive information.