Federal regulations such as HIPAA, Gramm Leach Bliley, Sarbanes-Oxley and FACTA mandate the protection and limited access to confidential files and documents. What better way to limit the access to your secure papers than to remove the confidential documents and replace them with electronic files? Just like record storage and paper shredding, this is now part of a professional record management solution.
Scanned documents can enhance the security of your confidential records by restricting the accessibility of the private, confidential files to those who are authorized to have access to the date.
The Summary of the HIPAA Privacy Rule from the Department of Human Services, specifically requires "securing records under lock and key...and limiting access...."
The Disposal Rule of FACTA, requires entities covered by the rule to take "reasonable measures" to protect against unauthorized access to or use of the information.
DocumentBusters will ensure that your organization is in compliance with all government rules and regulations.
Privacy of Personal Information and the Law
Various laws have been enacted to protect the privacy of personal information. The increase in Identity Theft crime has caused the enactment of many of these laws. Various states have also enacted laws, starting with the states of California, Wisconsin and Georgia. The most famous of the laws is HIPAA, enacted to protect the privacy of patient information. What better way to restrict the access to private confidential information than to remove the paper records which any one can access and replace them with electronic records whose access can be restricted by various password protocols?
HIPAA
Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996 and includes provisions intended to safeguard the privacy of patient health records. HIPAA is a significant piece of legislation with onerous penalties. For a full text of the SUMMARY OF THE HIPAA PRIVACY RULE from the Department of Human Services, available online go to: http://www.hhs.gov/ocr/privacysummary.rtf. See page 16 of this document in regards to specifically "securing records under lock and key.…and limiting access….."
Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. For example, such safeguards might include shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes.
Gramm Leach Bliley (GLB) is another federal law with a much broader scope than HIPAA. The broad standards outlined in this law were designed to compel financial institutions to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." Specifically, this law requires protection against "unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer." See page 1, section (b) (3) of Section 501 of the Conference Report and Text of Gramm-Leach-Bliley Bill published by the Senate Banking Committee.
The Fair and Accurate Credit Transactions Act of 2003 also known as the FACT Act was signed into law on December 4, 2003. In general, the Act amends the Fair Credit Reporting Act (``FCRA''). The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims
The Disposal Rule of FACTA, as proposed, requires entities covered by the rule to take "reasonable measures" to protect against unauthorized access to or use of information.
