Staying Legal and Data Destruction

STS Electronic Recycling - An Inc. 5000 Company

Staying Legal and Data Destruction

The Health Information Technology for Economic and Clinical Health (HITECH) provides Health and Human Services with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange. HITECH is an extension of certain HIPAA requirements. Not adhering to HITECH Act can result in fines and penalties that are based on a tiered-penalty structure. An organization’s level of knowledge of the violation reflects the potential penalties and fines. Penalties and fines consist of: if entity did not know of violation, penalties of $100-$50,000 per violation; due to reasonable cause and not willful neglect, penalties of $1,000 – $50,000 per violation; willful neglect and failure is corrected within 30 days, penalties of $10,000 – $50,000 per violation; willful neglect and failure is not corrected within 30 days, penalties of at least $50,000 per violation.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires health care organizations to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information”.

HIPAA Privacy Ruleprovides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

The Fair and Accurate Credit Transactions Act of 2003 (FACT Act or FACTA) is a federal law and is an amendment to the Fair Credit Reporting Act (FCRA). The act contains provisions to help reduce identity theft, such as the ability for individuals to place alerts on their credit histories if identity theft is suspected, or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult. It requires secure disposal of consumer information.

Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule, a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which calls for the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.”

Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. The Gramm-Leach-Bliley Act (GLB) requires companies defined under the laws as “financial institutions” to ensure the security and confidentiality of information such as: customer names, addresses, phone numbers and social security numbers. This requirement includes companies of all sizes that are “significantly engages” in providing financial products or services.