Document Retention

Confused about when to store and when to dispose of documents? You’re not alone. New federal laws require business and professionals to store and destroy key business records. Access can help you establish document retention and destruction policies to ensure that you comply with all federal document management requirements.

FACTA
Effective June 2005, this law requires businesses that collect customer information to ensure that the information is protected from “unauthorized access or use.” In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed by shredding, burning or pulverizing. The federal government’s website states, “although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the Federal Trade Commission encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.”

Health Insurance Portability and Accountability Act
This 1996 law and the accompanying 2002 regulation, known as the Privacy Rule, restrict how health care providers may handle and disclose patient health information. In general, health care entities must ensure that only approved personnel handle protected health information, and then only for purposes specified in the law and regulation. Access can help your business comply with these requirements by:

  • storing protected health information in a secure commercial records center
  • storing electronic files on our secure servers
  • signing a business associate agreement with your medical practice to limit your liability for stored health information
  • destroying inactive medical records in accord with state medical society guidance and in compliance with HIPAA regulations
  • Converting paper medical files to encrypted electronic files to:
    1. Save office space
    2. Provide easy access to records
    3. Limit access only to individuals you provide with designated passwords and encryption software

 Gramm Leach Bliley
This 1999 law requires financial institutions and businesses that receive personal information in the course of conducting their business to establish safeguards for the handling and disclosure of that information. Access can help your business comply with this law by:

  • storing sensitive, hard-copy information in our secure commercial records center
  • storing sensitive electronic documents on our secure servers
  • limiting access to sensitive information only to individuals you approve in advance
  • shredding and recycling discarded documents, including sensitive paper documents and electronic media to prevent identity theft

Sarbanes Oxley
This 2002 legislation creates new requirements for businesses and accountants to maintain corporate audit records or review working papers for five years beyond the year in which an audit is concluded. The new law also creates penalties for destroying or altering documents that are relevant to contemplated or ongoing investigations or official actions. Access can help businesses and accounting firms, and their clients, comply with the law by:

  • Establishing a retention and destruction schedule for audit documents that complies with federal law
  • Storing audit records off-site to limit the potential for tampering or inappropriate destruction
  • Creating electronic versions of paper records to provide “backups” of original documents in the event the originals are inadvertently lost, altered or destroyed.