Achieve Compliance          

Who...
 is responsible for your business records?
 

 

 

 

Achieving Compliance should be a fundamental objective records management program. Records retention requirements must be taken into account when setting records disposal schedules. Among the most important Federal requirements are those established by the following records retention legislation:

 
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)—Pertains to personal health information (PHI), for information visit www.hhs.gov/ocr/privacy.

Sarbanes-Oxley Act of 2002 (SARBOX or SOX)—Pertains to corporate responsibility, for information visit www.sec.gov/about/laws.shtml.
 

Gramm/Leach/Bliley Act (GLBA, G/L/B, or G-L-B)—Pertains to personal financial information, for information visit www.ftc.gov/privacy/privacyinitiatives/glbact.html.

The Fair and Accurate Credit Transactions Act (FACTA)—Pertains to consumer credit information, for information visit www.ftc.gov/os/statutes/fcrajump.shtm.

Health Information Technology for Economic and Clinical Health Act (HITECH)—Pertains to the protection of personal health information (PCI), for information visit www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html.

Red Flag Rule—Pertains to the prevention of identity theft, for information visit www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm. A helpful brochure from the Federal Trade Commission is available at http://ftc.gov/bcp/edu/pubs/business/idtheft/bus69.pdf.