Achieving Compliance should be a fundamental objective records management program. Records retention requirements must be taken into account when setting records disposal schedules. Among the most important Federal requirements are those established by the following records retention legislation: The Health Insurance Portability and Accountability Act of 1996 (HIPAA)—Pertains to personal health information (PHI), for information visit
www.hhs.gov/ocr/privacy.
Sarbanes-Oxley Act of 2002 (SARBOX or SOX)—Pertains to corporate responsibility, for information visit
www.sec.gov/about/laws.shtml.