Protecting Consumer Privacy & Avoiding Liability

Consumer Privacy DocumentsUnnecessary Risky Business

The protection of consumer privacy has become an important compliance issue for businesses and professions to recognize. Often, people in charge of documents do not realize how extensive these requirements can be. For example, only a few business owners may understand that OSHA requires that medical records forwarded to a construction company after a worker is hurt on the job are considered to be private documents subject to a shredding policy. There are many rules, regulations and laws that define the methods of handling, storage and destruction of private records pertaining to consumer health and finances; not just OSHA. The list extends to the legal profession, courts and even computer based records. A destruction schedule should be developed for all of the documents that you will need to discard. They should be shredded and recycled so that no one will ever have access to them.

HIPAA Consumer Privacy & Employee Training

HIPAA, The Health Insurance Portability and Accountability Act of 1996, (45 CFR Part 160 and Part 164, Subparts A and E. and FACTA ( as well as other pertinent laws require creating a document destruction schedule. Your staff needs to be trained around the sensitivity of documents in protecting consumer privacy. Very often, employees do not understand the nature of the documents they handle and the information they process daily. When employees are properly trained, then they become the first line of defense. For example, they should be familiar with the Patient Safety and Quality Improvement Act of 2005 (PSQIA), known as the Patient Safety Rule, which is a relatively new rule.

Administrative Policies & Regulations

Many medical offices may have compliance issues that they need help understanding. HIPAA Regulation 45 CFR164.530 ( c ) states ” HIPAA Privacy Rule requires that covered entities develop and apply policies and procedures for appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.”

The “Safeguards Rule” of the Gramm-Leach-Bliley Act P.L. 106-1023 ( 6 C.F.R. Part 314 ) requires all financial institutions to create, institute and support safeguards to protect customer information.

To limit your business’ liability when it comes to protecting consumer privacy should be a high priority. As experts in sensitive document destruction, we can help you figure out how to decipher these complex laws when it comes to shredding patient or client files.