Governing Laws & Regulations

Federal and state laws require organizations to comply with mandatory regulations requiring that protect confidential and personal information with in a company.

Current federal laws that require businesses to protect the privacy of their clients:

Health Insurance Portability & Accountability Act (HIPAA/HITECH)
HIPAA with enhanced HITECH restricts how health care providers handle and disclose PHI (Personal Health Information.) PHI is defined as information pertaining to an individual’s identity. Including but not limited to a patient’s name, address, phone number, e-mail, photos, charts, test, records, etc. This Privacy Rule applies to all major health care industries, such as hospitals, clinics, doctor’s offices/private practices and insurance companies.

Fair and Accurate Credit Transactions Act (FACTA)
The Fair and Accurate Credit Transaction Act (or commonly known as FACTA), is in place to protect consumers with the risk involved with identity theft. All business that collect customer information that includes the name, address, phone number, social security number, credit reports and scores has to appropriately destroy this protected information by shredding, burning or pulverizing.

The Gramm-Leach-Bliley Act
The GLBA as it is known, requires written information that is a non-public status (which is private information) pertaining to consumers financial files, records, paper copies, or written words to be destroyed by means of shredding. Financial institution is defined as "any institution which is engaging in financial activities" this also includes car dealerships, medical billing, credit card processers, collection agencies, title companies and payday lenders.

The Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act was created in response to corporate and security fraud violations that were occurring within large companies. The rule is clearly defined as, "the destruction, alteration, or falsification of records in Federal investigation and bankruptcy." The destruction of corporate financials and audit reports is illegal and could result in substantial fines as well as imprisonment. A destruction policy that is created within the company would protect against charges of illegal destruction to avoid liability.

With all of the rules and regulations that govern the largest to the smallest businesses in the country, Citadel Information Management can implement a policy to protect and comply with all of the federal and state laws pertaining to your specific industry. If you would like more information or to meet with one of Citadel’s trained Sales Executives, please email