Document and File Storage Laws: Ensuring You Stay Compliant

Posted by Bob Loblaw on Tue, Sep 24, 2019

Securely storing your important information doesn’t just make business sense —for most records it’s the law. Ranging from financial to healthcare and a range of other industries in between, it’s important to be sure you’re taking steps to stay compliant with laws like HIPAA and GLBA.

In this post learn more about general storage necessities, retention periods for various types of records, where compliance laws such as HIPAA and GLBA apply, tips for compliance, and different legal penalties for failing to comply.

Paper Filing By Hand Records and File Security Tips


Playing by the Rules and Regulations

While safeguarding stored information makes business sense, there are also multiple laws that require it. From healthcare providers to financial institutions and other companies that deal in financial products and services, it’s essential to account for laws like HIPAA and GLBA during records storage.

Storage Compliancy Requirements

Storage Compliancy Requirements

As a general rule of thumb there are several must-haves for ensuring compliancy during storage. Be sure to store with fire-suppressant systems and to keep records secure when unattended.

At offsite records storage facilities, there typically are climate-controlled storage areas as well as 24/7 video monitoring and guarded premises.

Retaining Records

For most important information there are state and federal laws that outline how long records need to be retained. While requirements vary state by state, common records to retain include:

    • Medical Records and protected health information (PHI)
    • Financial Records like auditor’s reports, employee payroll records, financial statements, and general ledgers
    • Business Records like articles of incorporation, contracts and agreements, and legal correspondence
    • Employee and Personnel Records like COBRA records, accident report and injury claims
    • Insurance Records like fire inspections, safety records, and settled insurance claims
    • Real Estate Records like mortgages, contracts, and deeds
    • Patents, Copyrights, and Trademarks

HIPAA Compliance for Healthcare

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was passed and signed in 1996. HIPAA was written to protect and prevent abuse of Protected Health Information (PHI) by requiring providers to use physical and technical safeguards.

Records Affected by HIPAA

HIPAA lays out a specific list of medical records and PHI that need secure storage and destruction. Common medical records include:

    • Patient histories
    • X-rays & diagnostic images
    • Billing & insurance information
    • Medications
    • Demographic data
    • Legal Records

Medical Record Retention

Medical Record / PHI Recommended Retention Time
Diagnostic Images – Adults 5 years
Diagnostic Images – Minors 5 years after age of majority
Disease Index 10 years
Fetal Heart Monitor Records 10 years after age of majority
Master Patient / Person Index Permanently
Operative Index 10 years
Patient Health / Medical Records – Adults 10 years after most recent use
Patient Health / Medical Records – Minors Age of majority plus statute of limitations
Physician Index 10 years
Register of Births Permanently
Register of Deaths Permanently
Register of Surgical Procedures Permanently


HIPAA Noncompliance Fines

Violation Type Minimum Penalty Maximum Penalty

$100 per violation – annual cap of $25,000 for repeats

$50,000 per violation – annual cap $1.5 million for repeats
Due to reasonable
$1,000 per violation – annual cap of $100,000 for repeats $50,000 per violation – annual cap $1.5 million for repeats
Willful Neglect – corrected $10,000 per violation – annual cap of $250,000 for repeats $50,000 per violation – annual cap $1.5 million for repeats
Willful Neglect – uncorrected $50,000 per violation – annual cap of $1,000,000 for repeats $50,000 per violation – annual cap $1.5 million for repeats

GLBA Compliance

The Gramm-Leach-Bliley Act (GLBA) applies to financial institutions and requires them to take measures to protect consumer’ PII.

Storage Compliancy Tips

Click to Watch DemoBe sure to always know where sensitive information is and store it securely:

    • Ensure records are stored in areas with environmental protections in case of fire or flood
    • Keep cabinets or storage areas locked when unattended
    • Store computers with sensitive information in a secure area and use strong passwords for access
    • Avoid storing sensitive information on computers and devices with an internet connection
    • Maintain regular backups and store archived records at secure offsite facilities or separate servers
    • Keep a careful inventory of your company’s sensitive records and the equipment where they’re stored

Disposal Compliancy Tips

Besides storage, secure disposal of records is also mandated by GLBA:

    • Consider hiring an offsite storage facility to manage retention times and shred the stored records in-house once they’re ready for disposal.
    • Use cross-cut shredding so records can’t be reconstructed. When hiring destruction services, ensure that you receive a certificate of destruction for proof of compliance.
    • Destroy and shred hard drives, disks, CDs, magnetic tapes, and any other electronic media. Be wary of software to recover formatted drives as well as the cost of degaussing versus destruction.

GLBA Noncompliance

Failing to comply with GLBA can bring severe criminal and civil penalties including up to 5 years in prison. To prevent theft and ensure GLBA compliance, offsite records storage facilities typically will have on-premise security personnel and use 24/7 video monitoring.


Are You in Compliance?

We’ve helped a range of companies to find both secure and compliant storage solutions for their needs. For help finding your ideal storage option, give us a call at (716) 852-2203 or (800) 859-2203 or fill out the form here to speak to a specialist.


Click to Find Out More

Work Smarter with Files & Documents    Request a Personal Demo 


How do your and your Business manage your documents and records? How do you stay compliant? We love hearing about different strategies and techniques that works for others.


Topics: Document Management Solutions, Document Management Software, Paperless Office, Paperless Filing, Document Scanning Solutions, Business Tips and Solutions