Record Disposal Requirements Under the Business Administration Act (O.C.G.A. Sections 10-15-1 et seq.)
| Tuesday, July 17, 2007 |
Contact: Bill Cloud
|
The Governor’s Office of Consumer Affairs (OCA) has been notified of several incidences of businesses discarding medical records containing personal patient information without first obscuring or obliterating the confidential information contained therein. OCA therefore wishes to remind those in the medical industry about Georgia’s Business Administration Act (BAA), which regulates the proper disposal of customer records that contain sensitive information about a customer’s medical condition or certain financial data relating to a customer’s account or transaction with a business. According to the BAA, once such records are no longer needed, a business must do one of the following before discarding them:
- Erase the personal information contained in the record;
- Modify the record so that the personal information is unreadable;
- Or take actions that will ensure that no unauthorized person will have access to the personal information contained in the records.
Improper disposal of records containing personal information may result in a fine of $500 per record, up to $10,000.
For more information, contact the Governor’s Office of Consumer Affairs.
