New rules requiring that federal records be kept secure and readily available could mean more compliance business for data storage vendors.
Iron Mountain (NYSE: IRM) this week said it has opened four centers just to store federal documents under the new regulations from the National Archives and Records Administration (NARA).
The regulations, in 36 Code of Federal Regulations (CFR) 1228, subpart K, also apply to contractors. The rules take effect Oct. 1.
Jeff Johnson, senior vice president of government services for Iron Mountain, said the company studied the new rules thoroughly, then found locations that met the requirements and built facilities that complied with the regulations.
The company can help customers meet the new compliance regs for much less than they could do on their own, he said.
“It doesn’t make sense to do this on your own,” Johnson said. “It’s a classic outsourcing situation.”
Iron Mountain, which counts more than 1,500 federal government agencies and contractors as customers, is now accepting records at its four CFR-compliant Federal Record Centers in Redlands, Calif.; Kansas City, Mo.; Elgin, Ill.; and Fredericksburg, Va. The company has designed each facility to store more than one million cubic feet of federal hardcopy information and to provide quick access to it through onsite imaging capabilities.
Medicare and Medicaid claims administration agency Noridian Administrative Services, which is working with the Centers for Medicare/Medicaid Services (CMS) on reform and reconciliation efforts, turned to the new Iron Mountain facilities to store its federal records.
“After reviewing the regulations and determining what it would cost us to become compliant on our own, we realized we had to find a partner who could make compliance easier and more cost effective,” Ken Roseth, Noridian’s assistant vice president of facilities, said in a statement.
The Iron Mountain facilities were located and built to meet criteria such as flood plain location, fire protection, disaster recovery and environmental controls such as air quality.
Iron Mountain will open a fifth center next month in Columbia, Md., a CFR-compliant data protection facility for storing computer backup tapes, and the company plans additional federal records facilities for storing both hardcopy and digital data.
HIPAA Data Breach Rules Take Effect
Also this week, new rules took effect requiring disclosure of data breaches of protected health information under HIPAA — but the rules contain exceptions for encryption and destruction technologies and breaches that aren’t considered personally or financially harmful.
The harm exception in particular has come under criticism for weakening the rules, which won’t be enforced until February.
The rules were mandated under the healthcare stimulus bill (HITECH) passed earlier this year.
Follow Enterprise Storage Forum on Twitter