Document Management and Regulatory Compliance
(CFR 11, FERPA, GBLA, HIPAA, The Sarbanes-Oxley Act, SEC Legislation, the USA Patriot Act, and more…)When it comes to compliance initiatives, electronic document management software is an imperative. Whether you are trying to implement practices to help ensure continued corporate compliance, improve electronic audits, or are merely looking for tools to help facilitate an initial round of compliance measures, it is difficult to meet compliance requirements without a transition to paperless processes.
Pre-packaged compliance software solutions are available for virtually any industry, but it is uncertain whether they have the ability to completely address specific compliance needs or enhance critical business processes. At the heart of compliance is the ability to access and control your information. Some software packages claim to impart compliance, but ultimately neglect key provisions of the regulations. Although it is tempting to look for a pre-packaged solution, keep in mind that software compliance solutions are worthless without a well-constructed compliance plan. After you have implemented, tested, and verified the validity of your plan’s control measures, your software should have the ability to automate those measures, producing thorough data protection, security, documentation, and document audit trails.
OIT doesn’t offer pre-packaged, one-size-fits-all, cookie cutter solutions. Instead, we offer our customers more than two decades of experience in the electronic document and content management industry. We work with you to properly configure the DocFinity® suite not only to address the provisions put forth by law, but also to assist you in streamlining your procedures—ultimately reducing your operational costs and improving employee productivity. Electronic file audit trails and other monitoring tools help organizations improve compliance initiatives and reduce compliance costs.
Recent Major Legislation
The Food and Drug Administration’s (FDA) Code of Federal Regulations (CFR) Article 21, Part 11 requires all FDA-regulated organizations—including pharmaceutical, medical equipment manufacturing, healthcare, and food services companies—to preserve and secure information by establishing audit trails. The DocFinity suite assists FDA-regulated organizations in gaining CFR 11 compliance with features and functionality built into the software. Users are able to establish audit trails and retention schedules, and at the same time maintain documents in a centralized repository for easy access and retrieval.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act is federal legislation that protects the privacy of student education records. The law is pertinent to all schools that receive funding under the applicable program of the U.S. Department of Education. The law awards parents certain rights regarding their children’s educational records, which transfer to the child at the age of 18 or when the student participates in additional schooling at a higher level. In addition to providing access to the student records, FERPA grants parents and eligible students the right to request corrections of a record if they can substantiate that it is not accurate or is misleading. Parents and eligible students can also add a statement to a record if a formal hearing is granted, but amendments are refused.
In general, schools musts receive written permission from a student or parent in order to release student records, but FERPA allows schools to disclose the information to certain parties without student or parent permission. Recipients to whom the information could be sent without the aforementioned permission include schools to which a student is transferring, organizations requiring information connected with financial aid, officials involved in health and safety emergencies, state and local authorities involved with juvenile justice, and other entities mentioned in the legislation. DocFinity helps with efforts that address compliance with FERPA regulations by providing school administrators with the ability to track requests for—and releases of—student records. DocFinity also offers built-in security regarding who can access which information, enabling schools to demonstrate their compliance with the legislation.
The Gramm Leach Bliley Act of 1999, a form of federal financial privacy legislation, substantially modernized regulation of financial services. GLBA allows eligible bank holding companies and foreign banks to become financial holding companies (FHCs) and expand their array of financial-related activities, and introduces some functional regulation of these FHCs.
To comply with Gramm Leach Bliley regulations, financial institutions are required to provide clear and regular notice to customers of the institution’s policies as they relate to the collection and disclosure of non-public personal information to other parties. Gramm-Leach-Bliley compliance involves the creation, implementation, and maintenance of safety measures that ensure the safety of customer information. Companies were required to be compliant starting in 2001. DocFinity assists organizations in maintaining records and providing thorough document audit trails to demonstrate compliance with these regulations.
Health Information Portability Accounting Act (HIPAA)
The primary focus of HIPAA, which went into effect in the first quarter of 2003, is the protection of patient privacy. The law encompasses any document that contains a patient’s identifiable information, including e-mail, electronic, fax, paper, oral, voicemail, and phone conversations. Compliance with HIPAA regulations involves the ability to standardize data exchange, protect patient confidentiality, and secure administrative, health, and financial information by enforcing security procedures.
The DocFinity suite can assist organizations with HIPAA compliance by providing a means to implement internal controls to manage the flow of information, establish security precautions that limit access to patient information, and archive patient records for future retrieval. DocFinity also enables organizations to streamline the healthcare claims process. By reducing paperwork, DocFinity amplifies efficiencies and reduces costs. In turn, it improves services to providers, insurers, and patients by increasing the accessibility of information.
SOX was signed into law on July 30, 2002 in response to recent accounting scandals in corporate America. The primary focus of the act is to assure accuracy and accountability of financial accounting and records retention of publicly traded companies in the United States. SOX compliance requires organizations to validate the accuracy and integrity of financial management and to establish procedures for reporting obligations. Under the act, organizations are required to implement and document internal controls to carry out these procedures. Once applied, these controls must be evaluated and satisfy audit tests to ensure operating effectiveness.
DocFinity helps organizations comply with Sarbanes Oxley regulations in a variety of ways. The software enables retention and deletion scheduling to be built-in based on a customer’s needs, and workflow processes enable administrators to sign off on materials that are to be purged. DocFinity creates audit trails that enable auditors (and managers who are given the appropriate rights) to view the processes and their individual steps in detail.
By leveraging the DocFinity suite, organizations can facilitate Sarbanes-Oxley compliance with a four-fold approach. They can establish audit trails to monitor access to financial documents; apply security precautions to limit user rights related to document alteration; institute retention schedules; and archive final-forms of documents.
Securities and Exchange Commission Rules and Regulations
The DocFinity suite also assists organizations in their efforts toward compliance with SEC regulations. In accordance with the provisions of SEC legislation compliance, DocFinity can be configured to establish a centralized, tamper-proof repository to ensure the accuracy and quality of archived information. It also allows you to electronically create a backup copy of documents in the event of a business catastrophe.
In response to recent world events, the USA Patriot Act requires financial institutions to verify new accountholder identification. They must also maintain records of information used for verifying accounts and cross-referencing identities against Federal terrorism lists. The DocFinity suite provides these organizations with a centralized repository to store records related to customer verification. This allows financial institutions to electronically maintain all customer records, including names, addresses, dates of birth, and ID numbers—such as a tax ID numbers, Social Security numbers, or passport numbers.
Products that aid in compliance
The following products in the DocFinity suite assist organizations in complying with these and other regulations:
DocFinity Core – The foundation of the DocFinity suite, the Core allows the storage, accessibility, and security of data, as well as detailed audit trails.
Email Manager – This module provides archiving and retrieval capabilities to automatically index email messages based on subject, data, name and other fields.
HSM – This records management module is capable of setting default retention schedules, backup of information, audit trails, data migration, destruction schedules, etc..
IntraVIEWER® – IntraVIEWER is a Web client that allows users to access information stored within the DocFinity system via any standard Web browser.
Workflow – This module enables authorized users to automate compliance procedures and to oversee the processing of destruction, retention, and renewal of documents such as contracts. The system can be configured to trigger a workflow that requires managerial signatures, and can subsequently inform the system to destroy and/or move the information as instructed. The Workflow component offers organizations the ability to streamline and automate business processes to increase control over the flow of documents. Workflow can even create electronic audit trails, helping organizations comply with industry regulations.
These are just a few ways in which the DocFinity suite can assist you in becoming compliant with a sampling of recent regulations. For additional information regarding ways in which DocFinity assists with compliance, please contact us.
