Regulatory impact is the topic for this second post in our “compliance – why and how” series with specific emphasis on HIPAA Compliance. That is with the exception of this post!
This post includes two other descriptions of specific compliance legislation and industry mandates (Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act) that affect the way all companies do business in the United States.
We begin with SOX.
In 2002, Paul Sarbanes, a Democratic Senator from Maryland, and Michael Garver Oxley, a Republican Congressman from Ohio, serving in the House of Representatives, each introduced bills in their respective bodies that would result in legislation that would later bear their name. The Sarbanes-Oxley Act of 2002 passed both houses by overwhelming margins; 423 to 3 in the House and 99 to 0 in the Senate. On July 30, 2002, President George W. Bush signed it into law.
SOX was established to drive corporate governance and financial reporting practices to new heights. The system of checks and balances and public financial disclosure were seen as a stepping-stone toward renewed investor confidence.
A key component of SOX is that officers of a corporation must attest to and sign off on the veracity of financial reports and efficacy of key financial controls. Up to an including imprisonment for fraudulent activity, the penalties for falsifying financial statements can be very harsh. As a result, a corporation’s board of directors and executive management team has a great deal of responsibility to authenticate and certify financial statements on an ongoing basis.
The heart of the Sarbanes-Oxley act (Section 404) focuses on the establishment and certification of key internal controls as they relate to accounting practices such as Accounts Receivable and Accounts Payable. The audit process actually involves two different teams: one for the first initial audit to check Readiness for the SOX audit, and the second external audit partner that actually carries out the audit. The result of the audit is a full testing, evaluation and documentation of internal controls with an eye towards full disclosure. Certification and documentation of gaps in internal controls are published in a company’s public financial statements (e.g. SEC filings).
Next is the GLB Act
The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 and commonly pronounced ″glibba″ was enacted in 1999. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company.
The Act consists of three sections:
Financial Privacy Rule – regulates the collection and disclosure of private financial information.
Safeguards Rule – stipulates that financial institutions must implement security programs to protect such information.
Pre-Texting provisions – prohibits the practice of Pre-Texting (accessing private information using false pretenses).
The Act also requires financial institutions to give customers written privacy notices that explain their information sharing practices.
And finally . . .
Health Information Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was known as the Kennedy-Kassebaum Act after two of its leading sponsors.
Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
As we stated in our last post, complying with all aspects of HIPAA will require providers and virtually all entities within the healthcare industry (including clinical research) to make significant changes to their information systems, operations policies and procedures, and business practices.
DTS InfoTech Can Help
Many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.
For more information: www.dtsinfotech.com/hipaa-compliance-for-small-health-care-practices-2/
Dedicated to your success,
General Manager and Compliance Officer
dts|infotech . . . computer networks that work