Understanding Your Customers’ Unique Regulatory Realities
When it comes to imaging hardware, most devices can work interchangeably between many small and large businesses, and across any field you can think of. Without a doubt, there are nuances from situation to situation that makes one device a better fit than another, but basic printing, scanning, copying and even faxing are universal needs no matter what line of business you are in. The software galaxy, on the other hand, sings a different tune. Different platforms are tailored to meet the unique needs and business processes of customers across different industries.
For hardware dealers entering the software space, being a partner and understanding customer pain points is more critical than ever. Dealers and VARs can offer cost-effective, streamlined solutions to help their customers succeed – but a lot of that success means having a solid understanding of the needs of different verticals.
Some of the different needs are the result of the rules lawmakers use to create the framework for your customers’ industries. These rules and laws define how businesses must conduct themselves within a given industry, ranging from “employees must wash their hands before returning to work” to “you can’t sell stock based on confidential information.” Traditional compliance solutions often come with more labor costs — such as compliance officers — and slowed-down business processes due to the need for regulatory compliance.
Regulatory pain points usually fall into two buckets: data security and information storage and retention requirements. With information management solutions, businesses can soothe these pain points with a single platform. Many enterprise content management (ECM) systems provide the data security and information storage and retention features that can keep many businesses compliant with the law.
Security requirements vary from industry to industry, but in general, they aim to protect consumer information from nefarious or nosy agents. Information management systems usually employ strong encryption for transmitted and stored documents, and protect private data from unauthorized internal and external users. ?Let’s take a closer look at some of the regulations your customers may deal with and how solutions can ease the pain.
GLBA
Who does it affect the most?
Banks, insurance, financial
The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, requires institutions that offer consumers financial products or services like loans, financial or investment advice or insurance, to explain their information-sharing practices to their customers and to safeguard sensitive data. The Safeguards Rule mandates that financial institutions under the FTC’s jurisdiction have measures in place to secure customer information.
To stay compliant, the FTC offers recommendations for affected institutions such as “giv[ing] employees who respond to customer inquiries access to customer files, but only to the extent they need it to do their jobs” and to “using appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information.” Other suggestions include using certain encryption standards for transmitting credit card information, or to dispose of customer information in a secure way.
Many modern business applications offer the security features and control mechanisms that can satisfy these recommendations. For instance, user management features, coupled with authentication tools and auditing functionality, can help businesses monitor and secure all data. Administrators can restrict access by a user or a group through setting permissions in a system, such as what files they can access or what functions they can use. Meanwhile, authentication and auditing controls enable businesses to keep a comprehensive log of which users did what.
Document lifecycle management engines are also becoming increasingly common. This allows administrators to create and apply schedules to automate document destruction policies based on the document type. Schedules can destroy documents after a certain point in the process automatically to avoid penalties resulting from human error.
HIPAA
Who does it affect the most?
Healthcare, education, insurance.
In 1996, Bill Clinton signed the Health Insurance Portability and Accountability Act, more popularly known as HIPAA, setting new security and data privacy standards for those receiving medical care. The law’s components detail health insurance reform measures, protect individuals from losing coverage, and explain tax rules. But from an IT perspective, Title II — namely the Privacy Rule and the Security Rule — is the most important section. That portion spells out national standards for processing electronic healthcare transactions and providing secure access to electronic health data.
The Privacy Rule mandates that healthcare providers and insurance companies take the proper safeguards to protect “individually identifiable health information” and sets limits and conditions for uses and disclosures of patient information without their consent.?Organizations must protect individually identifiable information, whether it be on paper, in digital form, or even in conversation. As with the GLBA, HIPAA user management controls can protect digital information from unauthorized access. Many solutions enable administrators to program the system to identify and redact certain text strings, such as a Social Security number, to further protect a patient’s individually identifiable health information.
To reduce security risks for printed patient records, information management systems can employ secure pull printing functionality. When a user goes to print a document, they must authenticate and release the job at the printer’s control panel. This lowers the probability of sensitive information falling into the wrong hands by reducing the amount of jobs forgotten in the output tray.
The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information. A secure repository, at the core of any good information management solution, will help meet these requirements. Many offer strong encryption for stored and transmitted records, and integrate with compliant e-signature and fax solutions for sharing information quickly and securely.
Noncompliance can be quite costly. Offenders can be charged up to $1.5 million per infraction, and could be liable for compensation in lawsuits, subject to loss of professional licenses, or even prison.
SOX
Who does it affect the most?
Accounting, finance, banking
In response to a number of corporate and accounting scandals including Tyco, WorldCom and especially Enron, the Sarbanes-Oxley Act (SOX), was signed in 2002 to prevent fraud and protect investors. The law defines standards for mandatory financial statutory reports; requires annual reports assessing the scope and adequacy of the internal control structures and procedures for financial reporting; requires alerting the public with information on any changes to financial condition or operations; and imposes fines for destroying, concealing or falsifying documents, records, or tangible objects to obstruct a legal investigation.
In other words, SOX wants accountants to keep track of and retain a trail for everything they do in a transparent fashion while also assessing the quality of their own compliance policies. An ECM solution that manages both structured and unstructured content through a full lifecycle, from creation through archiving allows for this in-depth type of accountability.
FERPA
Who does it affect the most?
Education
The Family Educational Rights and Privacy Act, or FERPA, lays out rules to protect the privacy of a student’s education records. The law applies to all schools that receive funds from most programs under the U.S. Department of Education. The law states that schools must provide parents or eligible students with an opportunity to inspect and review the student’s records within 45 days following the request and protect a student’s personally identifiable information.
Here, easily being able to search and retrieve records that can be printed on the spot makes handling requests quick and easy, especially in large districts where a multitude of requests are made each day. And since many information management solutions can be integrated through connectors or APIs, schools can hook their disparate systems into one platform for easy access to all regulated information.
SEC Rule 17a-4
Who does it affect the most?
Finance, accounting, banking, insurance
SEC Rule 17a-4 sets the standard for data retention and indexing of financial information for businesses that deal in the trade or brokering of financial securities. The law states that businesses “shall preserve for a period of not less than six years, the first two years in an easily accessible place” specific financial data. Data must be preserved on indelible media, and in most cases needs to be easily accessible.
Almost every modern information management system will have some form of automated indexing. Administrators can configure automated indexing settings to conform with SEC Rule 17a-4’s indexing standards. Documents are stored in a secure, central repository where remote branches can easily access them.
Just as document lifecycle management engines can be used to configure self-destruction commands into documents, schedules can be configured to retain documents. This is useful for ensuring that no document slips through the cracks. Many systems log all versions of a document, and auditing features allow administrators to track the entire life of a document.
Regulations aren’t all about privacy and security. Some dictate how businesses must conduct themselves. Traditionally, this was a costly problem. Without automation, regulations were expensive bottleneck factories demanding more human resources and gumming up processes. But recent advances in business process automation technology have all but eliminated the risk of violating some laws.
RESPA
Who does it affect the most?
Real estate
The Real Estate Settlement Procedures Act of 1974 (which has been amended significantly in the years since) protects homeowners from shady real estate practices while also eliminating kickbacks and finder fees, which drive the cost of settlement services up. The law requires real estate agencies to provide homeowners with pertinent and timely disclosures regarding the nature and costs of a real estate settlement process.
A cost-effective measure real estate agents can turn to is a rules-based workflow with regulatory processes built in; one that can handle approvals and exceptions, and ensure the necessary information is sent to customers. Workflows can also be constructed to halt processes and alert the proper personnel should necessary documents be missing.
Compliance can be expensive and drag your customer’s business processes to a halt. But it doesn’t have to be that way. With the right information management system, dealers can help all of their customers across any industry comply with the law.
This article originally appeared in the March 2017 issue of Workflow.
is BPO Media and Research’s editorial director. As a writer and editor, she has specialized in the office technology industry for more than 20 years, focusing on areas including print and imaging hardware and supplies, workflow automation, software, digital transformation, document management and cybersecurity.
