• docuVision Company Information
  • Background
  • The docuVision Advantage
  • Electronic Document Management News
  • Contact Information
  • Location
• Facts About Electronic Document Management
  • Facts about Electronic Document Management
  • Ask for a Cost / Benefit Analysis
• Document Management Hardware / Software
  • Document Imaging Scanners
    • Kodak Document Scanners
    • Bowe Bell & Howell Document Scanners
    • Fujitsu Document Scanners
    • Canon Document Scanners
    • Panasonic Document Scanners
  • Document Scanning Software
    • Kofax Ascent Capture
    • Kofax Ascent Internet Server
    • EMC Documentum AX Image Capture
  • Document Management Software
    • EMC AppXtender
    • OnBase
    • FileBound
    • Global 360 Keyfile
  • Workflow Software
    • EMC Workflow
    • OnBase Workflow
    • FileBound Workflow
    • Cardiff Liquid Office
    • Global 360 Keyflow
  • Web Forms / E Forms
    • Cardiff Liquid Office E-Forms
  • Forms Recognition Software
    • Kofax Ascent for Payables
    • Kofax Indicius
    • Cardiff Teleform
  • Maintenance Contracts
• Document Management
  and Workflow Services
  • Consulting
  • Training
  • Support
  • Customizing and Integration
• Electronic Document Management Learning
  and Resource Center
  • Document Management Glossary
  • Case Studies
  • White Papers
  • Recorded Events
• Document Management
  and Regulatory Compliance
• How to Get Started

Electronic Document Regulatory Compliance

EXECUTIVE OVERVIEW

Compliance is for ALL companies- regardless of size. Failure to comply – a costly proposition.

We are living in a time when our nation and the world have been shaken by numerous businesses being probed for corporate improprieties such as wrongful accounting methods and records management fraud. It has become an almost current event to pick up the daily newspaper and read of another organization that has been accused of intentionally disposing critical business documents. As a result, government agencies are developing and expanding regulations for how organizations must manage their business content i.e. documents and records.

In today’s world nearly everything produces a record-whether it is a document, an e-mail, instant message or a transaction. Records can prove innocence or lack of intent. In the event of a dispute, solid records management and electronic document management practices offset what could be considerable costs for legal discovery and audits by making relevant business records readily available. The difference could be millions of dollars.

While the challenge of being compliant may require any number of changes in your business practices, acquiring a Document Management system should have a high priority due to the quick payback on dollars invested as well as meeting the compliance requirements.

RETURN ON INVESTMENT

The cost reductions and productivity improvements typically offered by implementing a Document Management system among which are:

• Reduction of Storage space- 20,000 pages can be stored on 1 GB of hard drive space.
• Simultaneous and Remote Access to Documents- Sign on using the WEB 24/7 Look at the same documents your colleagues are seeing.
• Efficiency-Avoid time searching for or filing and re-fileing of documents. Eliminate the clerical costs of these tasks.
• Disaster Recovery-Electronic documents can be backed up and copies made for off-site storage. This cannot be done with paper based records.

The compliance benefits are:

• Lowered cost of producing documents and records when required
• Elimination of ad hoc legal discovery
• Automatic policy based retention by record type

Outlined below are the predominant compliance acts and the industries they affect.

Document Management, Workflow and Electronic Forms Systems are compliance “enablers” they are not of and by themselves a substitute for complete compliance framework, which by definition, would encompass policy, procedure, and the technology solution to support the framework.

HIPAA

Impacting every facet of the medical industry including insurance, healthcare entities, hospitals, doctors, pharmacies and patients is the Health Insurance Portability and Accountability Act (HIPAA).The first target for HIPAA compliance was due on October 16, 2002 and called for all claims to be processed electronically. The government has since granted a one-year extension to this act.

The remaining segments of HIPAA compliance including the use of unique identifiers, security and health information privacy became effective April, 2003. This date has come and gone and, although many health organizations believed they would be given another one-year extension, extra compliance time was not granted.

Perhaps the most significant aspect of HIPAA that heightens a need for Document Management Workflow and Electronic Forms systems is the privacy portion giving a patient the right to know who has had access to their health records and for what purpose. By tracking user interaction with the electronic documents as it occurs, this data can be made easily and inexpensively available when required.

SARBANES OXLEY

Sarbanes-Oxley impacts financial information capture, use and reporting. Additionally, Sarbanes-Oxley amended Title 18 of the U.S. code making the records-based obstruction of justice and tampering provisions applicable to all businesses public and private. The language of the act is pretty clear as it relates to documents. ‘Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document or tangible object with the intent to impede, obstruct or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case shall be fined under this title, imprisoned not more than 20 years or both.”

In the face of such risk, organizations simply must have the tools to manage the documents and records the organization produces. Automating the Accounts Payable process as an example, improves compliance. By centralizing processing of vendor invoices and using electronic approval processes rather moving the paper around, organizations can more accurately state liability in a specific financial period and avoid liability understatement or manipulation of an expense into a future period.

DOD 5015

DoD 5015.2-STD defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products that are acquired by the Department of Defense (DoD) and its Components.

This Standard is issued under the authority of DoD Directive 5015.2, "Department of Defense Records Management Program," April 11, 1997, which provides implementing and procedural guidance on the management of records in the Department of Defense. This Standard sets forth mandatory baseline functional requirements for Records Management Application (RMA) software used by DoD Components in the implementation of their records management programs; defines required system interfaces and search criteria to be supported by the RMAs; and describes the minimum records management requirements that must be met, based on current National Archives and Records Administration (NARA) regulations.

SEC

Compliance for Financial services firms typically starts with their e-mail. The SEC 17a-4 rule [for brokers and dealers] stipulates they must store their specific records, that are account transactions, for a specific period of time. In terms of retention, the regulation stipulates three years, but see a best practice being seven years … and generally what customers are driving for. Also, the rules stipulate the data has to be stored on a medium where it can’t be changed, or modified, or deleted, for the set period. E-Mail archiving that is integrated with the document management system can provide significant benefits.

FDA CFR 21

The Food and Drug Administration (FDA) is the regulatory authority for a wide variety of industries including Pharmaceutical, Food, and Medical devices. The FDA has outlined steps in its initiative to modernize the regulation of manufacturing and product quality. This initiative aims at ensuring that regulatory review, compliance and inspection policies are based on state-of-the-art science, and do not impede rapid adoption of new technological advances by the regulated industries. It also promises to enhance safety and quality in manufacturing while increasing efficiencies. Its achievements reflect valuable advice provided to FDA through many public workshops and meetings, and written comments from experts and interested parties in academics, industry, and other groups.

An excerpt from the vast documentation available from the FDA web site follows:

Guidance for Industry Part 11, Electronic Records; Electronic Signatures -
“The FDA does not intend to object if you decide to archive required records in electronic format to nonelectronic media such as microfilm, microfiche, and paper, or to a standard electronic file format (examples of such formats include, but are not limited to, PDF, XML, or SGML). Persons must still comply with all predicate rule requirements, and the records themselves and any copies of the required records should preserve their content and meaning. As long as predicate rule requirements are fully satisfied and the content and meaning of the records are preserved and archived, you can delete the electronic version of the records. In addition, paper and electronic record and signature components can co-exist (i.e., a hybrid situation) as long as predicate rule requirements are met and the content and meaning of those records are preserved.”

OTHER

The Gramm-Leach-Bliley act addresses safeguarding an individual's information. Specifically, they state that an organization must identify reasonable foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems.

Former President Clinton signed the Government Paperwork Elimination and Reduction Act on October 21, 1998. This act provides organizations dealing with the government the right to submit information or to transact electronically, encouraging the use of the internet and electronic signatures. Compliance is due October 21, 2003 and government agencies are racing the clock to meet the requirement.

The Patriot Act targeted at deterring terrorists defines that banking institutions must verify the identity of their customers and that they must maintain records of the information used to verify the customers identity.

 

HIPAA

Sarbanes Oxley

DOD 5015

SEC

FDA CFR 21

Other

Questions about electronic document complience?

Click here.

©2006 docuVision Inc.  •  11524 Grooms Road   •  Cincinnati, Ohio 45242   •   Phone: 513.794.0111  •   Fax: 513.985.2532

Website Development by  BrainWave Emarketing, Dayton, Ohio.