Compliance
Health Insurance Portability and Accountability Act (HIPAA)
The United States federal government enacted HIPAA in 1996. It is a complex, multi-part act designed to achieve, among other things, security and privacy of health information. HIPAA affects the documents healthcare organizations print, copy, fax and e-mail every day. According to the act’s Privacy Rule, healthcare providers, payers and clearinghouses are prohibited from using or disclosing health information, except as authorized by the patient or specifically permitted by the regulation.
Protection for health information starts when information becomes electronic, and stays with the information as long as it is in the hands of the provider ,payer or clearinghouse. Information becomes electronic when it is sent electronically in a specified transaction (i.e. by fax or e-mail), or when it is maintained in any computer system, from a desktop PC at a nurse’s station to a full-scale data center in an insurance company. Paper versions of electronic information (i.e. prints, copies or received faxes) are also protected.
Sarbanes-Oxley Act (SOX)
This is a United States federal law enacted in 2002 following a long list of corporate and accounting scandals. It establishes new standards for all U.S. public company boards, management and public accounting firms. (It does not apply to privately held companies.)
Many parts of the act are document-related. Section 302 requires proper documentation and disclosure of the controls and procedures designed to ensure accurate financial disclosure. And Section 404 requires management and an external auditor to report on the adequacy of the company’s internal control over financial reporting (ICFR)
Gramm-Leach-Bliley Act (GLBA)
Passed in 1999, this law allows commercial and investment banks to consolidate. In terms of compliance, it includes a Financial Privacy Rule that affects the collection and disclosure of customers’ personal financial information. This rule also applies to any company that receives this information. There is also a Safeguards Rule that requires all financial institutions to design, implement and maintain safeguards to protect customer information.
“TGI helps customers achieve and maintain compliance with internal and external regulatory governances through the integration and application of TGI’s award-winning hardware and software technologies.”
This is the promise TGI makes; TGI will help you achieve compliance through the hardware and software solutions. Combine this with TGI’s ability to assess document workflow and business processes and you have a comprehensive hardware, software and service solution. Customers may face harsh penalties for not complying with appropriate regulations. Non-compliance also compromises the organization’s public image. TGI solutions help customers to make significant improvements in cost, productivity, security and sustainability without putting compliance at risk. And in many cases, TGI solutions can be used to help ensure compliance (for example, by providing audit trails of print activity).
The ability of TGI solutions to work within the framework of existing compliance efforts provides a clear venue to utilize our products because solutions that can’t work within the framework will be immediately disregarded.
TGI solutions support compliance several ways:
- Integrated annotations, hand-offs and reviews
- Version control of documents
- Security levels based on “need to know” status
- Tracking multiple remote editors working on one document
- Organized archiving of work product files
- Sharing secure documents on a global basis
- Meeting legal document retention requirements
- Maintaining an audit trail as proof of senior management review
Hardware
Extensive security features protect the integrity of paper and electronic documents — and the sensitive or confidential information they contain — before and after processing, transmission and output
Support for user authentication at walk-up systems (via user codes, passwords or card swipe technology) generates the data necessary to create a detailed audit trail of document transactions and other activities
Support for secure printing technology ensures that confidential documents are only printed when an authorized recipient is standing by to receive the output
Some MFPs feature appropriate hand grips, key colors, simplified display screens and removable scanner tops to comply with the Section 508 Amendment to the Rehabilitation Act of 1973, which is designed to make electronic and information technology accessible to people with disabilities
Walk-up systems incorporate ergonomic design features to comply with OSHA standards
Software: Print Assessment and Cost Recovery
These solutions (such as Print Director and Print & Copy Control) establish complete audit trails for every document, with detailed metrics for more than 30 job characteristics (user, date, time, device, file name, application, number of pages, duplex, b/w, color)
Software: Forms Creation/Variable Data & Host Printing
Automated creation and delivery of direct mail, transactional and transpromotional documents (via Dataworks3) increases security by reducing or eliminating the need for third-party processing and handling of confidential files
Software: Scan, Capture, Imaging & Document Distribution
Documents transmitted and received via distributed scanning solutions are identified and maintained by the server’s log file, which improves control over document access and creates full audit trails of activity
Automated or workflow-driven scanning support programs for document retention, back-up and disaster recovery |
|
|
|
