We kick off another mini blog series discussing compliance and the laws, regulations, and standards and that correlate with various industries. First we will go over what compliance is.
The definition of compliance, as found in the Macmillan dictionary, is the practice of obeying a law, rule, or request. Compliance is the state of being in accordance with regulations or guidelines. Being compliant means that a business or organization is abiding by industry regulations and government legislation. Companies may also create internal processes and procedures that align with the external guidelines they must follows.
Healthcare and financial services are two industries that are heavily regulated, so organizations may employ chief or corporate compliance officers (CCO). The role of these officers is to ensure their company is complying with external regulations and legislation, and manage any regulatory issues inside the organization.
Here are a few regulations that may affect the company you work for:
HIPAA (Health Insurance Portability and Accountability Act) - This law outlines privacy standards that are intended to protect a patient's medical information, also referred to as PHI (protected health information). PHI is any type of personally identifying information such as name, address, birthday, social security number, medical record numbers, etc. Any company that has access to this type of heathcare data would be affected by this act.
PCI DSS (Payment Card Industry Data Security Standard) - these are a set of requirements designed to protect an individual's credit card information and combat fraud. Any company of any size that handles credit card information would be affected by these regulations.
Sarbanes Oxley Act - this law enacted a rule that requires companies to maintain financial records for seven years. There are also rules surrounding how to retain electronic records. These requirements affect all US public company boards and public accounting firms.
CAN-SPAM Act - this law contains a set of rules for commercial email. Businesses must label commercial as advertising and offer recipients an opt-out request which must honored in 10 business days. Any company that uses electronic mail for advertising are required to comply with this law.
FERPA (Family Educational Rights and Privacy Act) - this law protects the privacy of student education records. Any schools that receives funds under an applicable program of the US Department of Education must abide by this law.
Failure to comply by the laws and regulations set forth could result in fines or jail time.
Concur sums up compliance best:
Compliance is a multifaceted and complex matter. It requires a well-thought out plan with the right policies and procedures in place to ensure requirements are met in a timely manner and a pristine record-keeping system to document those procedures. Depending upon the size and focus of your business, you may opt to have an in-house compliance professional or entire department working to identify, prevent, monitor, resolve and advise with regard to compliance risks.
Your company cannot afford to be non-compliant. If you're interested in how Bedrock Technology can help your business stay compliant, learn more here.