SEC Offers Pragmatic Advice on Essential SOX Work

SEC Offers Pragmatic Advice on Essential SOX Work
AMR Research: One of the frustrations with the first year of Sarbanes-Oxley compliance is ambiguity surrounding requirements. Companies report that firms impose different standards on clients relating to control work that must be performed under Section 404. The SEC recently issued welcome guidance that better defines the boundaries. First, Section 404 is limited to processes and controls associated with financial reporting. Second, the SEC will hold management to a standard of reasonableness, not perfection, in certifying the efficacy of controls. A company doesn't have to get everything perfect, and it may take costs into account when deciding what constitutes reasonable controls.

Balanced against this is the liability a company assumes if its compliance efforts fall short. Essentially, the SEC is asking companies to make reasonable decisions which, in this case, may mean having complaince activities examined by a competent third party.

Password to Compliance

At Vitas Healthcare Corp., with operations across 15 states, 6,000 employees are protected by passwords as they access multiple databases, most containing financial and health-care information. But after they log on to the network each day, they can encounter half a dozen passwords for the different databases they need to work with.
security pipeline

Complying with HIPPA means keeping health care records secure...which means ensuring that the databases are password protected and that access to those databases is logged.

New Health Information Act

Congressmen Patrick Kennedy (D-RI) and Tim Murphy (R-PA) introduced new legislation May 11 that promises to digitize the health care system.

Also called the 21st Century Health Information Act, the Murphy-Kennedy bill (H.R. 2234) devotes federal resources to provide grants to regional health information organizations, enhance Medicare and Medcaid reimbursements, and purchase health information technology products that meet interoperability standards.

Both Senator Hillary Rodham Clinton (D-NY) and former Speaker of the House, Newt Gingrich, support the act.

Bottom Line: If passed, the new bill will create secure interoperable health information networks that protect patients' privacy, open the doors for e-prescribing, improve quality outcomes and decrease health care costs, its founders predict.
hippa wire

The question of how this will impact on HIPPA concerns and compliance is something which needs to be investigated. Carefully.

Compliance as business driver

Some CIOs call me saying I'm creating a problem for them. I tell them this is an opportunity for them to shine and that they need to step up to the challenge. They say they need that like a bullet hole in the head. Their managers tell them they need to be compliant, but they are providing no additional resources and are imposing strict deadlines. I think CIOs need to get to the people in the corporation who hold the purse strings. In seven out of 10 cases, CFOs are focused on audits and what needs to be reported. If companies took a broader view, they could create an agile enterprise with a flexible infrastructure that could make compliance with a host of regulations such as HIPAA, the Patriot Act, Sarbanes-Oxley and Gramm-Leach-Bliley that much easier.
it business edge

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law on August 21, 1996. This law includes important new protections for millions of working Americans and their families who have preexisting medical conditions or might suffer discrimination in health coverage based on a factor that relates to an individual's health. HIPAA's provisions amend Title I of the Employee Retirement Income Security Act of 1974 (ERISA) as well as the Internal Revenue Code and the Public Health Service Act and place requirements on employer-sponsored group health plans, insurance companies and health maintenance organizations (HMOs). HIPAA includes changes that:

+ limit exclusions for preexisting conditions;
+ prohibit discrimination against employees and dependents based on their health status;
+ guarantee renewability and availability of health coverage to certain employers and individuals; and
+ protect many workers who lose health coverage by providing better access to individual health insurance coverage.