In previous posts about the necessity and value of email archiving, we discussed a few of the laws that require archives and the reasons behind those laws. We discussed Sarbanes-Oxley, or SOX, in depth. But the list of laws and regulations which make mention of email archiving as a requirement are quite extensive and single out the health care industry. Each of the following mandate strict email record-keeping.
- FDA Title 21 CFR Part 11
- Federal Rules of Civil Procedure (FRCP)
- Freedom of Information Act
- Gramm-Leach-Bliley Act
- HFTA (Hedge Fund Transparency Act)
- Investment Advisors Act
- NASD Rule 3110 and NYSE Rule 440
- SB 1386
- Securities and Exchange Commission Rule 17a-4 and SEC Rule 17a-3
- The USA Patriot Act
HIPAA And Compliance
Now let’s look at HIPAA. If you are a part of the health care industry, you are most likely familiar with HIPAA. Here are some risks of non-compliance in the context of HIPAA:
- Mandatory audits for organizations subject to HIPAA.
- Attorney Generals in every State can sue on behalf of residents against “any person” violating HIPAA in a Federal District court. The rules provide for statutory damages.
- Provide clarification on “wrongful disclosures” and make it a criminal offense to violate the Privacy rule’s authorization requirements.
- Significantly increase civil money penalties that eliminate previous defenses for non-compliance. For example, a tiered penalty structure is outlined that enables fines to be levied against “persons” that did not know about the need for compliance, up to $25,000.00 for one calendar year for one “identical violation.” In other words, a specific violation of an “identical requirement or prohibition” may not exceed $25,000.00 during a calendar year.
- Fines apply to persons that willfully neglect to comply with HIPAA and range from $10,000.00 per violation to $50,000.00 per violation, up to $1.5 million per year for one “identical violation,” if corrective action is not taken in the case of willful neglect to comply with HIPAA.
Compliance within the health care industry is serious business.
For more information on compliance and how you can protect yourself,