Be Compliant, Get Certified

Audit and Monitor for Regulatory Compliance

Do you process any data or documents that are covered under HIPAA? What about those other regulations like PCI or GLB? If you can’t answer those questions for sure then you could have a problem. A violation, even an accidental one, could trigger an investigation. And an investigation that reveals a lack of preventative or reactionary processes can make things worse. Ignorance is not a defense. It is better to know where you stand.

You may already be aware of the security considerations when handling sensitive documents and you may have implemented privacy policies and trained your staff. But there is always danger in what you don’t know. That is why regular reviews supplemented by periodic audits can be just as important to your company’s financial well-being as preventative maintenance is for your production equipment.

Document Handling Violations

When it comes to document inserting and mailing, one of the biggest risks are mixed statements. Sometimes, pages from one account can get inserted into the envelope of another.

Shops that rely on the clipboard method of batch balancing could be making mistakes and never even know. We’ve seen cases where everything balanced just fine, but one of those disastrous errors still occurred. It’s a big deal when this happens on any kind of job. But for documents containing data covered by government regulations, it can be quite serious.

In some cases, document integrity and quality control measures have not kept up with the times. Some shops still rely upon OMR (optical mark recognition) for inserter control, believing the hash marks on the page protect them from mixed documents. But that isn’t true at all! It is quite possible to produce a balanced batch of mail that contains multiple mixed statements when using just OMR as the control mechanism. There are a number of circumstances that can cause errors. Printer jams, running stacks of pages out of order, or even a missing page can all result in undiscoverable errors.

One state insurance commission fined an insurer $150,000 for privacy violations. Part of the fine was for the disclosure of private information when a printing error mixed up data from different customers. The fine also included penalties for failing to have a system to safeguard against such disclosures. In this case, an assessment and better enforcement might have saved the company a lot of money.

Dangerous Data Handling

Another area where document centers can find themselves in trouble is the handling of data. Most of the data breaches that are reported happened by accident. A computer bag containing a laptop or a flash drive gets lost or stolen when an employee takes work home with them or is traveling for business. If the data is unencrypted, the employee’s company can be responsible for notifying affected individuals or paying fines. Sometimes guilty companies incur additional expenses such as paying for credit monitoring services. Regardless of the financial consequences, the bad publicity can be devastating.

Lost or stolen data exposes the information of many individuals at once. The penalties can be correspondingly large. One state agency lost a portable disk drive containing unencrypted personal health information of many patients. They settled the complaint for $1.7 million.

Document center audits can uncover conditions such as these and recommend corrective action. Regular spot checks and reinforcement of approved procedures by management can lower the risk in between audits.

Don’t be caught unaware. If you are unclear about your vulnerability to HIPAA or other regulatory violations, fines, and lawsuits when it comes to data and document integrity then it pays to get educated. Take action now rather than after a violation occurs. It is almost certain to be less expensive.