Meridian Blog

Five Compliance Environments You Should Know About

by Robert Bruce - March 4, 2014, updated on January 17, 2020 - HIPAA Compliance

Five Compliance Environments You Should Know About

In the Digital Age, document storage and compliance with local, state, and federal regulations has never been more important, nor more complicated. From Sarbanes/Oxley to the Affordable Care Act, the devil is in the details. And those details involve accurate record keeping solutions. These solutions may vary from using dedicated software to employing an outsourced managed document services provider.

This is by no means a comprehensive list of all regulatory environments. However, here are five that in one way or another probably effect most enterprises regardless of size.

The Affordable Care Act (ACA)

According to a recent ADP Research Institute survey, the majority of businesses, particularly small- to mid-size (SMB) enterprises, are having difficulty comprehending employer responsibilities under the ACA.  

One could spend a lot of time perusing the web for information on the ACA, but most of the info garnered would be on how to individually sign up for the program. For good insight into how the ACA affects businesses, I recommend two websites. The first, administered by the US government gives answers to a variety of questions. What constitutes a small business? Must I provide coverage for my employees? Can I get a tax credit for providing health coverage? Click here to check it out.

Another helpful website regarding the ACA is the Urban Institute’s. This downloadable PDF is more direct and business-oriented. Click here to view it. This policy brief draws on several previous Urban Institute analyses, and it describes what the ACA actually requires or offers businesses of different sizes. It uses the Urban Institute’s Health Insurance Policy Simulation Model (HIPSM) to estimate the law’s effects on employer-sponsored health insurance coverage and costs. Of particular focus is the impact of the law’s penalties on mid-size employers not offering coverage or offering unaffordable or inadequate coverage.

The Health Insurance Portability and Accountability Act (HIPAA)

This is a first cousin of the ACA, and non-compliance with HIPAA can be a major headache for enterprises of any size. Enacted by Congress and signed by President Bill Clinton in 1996, HIPAA protects health insurance for workers and their families when they change or lose their jobs. It also addresses the security and privacy of health data. Civil penalties for HIPAA violations run from fines of $100 up to $1.5 million. Criminal penalties can be as severe as $250,000 fines and up to 10 years in prison.

For medical practitioners and other health-related enterprises, a good website on HIPAA compliance is provided by the American Medical Association.

The U.S. Department of Health and Human Services also has a website specific to HIPPA and national standards regarding electronic health care transactions and code sets, unique health identifiers, and security issues. 

The Sarbanes-Oxley Act of 2002 (SOX)

Named after its sponsors, U.S. Senators Paul Sarbanes D-MD and U.S. Representative Michael Oxley R-OH,  this law sets accounting standards for public companies, boards, management and public accounting firms. As a result of SOX, top management must now individually certify the accuracy of financial information. Penalties for fraudulent financial activity are severe. If a top executive signs off on incorrect or misleading financial documents, he or she can be imprisoned for up to 25 years.

Lawyers, and those who enjoy reading legal terms, can go here to the Securities and Exchange Commission for info on SOX and the penalties for non-compliance.

The Food and Drug Administration (FDA)

The scope of the FDA is huge, touching many aspects of American life, from food service to biotechnology to cosmetics to veterinary medicine. Incorrect record and document management involving your enterprise and the FDA can have a huge negative impact. Since it is so broad a subject, and the variety of websites is so large, it is best to go right to the source.

Payment Card Industry (PCI)

Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies processing, storing and/or transmitting credit card information maintain a secure environment. PCI applies to all organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. If any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. This pretty much applies to a lot of small- to mid-size businesses. For more information, click here to go to their website.

Compliance regulations are constantly evolving. Is your business and all of its processes compliant? If you aren't sure, it could cost you. One way to ensure that your operations are compliant is through a thorough assessment of your business processes and technology environment. Click here to schedule an assessment now. 

Subscribe to the Meridan blog

Sign up to receive the latest news about innovations in the world of document management, business IT, and printing technology.