Regulatory data compliance tips from Dena Kamel
Over the years, data compliance has evolved into a complex process. From hospitals navigating HIPAA regulations to small businesses achieving Payment Card Industry (PCI) compliance, nearly all organizations have to address data regulations in some form. Penalties for noncompliance can include stiff fines and even jail time.
Data compliance does not have to be a headache, and a three-pronged approach can smooth the way to ensuring that your organization meets industry regulations. Know the requirements for your industry, create a picture of the state of data in the organization, and then craft effective data policies.
1. Know the Requirements
The first step to data compliance is to know the regulations for your industry and region. For example, HIPAA requires retention of many documents for a minimum of six years. Retention requirements for medical records, on the other hand, are determined by the states and vary widely.
Data compliance regulations affect nearly every industry, from healthcare to financial institutions, post-secondary education and engineering. Staying on top of regulations and best practices can be a complex endeavor. Sound advice from legal professionals and compliance experts is critical.
2. Determine Data Location and Access
In order to ascertain whether your organization is compliant with data regulations, you first need to know what kinds of data exist, where the data is located and who has access to it. This includes files, emails, media posts, text messages and more.
With the advent of cloud computing and mobile access, files can be stored in numerous locations, both on-premises and in the cloud. It can be difficult to determine who has access to the various records. For example, a SharePoint folder may have various subfolders. Someone granted access to the main folder months ago will also have access to new subfolders.
A number of tools can help you connect to your data locations to identify and then index relevant data. For instance, the Content Search tool in Office 365 allows you to review mailboxes, SharePoint Online, OneDrive for Business and more in a single search. A proactive eDiscovery can also save costs and time in the event of future legal mandates.
3. Draft Data Policies for the Win
With legal minimum requirements in hand, effective policies for electronic documents are the best way to keep information organized and ensure ongoing regulatory compliance. A few guidelines can help you draft policies that work.
- Involve all stakeholders – Avoid the temptation to leave creation of data policies up to a compliance officer or your IT staff. Gain input from all relevant sources, including human resources, legal, IT and finance, for starters.
- Cover your bases – Policies should encompass not only email, but all information, from patient and customer records to credit card information and day to day details about employees.
- Include a naming convention – Specific naming conventions for folders and files make information easy to identify and locate.
- Minimize the degree of human error with back end policies – For example, IT can implement automatic email archiving according to a pre-determined schedule. In addition, email filters can flag attempts to send sensitive information through non-encrypted email.
- Provide end user training – Make sure you can demonstrate that all employees have been presented with data policy information. Include training during onboarding, with refresher courses at regular intervals. Make policies readily available and easy to find.
Minimize Data Compliance Risk
The process of learning regulatory requirements, finding and managing data and crafting effective policies is complicated. Regulations continue to evolve, and the amount of data produced increases daily.
The experts at Messaging Architects can help you minimize risk to sensitive information and protect your business. With extensive experience in a wide variety of industries, including healthcare and finance, our consultants can help you navigate industry regulations with comprehensive solutions for data compliance monitoring and ePolicy design and review.
Dena Kamel is the Consulting Director at Messaging Architects and has worked with the company for over eight years. While directing the work of the project management and consulting teams, she also manages large or client-sensitive projects. Kamel combines a background in accounting with a talent for issue resolution. Her favorite part of her job is turning problems around and seeing the client’s satisfaction when a project gets back on track.