Document Regulatory Compliance
Keeping Yourself Out Of Trouble – Regulatory Compliance in the Document Industry
"Data Breach Results in Settlement"
"Errors in Tax Bills Cause Property Owner Confusion"
"Personal Data Accidently Sent Out"
No one who works in the document industry wants to see headlines like these referring to documents produced by their organization. Unfortunately, customers of in-house and outsource printing vendors read about these types of disasters all too often. And it's bad for business.
The consequences of producing non-compliant documents can be severe. Fines and lawsuits are financially damaging. Poor publicity can result in lost business. And those responsible can lose their jobs.
Dangers of Non-Compliance
Over the last year or so, enforcement activities have stepped up, both in the number of audits performed and the types of organizations under scrutiny – including outsource service providers. Even state agencies have been affected.
In 2012, the Alaska Department of Health and Human Services agreed to pay a $1.7 million fine following an investigation by the federal Office for Civil Rights that revealed, among other things, a lack of risk management measures that resulted in HIPAA violations.
Case Studies
Vendor's Printing Error Causes Privacy Breach
In Illinois, a printing company under contract to a school district sent COBRA enrollment information to over 1700 former employees. Unfortunately each of the employees also received the names, addresses, social security numbers, and medical insurance information of all the other former employees that were included in the mailing. The school district and the vendor spent resources to defend themselves in court.
Making sure documents are fulfilling all the current requirements for disclosure, language, and readability is becoming increasingly more difficult. And the trend is toward more regulation – not less. Just keeping up with the laws and new technology can be a challenge.
New Technology Reveals Violation
A $5 million lawsuit accused a large employer of violating a California law that protects employee social security numbers when it was discovered that employee ID badges included the personal information printed in barcode format. Smart phones with scanning apps could easily capture the information from the badges of 20,000 employees.
Very few regulatory infractions by document producers are the result of malicious acts. The vast majority of reported incidents are simply mistakes the organization failed to catch. Neglecting to implement preventative systems and procedures can compound regulatory violations.
Lack of Prevention Increases Penalty
The Delaware Insurance Commission fined an insurer $150,000 for privacy violations when a print stoppage resulted in private medical information from one patient to be printed on the front of an Explanation of Benefit form and information from a second patient on the back. Two regulations were violated: one that covered the disclosure of private information and a second regulation that requires insurers to have a system to safeguard against such disclosures.
In almost every case, a more comprehensive system for comparing live printed results to expected output would have caught the errors and prevented all the negative publicity and ensuing financial hardship.
Costly Printing Mistake
In a well-publicized case, a California insurance carrier had to pay $150,000 to the state and provide a year of free credit monitoring services to more than 30,000 residents – all because a formatting error caused private information to be visible through envelope windows.
Automated Document Testing Can Be Your Strongest Line of Defense
It isn't possible for software alone to make regulatory compliance errors obsolete, but automated solutions can be an extremely effective first line of defense.
Automating document testing processes will improve the chances of catching most kinds of unpredictable errors before they become an insurmountable problem. Organizations that use automated document testing solutions are able to test their documents more often. This allows them to catch errors sooner and minimize the damage. They can also test for more conditions, comparing every page instead of just a select few. Manual document verification can never approach this level of thoroughness.
Violating regulatory requirements always has a negative impact upon document operations and can generate significant penalties. Whether direct financial fines, legal fees, increased calls to customer service, reprinting and re-mailing, paying for credit monitoring, or a blow to the company’s reputation, there is a price to be paid. Document producers today have the ability to minimize their risk. Making the necessary investments to do so is a wise move.