by Tom Beasley

We hope you enjoyed our first issue of The AccuView!

Last month, we focused on business process management - best practices, benefits, technology, etc. In this issue of The AccuView, we've put compliance, a related topic, in the spotlight.

Compliance with an ever-increasing number of government regulations has become an area of concern for nearly all businesses. Our health care customers are concerned with HIPAA compliance. Our public company clients are focused on meeting the requirements imposed on them by Sarbanes-Oxley. And our customers in the financial services space are driven by Check 21 and Gramm-Leach-Bliley.

The right technology can play a significant role in helping your company become compliant. Information management and business process management technology can automate manual processes; secure data and ensure customer privacy; enable disaster recovery preparedness; monitor and track processes using detailed reporting; evaluate processes' vulnerability to risks; etc. But these benefits can deliver so much more than just compliance; ultimately, your compliance efforts have the ability to increase efficiencies while decreasing costs.

The AccuImage team has worked with companies in diverse industries, including the highly-regulated health care and financial services industries. Let us show you how you can turn compliance obligations into business opportunities.

Warm regards,

Tom Beasley
tom.beasley@accuimagellc.com

Last week, the Securities and Exchange Commission voted to postpone for an additional year the deadline for filing internal control reports by small-cap companies (under $75 million) in accordance with Section 404, the most contentious component of the far-reaching Sarbanes-Oxley Act.

Such non-accelerated filers will now have until July 2007 to meet the Section 404 requirements to include in their annual reports a report by management attesting to the effectiveness of internal control over financial reporting and an accompanying independent auditor's report.

The move is the second reprieve for non-accelerated filers this year. The SEC had previously extended the deadline for small-cap companies by one year, voting in March to push the compliance date to July 2006.

Source: Compliance Pipeline, September 22, 2005

Compliance with the Sarbanes-Oxley Act requires detailing the accuracy and scope of business procedures and certifying that the controls are helping prevent fraud, theft and inadequate disclosure. To help our customers meet those requirements, we offer tools to manage and monitor documents and workflows, track information through its lifecycle, and automate manual processes. Sections 302 and 404 of the Sarbanes-Oxley Act require companies to:

• Document the design and methodology of the financial reporting process.
• Assess the risks and effectiveness of those processes, which include:
  • Processes' speed to completion, flexibility, reliability and timing.
  • Patterns of internal fraud and theft.
  • Corporate management structure.
  • Data complexity, volumes, predictability, value and privacy concerns.
  • Process complexity and number of databases.
• Monitor and track processes.
• Evaluate processes' effectiveness and vulnerability to risks.
• Identify the causes of weaknesses and problems.
• Fix problems.
• Automate manual processes.
• Repeat every year.

One application we've used to automate our customers' processes is Verity LiquidOffice. A robust and highly customizable business process management tool, LiquidOffice can play a vital role in SOX compliance. It requires the documentation of processes and methodologies, and automates manual processes. It eliminates the risk of lost or stolen documents. It increases workflow's speed to completion. It monitors and tracks paper handling by all personnel. And it can identify and fix procedural weaknesses.

A business process management solution like LiquidOffice can help you maintain compliance with Sarbanes-Oxley and other regulations. But it can also accelerate your revenue cycles. It can help you increase profits while decreasing costs. It will improve operational efficiency, security and accountability. Ultimately, you'll be able to accomplish more with fewer resources.

For more information, contact us.

U.S. Department of Health and Human Services Secretary Mike Leavitt recently proposed the adoption of standards for certain attachments to electronic health care claims, a requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The proposed standards will apply to electronic transactions by covered entities to request and provide clinical information for certain types of services which are being billed by the provider to the health plan.

Covered entities will be required to use the standards when they are conducting an electronic transaction for the purpose of requesting and providing additional information for one of the six types of services.

"These HIPAA provisions make processing claims and other health care transactions much more efficient and in the long run save millions of dollars," Secretary Leavitt said. "Adoption of these standards and the implementation of electronic medical records will allow our health care community to lead America's efforts in improving the quality of care, avoiding errors and enhancing communication between providers."

These electronic health care claims attachment standards have been designed to work in concert with the HIPAA Privacy Rule. The proposed standards would use much of the same terminology and definitions.

This proposed rule has a two-month comment period, which ends November 23, 2005. When adopted in a final rule, the attachment standards will affect health care providers who transmit health information in electronic form in connection with a transaction covered by HIPAA, health plans, and health care clearinghouses, within two years (three years for small health plans) of the effective date of the final rule planned for 2006.

"Setting standards for electronic attachments for the health care claims is a natural step in our goal of ensuring that clinical information be available when it is needed," Secretary Leavitt said. "These steps lead to a future in which electronic health records are complete and electronic medical record systems are beneficial."

The proposed standards would require covered entities to use certain transactions, messaging standards and a new code set when they electronically request the additional information, and provide the information in response to the request. Six specific types of attachments are covered by this proposed rule: laboratory results, emergency department services, ambulance services, medications, clinical reports, and nine rehabilitation specialties.

The Secretary of Health and Human Services has designated the Centers for Medicare and Medicaid Services as the agency within the department to administer and enforce the transaction and code sets, identifier, and security provisions of HIPAA. The Office for Civil Rights has responsibility for administering and enforcing the Privacy Rule.

Source: U.S. Department of Health and Human Services, September 23, 2005

Few corporate executives know that they can be fined or jailed for improper disposal of computers, according to a recent survey by Hewlett-Packard Financial Services.

HP Financial Services commissioned a survey on information technology equipment disposal. The results show that few executives are aware of the costs, regulations, penalties, fines and environmental impacts related to throwing out old IT equipment.

More than 75 percent of respondents underestimate the cost of computer disposal. More than 65 percent of executives with purchasing authority are unaware of the fines they can face for ignoring environmental regulations. Respondents' biggest concerns surrounding the disposal of IT equipment were data privacy and security.

Recent legislation holds top executives and IT managers accountable for violating customer protection and privacy rules. The Health Insurance Portability and Accountability Act (HIPAA) allows fines up to $250,000 and 10 years in prison for each violation of patient health information privacy rules. The Gramm-Leach-Bliley Act imposes penalties of up to $100,000 per violation for financial institutions that fail to protect customer information.

The Resource Conservation and Recovery Act allows the U.S. Environmental Protection Agency to hold equipment owners accountable even if they outsourced disposal. If the waste ends up leaking toxins into landfills of developing countries, companies can face regulatory penalties, negative publicity and litigation.

Greenpeace International is tracking the problem. The environmental group released a report earlier this year stating that lead, cadmium, mercury, antimony, polychlorinated biphenyls and flame retardants were polluting the land and water near electronic dump sites in China and India.

The European Union has electronics recycling laws, and three states - California, Maryland and Maine - are now regulating the disposal of electronics, including PC parts. Massachusetts, New Jersey and several other states, as well as New York City, are considering similar rules.

"Throwing old computers and servers out in the trash is dangerous to the environment, and even if you go as far as hammering nails into a hard drive, personal information can still be stolen," said Irv Rothman, president and chief executive officer of HP Financial Services.

Source: TechWeb News, September 22, 2005

Sarbanes-Oxley Symposium
October 27-28, 2005
Chicago

The Sarbanes-Oxley Act has changed how we do business. In an effort to prepare IT professionals and others responsible for internal control and the quality and integrity of information generated by IT systems, a critical requirement of Sarbanes-Oxley, the Information Systems Audit and Control Association (ISACA) presents the third in a series of unique and comprehensive symposia focusing on IT controls. Learn more.

DCI's Business Process Management Conference
November 8-10, 2005
San Diego

In today's volatile economy, every organization is working on some aspect of its business processes and applying approaches including Six Sigma, Balanced Scorecard, process improvement, BPM systems, enterprise architecture, governance programs and business activity monitoring, to name a few, in order to stay competitive. Typically, these efforts are isolated and fail to deliver the optimal results that are only possible with integrated BPM programs.

DCI's Business Process Management Conference is the one and only BPM conference that embraces the whole range of business process opportunities and helps organizations figure out how to truly integrate and manage BPM cross-functionally. This conference will enable you to capitalize on the potential that BPM can bring to your organization. With managers and practitioners in mind, DCI's BPM Conference is focused on true, practical and unbiased BPM education. By attending this event, you will walk away with the basic skills, in-depth knowledge and practical methods you need to design, develop, measure, integrate and manage your organization's business processes and improve your company's overall business performance. Learn more.

AccuImage, LLC is a systems integrator that empowers their customers with solutions designed to gain the maximum value from their information at every point in the information lifecycle. Founded in 1996 and headquartered in Nashville, Tennessee, AccuImage specializes in the design, installation and support of document and content management systems, forms processing solutions, and electronic workflow systems. The company offers hardware and software from leading companies - AnyDoc Software, Böwe Bell+Howell, Canon, Captaris, Captovation, EMC Documentum, Fujitsu, Hewlett-Packard, IBM, Kodak, Kofax, Panasonic, Plasmon and Verity - as well as consulting, document conversion and professional services.