Review of Compliance Regulations

Sarbanes-Oxley Act
(SOX)

• Executives of publicly traded companies certify the validity of the company’s financial statements.
• Financial control and risk mitigation processes must be documented and verified by independent auditors.
• Companies shall maintain all audit or review work papers for a period of 5 years

• Original copies of all communications must be preserved for no less than three years, the first two in an easily accessible location.
• Records that must be maintained and preserved be available to be produced or reproduced using either micrographic media (such as microfilm or microfiche) or electronic storage media (any digital storage medium or system).

• This act was amended in 2003 to enhance protection of nonpublic personal information.
• It requires that financial records be properly secured, safeguarded, and eventually completely destroyed so that the information cannot be further accessed.

• Security standards must be adopted do the following:
• Control who can access health information.
• Provide audit trails for computerized record systems.
• Meet the needs and capabilities of small and rural healthcare providers.
• Make health data isolated and inaccessible to unauthorized access.
• Safeguard the physical, electronic and administrative transmission of health information to ensure confidentiality.

• Requires systematic record management, including how records are classified, created, deleted, maintained, reproduced, and used.

• Oversees official government record keeping.
• Requires adequate and proper documentation on how U.S. government business is conducted, including the policies and procedures of government agencies.
• Defines records as machine-readable materials made or received by an agency of the U.S. government under federal law or in connection with the transaction of public business.
• Requires that electronic records on a particular subject or function be organized within a record series that facilitates the management of these records.

• Put control in place to protect content stored on both open and closed systems to ensure the authenticity and integrity of electronic records.
• Maintain the ability to generate accurate and complete electronic copies of records so that the Food and Drug Administration may inspect them.