If You Thought Y2K Was Disruptive, HIPAA and Sarbanes-Oxley May Be Worse (Marketing Memo, August, 2003)
The Health Insurance Portability & Accountability Act of 1996 and the Sarbanes-Oxley Act of 2002 are wreaking havoc in the business world by making companies tighten up record keeping and corporate oversight. HIPAA enforces the use of standards that facilitate the electronic transmission of patient and other healthcare data. HIPAA also protects patient privacy. SOX prohibits irregularities in corporate governance and regulates corporate accounting practices. Companies should be familiar with the provisions of both of these important acts.
HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPPA, or the Kennedy-Kassebaum Act, amends the Internal Revenue Service Code of 1986. HIPAA establishes standards for electronic data transactions and protects patient privacy. HIPAA applies to physicians, healthcare organizations, and service providers, including billing services, insurance companies, and providers of information technology systems.
Transactions -- Electronic data concerned with patients, administration, and finances must comply with certain standards. To simplify the transmission of digital information, patients, providers, employers, and health insurers must use "unique health identifiers." People who transmit this information must adhere to security and electronic signature standards.=
Privacy -- HIPAA prohibits the use of a patient's past, current, or future health information for marketing purposes. People must secure health information associated with particular individuals.
SARBANES-OXLEY ACT OF 2002 (SOX)
The Sarbanes-Oxley Act or SOX followed on the heels of the Enron and WorldCom, scandals.
Oversight Board -- SOX creates an SEC directed full-time Oversight Board. The Board registers, regulates, and disciplines public accounting companies and ensures that they comply with SOX. The Board also sets standards for audit reports and preserves the secrecy of company documents. Board members must be financially independent from public accounting firms.
Auditor Independence -- Public auditing firms may not generally provide investment advice or other non-audit services to the companies they audit. The members of a firm's auditing committee must change periodically. Auditors may not work for companies whose executives recently worked for the auditing firm. Periodic rotation of auditing firms may be necessary.
Disclosure -- CEOs and CFOs must "certify the 'appropriateness of the financial statements and disclosures contained in the periodic report.'" Furthermore, officers may not try to influence the auditor's report. Companies must also disclose off balance sheet transactions.
Illegal Practices – SOX prohibits the misleading of auditors, and it requires CEOs to return bonuses based on financial results if the company must restate its results. Officers and directors may not trade during blackout periods. They may be severely penalized for violating SOX.
One software executive finds HIPAA more disruptive than Y2K. Winett Associates can help you identify other external factors that affect your operations and your marketing strategy.
Winett Associates tel: 508-877-1938 fax: 508-877-9409 email
©2018 Winett Associates. All rights reserved.