Wednesday, August 31, 2005
Complying with multiple regulations and contending with conflicts
Complying with multiple regulations has become a way of life. Between the Gram-Leach-Bliley Act (GLBA), the Health Information Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX) and other state and federal regulations, organizations are finding it increasingly difficult to comply with conflicting regulations that govern day-to-day operations. Let's review how to comply with multiple regulations and what to do when there's a conflict.
The best approach to complying with multiple regulations is to evaluate each and determine which requirements are the same or similar, and which are different. For example, GLBA and HIPAA address privacy of customer or patient information. Instead of developing projects and separate policies to address each set of regulations, develop a set of policies that address the more stringent aspects of each, thus complying with the less stringent regulation at the same time. This is also true when state law intervenes and presents a more stringent regulation. Instead of approaching regulations as separate sets of rules to adhere to, look for a common approach to complying with multiple sets of regulations that often overlap.
posted by Brian Moran @ 7:07 AM