Government+Regulations

Ch 8 Compliance and Controls Rules greatly impact how many organizations and IT have to operate || In 2002, Senator Paul S. Sarbanes and Representative Michael G. Oxley sponsored the Public Company Accounting Reform and Investor Protection Act. Now known as the Sarbanes-Oxley Act, it is considered by some government leaders as the most significant change to US securities law since the 1930’s. The Sabranes-Oxley act:  · Enforces a form of checks and balances to ** enhance financial disclosures **  · Ensures the integrity of financial statements  · Requires companies to establish and maintain financial reporting procedures The SOX act mandates ethical ** independent auditing activities ** to combat corporate fraud. In order for auditing activities to become more transparent, corporations must maintain:  · Annual assessment on the effectiveness of the reporting procedures  · Section 404 assessment auditing compliance procedures  · Mandatory rotation of Certified Public Accountants The Sarbanes-Oxley (SOX) act has not been popular with IT staff. IT has been significantly impacted by the strict securities regulations. In fact, non-compliance and financial misstatements can lead to jail/fine for executives. In order to enforce ** corporate responsibility **for financial reports, executives must:  · Disclose auditory procedures in periodic reports  · Enhance reviews of issuer disclosures  · Manage assessments of internal controls || H ealth I nsurance P ortability and A ccountability A ct   ||  · Has regulations promoting the privacy and security of medical records  · Regulations cover three groups of individual or corporate entities  o Health plans(insurance and medical plans from employee, private and public  Carriers  o Healthcare Providers (like hospitals, Dr. etc)  o Healthcare clearinghouses (billing services, processor of health info, etc)  · Can effect inside AND outside of the medical industry, (non-medical industry employers would want to make sure that they are compliant)  · HIPAA security rule is designed to assure confidentiality of Protected Health Info (PFI) <span style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l7 level2 lfo4; text-indent: -.25in;"> o PFI includes identifiable or even reasonably identifiable info. <span style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l7 level2 lfo4; text-indent: -.25in;"> o Privacy Rule of HIPAA is intended to protect the privacy of all Individually Identifiable Health Info (IIHI) <span style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l7 level2 lfo4; text-indent: -.25in;"> o Protected info can be electronic or paper || ** U niting ** ** S trengthening ** ** A merica by ** ** P roviding ** ** A ppropriate ** ** T ools ** ** R equired to ** ** I ntercept & ** ** O bstruct  ** ** T errorism ** || After the terrorist attacks of 9/11, the passed United States Government passed the PATRIOT act of 2001. The Patriot Act allows law enforcement to use many of the same techniques <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">that were already in service to investigate organized crime. The Patriot act allows MORE communication about citizens between various law enforcement agencies in order to fight crime and terror. The patriot act enables: <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l2 level1 lfo8; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Security agencies to use sophisticated surveillance techniques <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l2 level1 lfo8; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Law enforcement to conduct undetected investigations <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l2 level1 lfo8; text-indent: -.25in;"> ·  <span style="font-family: Arial,sans-serif; font-size: 9pt;">Federal agents, such as the FBI and CIA are now able to subpoena business records for suspected terrorists more readily <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">New technology procedures are now more clearly defined in the Patriot Act allowing law enforcement to fight terrorism more efficiently. <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;"> <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo7; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Security agencies have far less red tape to get search warrants for suspected terrorists then before. <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo7; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Victims of computer trespassing can seek the assistance of enforcement agencies to monitor computer hackers. <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo7; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Penalties for terrorist crimes have increased significantly with enhanced maximum penalties. <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo7; text-indent: -.25in;"> ·  <span style="color: black; font-family: Arial,sans-serif; font-size: 9pt;">Conspiracy penalties and statues of limitations have been adjusted accordingly. The private sector has felt the impact of these changes as well. ID requirements have tightened across the nation. <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l8 level1 lfo6; text-indent: -.25in;"> · Original birth certificate abstracts are required when Americans move between states. <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l8 level1 lfo6; text-indent: -.25in;"> · Passports are now required to enter Canada <span style="margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l8 level1 lfo6; text-indent: -.25in;"> · Financial institutions and airports face stricter ID requirements. Financial Institutions are now under the obligation to make steps to verify customer Identification more closely. When opening new accounts, institutions must document attempts to determine whether the customer appears on any list of terrorist suspects. ||
 * Sarbanes-Oxley
 * HIPAA
 * Patriot Act