Sarbanes Oxley (SOX), Document Management and Compliance

So what is Sarbanes-Oxley (SOX), and how does it apply to Electronic Document Management Systems?

The Sarbanes-Oxley Act of 2002, aka the Public Accounting Reform and Investor Protection Act of 2002, was signed into law after a myriad of high visibility corporate accounting scandals, such as: WorldCom and Enron. The act affects all public companies, and places high requirements on accounting standards, improved corporate reporting controls and visibility into the financial inter workings of an organization. The act imposes personal and criminal penalties for financial mismanagement, and enforces strict accountability.

The main crux of the Act requires executives to personally affirm the validity of financial statements, and also requires auditor attestation and complete documentation for backup on the statements.

So where do Document Management Systems come into play with respect to Sarbanes-Oxley?

When an organization is looking to comply with SOX requirements, there are many roadblocks:

• Large volumes of documentation are required for verification and audit purposes.
• Many of the accounting practices and procedures are very manual in nature, and the processes for monitoring, tracking and auditing is prone to human error.
• Total visibility to the entire financial picture is almost impossible with paper-based systems.
• De-centralized document storage can make a full and complete audit impractical.

An Electronic Document Management System or Electronic Content Management System can provide simplified means to comply with SOX:

• Having a centralized electronic repository for search and verification can minimize effort, and maximize an organization's ability to find key documentation.
• The ability to automate the scanning, indexing and archiving of documentation allows for centralized monitoring, reporting, tracking and auditing of all compliance activities.
• Centralizing all documentation allows for a key strategic view to all compliance critical information.

In a nutshell, technology allows the organization to simplify and centralize all the efforts surrounding compliance. For more information from http://www.scanguru.com/ , click on the link below:

Sarbanes Oxley (SOX) Document Management Compliance Links

Isn't Fax dead yet?

Paperless Fax

Technology is so interesting these days, and it seems we keep going back to the "good old days" for reliability and security. I find it absolutely amazing that Fax is still the standard of transmission for many businesses and organizations. What are the reasons? Here are some:

• Security in point-to-point transmission. Fax is viewed as "more secure" than email in many organizations
• Proof of receipt
• Accepted and fully adopted standard

But are the above really valid with the old analog fax machine? From a security standpoint, the fax is secure in the way it transmits, but once it comes out on the other end, that document is open to whoever walks by the machine. On the proof of receipt, yes you can get the send report, but did the intended recipient actually receive the document. This usually requires a phone call or email for confirmation (isn't that ironic). As far as the final bullet, fax is the old reliable staple of the office, and some folks just wont give it up, or have the option of doing so.

Paperless/Network fax systems are quickly becoming the standard in the workplace for a multitude of reasons:

• They integrate seamlessly with existing email systems. You can send faxes through your account, and receive them anywhere and anytime.
• With the ability to designate personal fax numbers, security is no longer an issue, as only the recipient will receive the document.
• For larger entities, it just makes financial sense to move to network-based faxing. You can eliminate all the analog fax lines, eliminate maintenance, paper and toner expenses, and reduce fax handling time for personnel.
• The ability to archive and search transmission logs and documents

Many industries are still relying on fax (medical, financial, construction and government to name a few), and the technology is long from extinction. For some additional links on network faxing click here:

View further information on Paperless Fax Systems

Document Management, HIPAA and Compliance

So what is this HIPAA thing, and how does it apply to the management of Documents? Here is my understanding, and an overview of the basic details.

The Health Insurance Portability and Accountability Act (HIPAA) was put in place to protect personal health information and to improve the process of information transfer through standardization. The Act was put in place in 1996 as a "kick in the pants" to the Health Care industry, designed to place requirements on how patient information is handled, transfered and maintained. From a technical perspective there are several areas of focus:

• Standards on electronic transactions
• Standards on code sets for information
• Provision for unique identifiers for employers and providers
• Privacy of individual health information
• Security and Digital Signatures

The first two areas of focus were created to standardize the transmission of administrative and financial healthcare transactions. This definied, standardized format is to be used for any number of transmissions, including claim status, payment and remittance as well as referrals and authorizations (and many others).
From a Document Management perspective, the real impact is on the privacy and security portion. This section is the most controversial, and holds the healthcare entity liable for any breach of patient confidentiality or disclosure of private information. Organizations are required to create privacy policies and procedures and manage the patient records. Below is a summary of the privacy requirements:

• The right for patients to copy and inspect their health information
• Required training for employees on privacy regulations and procedures
• Policies and procedures are required for the disclosure of information and access
• Patient authorization for the disclosure and/or use of private information
• Documentation of access, use and disclosure

These are just a few of the requirements.
An Electronic Document Management System, or Electronic Medical Record System provides the best path to HIPAA compiance. The correct system will maintain proper security, audit all access, and allow policies and procedures to be enforced.
Some additional compliance links at:
Further information on HIPAA and Document Management

Network Scanners for the Paperless Office

There is a new weapon in the quest for the paperless office: the network scanner. It the old days (a year ago) the only way to get network scanning was to buy a scanning multi-function device (fax, copier, etc). The major scanner manufacturers were behind the power curve with the exception of Canon. Now Kodak, Fujitsu and Canon have all released network scanners. Below are some descriptions and key features:

Fujitsu fi-6000NS

This product retails for $2,995 and is built on the popular fi-5120C platform. It scans at 25 pages per minute, and allows scanning to network folders, email and even network fax systems. All of this is accomplished through an 8 inch programmable touch panel, and integrates with Windows Active Directory. The only drawback here is the basic warranty is only 90 days onsite (you have to buy service contracts for anything beyond). Review of the Fujitsu fi-6000NS

Kodak ScanStation 100

The ScanStaion 100 also retails for $2,995, and scans at 25 pages per minute. The system allows you to scan to network share, email, printer or USB drive. The system also has a touch panel and integrates with Windows Active Directory. The USB feature on this model is really cool and lets you "scan and carry" documents. The unit comes with a 1 year warranty.
Review of the Kodak ScanStation 100

Canon ScanFront 220

The Canon ScanFront is the cheapest of the models at $1,995 and offers many of the same features, but at 26 pages per minute (note: if you do scan 2 sides it slows to 35 ipm). The Canon scans to email, Network folder and FTP. It also has a fingerprint reader option. It inlcudes a 1 year warranty. Review of the Canon ScanFront 220

These scanners are a great compliment to any office, and allow shared usage. More info at ScanGuru Document Management

How do I scan my file cabinets?

How do I go paperless?
What type of scanner should I buy?

These questions are becoming common in today's business world as the inefficiencies of paper can be eliminated through the use of the proper hardware and software.
The back-scanning of large file rooms can be a huge task, requiring the purchase of equipment, software and usually, some extra employees. Below is an outline of steps to take before moving out on this "paperless" adventure:

Evaluate your current paper files.

How much paper do you have? A good benchmark is that each four drawer file cabinet has bout 10,000 to 12,000 pages depending on how tightly the doors are packed (if you cannot fit any more files in, lean towards the upper number). Now, each page consumes approximately 50K of server space, so an eintire cabinet is about a CD of data, or 500-600 MB. Also take a look at the prep work that will be involved. It amazes me the number of staples folks use when archiving paper files. One simple staple in the left corner never seems to be enough, and I have even seen 5 per packet or document. This will all add to the prep time as you remove staples, post-its, etc. How long will it take to scan the files? Do a benchmark test on a sinlge files and then multiply it out.

Should I outsource the scanning of my file cabinets?

Once you have evaluated your file room, and seen how many files you have, you can get a feel for how long the task will take. With a 90 page per minute scanner, a file drawer will take about a 1/2 hour to scan (that includes a few jams). Then there are the index fields, which depending how many you have per document, can add some additional time. After looking at all these factors, and what it would cost in time, some folks just decide to outsource. Document Scanning Bureaus usually charge a per page fee, plus some additional labor charges. Depending on your market, the cost per page will range from 5-12 cents per page, plus an hourly labor fee. So that 4 drawer cabinet will run you anywhere from $500-1200 plus some labor fees.

How do I figure out what scanner and software to buy?

THere are a ton of options out there, and several websites that can help. http://www.scanguru.com/ is a good place to start. There are some additional articles, and links to many of the vendor sites.
I will go deeper into each of the questions above in separate entries in the future.