Federal regulations regarding records management — particularly the retention and management of records — abound, with more than 15,000 regulations currently in place worldwide. From Sarbanes-Oxley (SOX) to HIPAA (Health Insurance Portability and Accountability Act) to Specter-Leahy, all affect stored records. Traditionally, compliance with these regulations is seen as a necessary evil — a way to avoid hefty fines. However, the document imaging and content and records management technologies you implement can provide you with more than compliance. According to Jim Till, chief marketing officer for Xythos Software, records management is not something companies can avoid. "However, if companies can deal with records management in a holistic way, in terms of how documents are created, classified and categorized, retained, and then shared, in a way that is transparent to users, then the benefits of compliance can be very significant." Your efforts to put tracking and accountability in place via technology solutions can provide a return on investment, not just regarding compliance, but to your company's bottom line.
One of the biggest factors affecting regulatory compliance is the fact that electronic records are becoming more prevalent. According to ARMA International (The Association For Information Management Professionals), more than 90% of records being created today are electronic. Those records, whether e-mails or electronic versions of paper documents, are stored in central or siloed repositories.
E-MAIL: RECORDS MANAGEMENT CHALLENGE
E-mail is one of the biggest records management challenges because it comes through enterprises in such volume and often contains information that makes it a valid record susceptible to compliance. Also, e-mail is the predominant method for sharing documents between departments or companies. "As organizations become more interdependent, by definition they'll have to work with each other more coherently," says Till. "That means the traditional method of sending documents back and forth, via e-mail or FedEx, will not be sufficient. These methods of exchanging information take too long and slow down processes." Companies have relied upon e-mail in an attempt to speed up the physical process of document sharing, but the volume and file sizes often prove overwhelming for companies' struggling e-mail management efforts (e.g. limited mailbox sizes, e-mails only accessible for 30 days). An additional challenge is the fact that many SMBs depend on hosted e-mail, which often reduces the permissible size of attachments due to security purposes, making it harder for the companies to effectively share documents via e-mail. Another problem with e-mail as a means for document sharing is that, unmanaged, it creates massive, unwieldy data stores for IT, both within designated repositories and in the form of individual storage methods employees create to work around mailbox limitations.
So what do companies do? Use content management technologies to create methods to effectively share documents. "Companies can use hosted document sharing — putting documents out on a secure Web server, accessible with a password — to eliminate the need of sending attachments back and forth and the risk of having multiple versions during a project," says Till. He points to the New York City Health And Hospitals Corporation, which couldn't process prospective employees quickly enough to maintain its staffing needs. The organization was challenged because it had to send and receive background information back and forth to the FBI, the NYC Department of Justice, and other government entities via bike messenger and FedEx. The organization implemented a content management solution that accommodated secure document sharing, and it was able to streamline its application processing procedure and ramp up its staffing.
COMPLIANCE SHOULD INCLUDE ACCESSING INFO, NOT JUST RETAINING IT
Most compliance efforts deal with retaining and securing information, but you can't forget about how users will access it — and that's where the payback comes from. If users can't easily access and use the information that's secured and tracked, you have not done a thing to improve business processes. "SOX, just to pick one regulation, is about putting process controls in place around the integrity of financial records, to ensure records can't be lost, altered, or tampered with while bringing forth financial reports," says Thomas Bookwalter, an advisor for AXS-One. "However, you also have to look at the records themselves and what companies can do differently to make the accessibility become cost-effective. Getting a return on the compliance investment requires taking a broader look at records, their management, and their retention. In the earlier days, when records retention was done using tape backup, we discovered that, while it looks simple and economic, tape backup has huge repercussions on the retrieval side. Companies need to look at methods they can use to make retention more feasible, such as online storage, which turns an unwieldy archive into one that gives all users access."
By retaining records in a method that improves their accessibility and ability to be shared — while still getting in compliance — you can improve the way you do business and affect your bottom line. Xythos' Till points to a research lab in Boston that used a content and records management solution to get in compliance with HIPAA. The organization also used that technology, which secures documents and image files, to help it collaborate with other organizations to compete for a grant. Traditionally, the groups would e-mail or messenger documents back and forth, which was time-consuming. "However, by using a technology that allowed the groups to collaborate and manage documents over their life cycle, the research lab was able to win the $40 million grant, which it otherwise wouldn't have been able to respond to in a timely or cohesive manner," says Till.
COMPLIANCE TECHNOLOGIES HELP PREPARE FOR LITIGATION
Another benefit records management can provide is improving the ability to respond to litigation. "We constantly have customers who come to us who might be storing records for compliance but haven't thought about how to retrieve them," says Bookwalter. "They have, however, realized that litigation is part of doing business." He points to a company in California that, when it looked at its caseload, had 2,600 cases. It had $50,000 set aside for each case, which is the amount it estimated as necessary for preparing all of the documentation. It had no way of quickly knowing what was real and what wasn't. In another example, a company facing a lawsuit estimated that the data recovery requirement would cost $780,000 and ended up settling, which was less expensive, even though there might not have even been a case had it gone to court.
The records management technologies that companies implement should be seen not as burdens, but as benefits to improve processes, reduce costs, and create new collaborative environments for doing business. And it's becoming more feasible. "We are seeing a democratization of what was once expensive technology," says Till.