Addressing Compliance Requirements
To address compliance requirements you need to determine which government legislation you
must follow. For example, healthcare organizations need to take into account the requirements
of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Some professional
bodies also advise or require that communications are archived, so you will also need to know
to which professional bodies your organization belongs.
Although there are external infl uences on archiving requirements, your organization may
also have internal policies that you need to take into account when planning your archiving
requirements for OCS. In general, the requirements for the archiving of IMs tend to be the
same as for e-mail and other forms of electronic communication. If you are unsure of your
organization??™s requirements, you should discuss it with your colleagues.
Types of Compliance
Each form of government legislation has its own compliance requirements; some of these may
require long-term storage of IMs, and others may require that IMs are randomly sampled to
ensure compliance.
HIPAA
HIPAA requires that any organization that handles protected health information (PHI) follow
the rules set down in the Act; the Security Rule contains a Security Safeguard that requires all
electronic transmission of PHI be audit-logged. Therefore, it is advisable that you archive IMs
to ensure compliance.
Sarbanes-Oxley Act
Since the Sarbanes-Oxley Act of 2002 was signed, it has caused major reform of business practices
within the organizations that are required to follow it.
Pages:
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254