In the past several years, several new pieces of legislation have been enacted that impact the compliance regulation processes of the enterprise. It imperative that companies have compliance policies in place. Keeping compliant is often very expensive, but being found in non-compliance can be even more expensive. Not only are the monetary fines purposefully high, but CEOs can find themselves subject to actual prison time.

Two laws that may directly affect you and your company are the HIPAA (Health Insurance Portability and Accountability Act (1996) and the Sarbanes-Oxley Act of 2002.

HIPAA. This Health Privacy Rule gives federal protection oversight to the personal health information of patients and ensures their rights with respect to that information. The Act balances “need to know” from the health providers’ viewpoint and “privacy” for the patient. The Act specifically outlines a series of safeguards for the administration and technical dissemination of information via electronic means.

Sarbanes-Oxley (SOX). The Sarbanes-Oxley Act was passed in response to the failed accounting policies that led to the collapse of the Enron Corporation and other companies in 2001. The SOX Act imposes a set of financial regulations intended to guarantee that the integrity of reported financial data has not been compromised. CEOs are ultimately held responsible for the relationship between their companies and the accounting firms who actually submit the financial reports.

Although laws such as these are intended to protect both the company and the public, it is incumbent upon the company to ensure that compliance is met and maintained annually.