5 Ways to Boost Regulatory Compliance

20
1 © Copyright 2015 EMC Corporation. All rights reserved. EMC ENTERPRISE CONTENT DIVISION EMC InfoArchive Webcast Series presents.......... 5 Ways to Boost Regulatory Compliance Through Application Decommissioning with InfoArchive George Florentine Executive Vice President, Engineering Flatirons Solutions @ FlatironsSols

Transcript of 5 Ways to Boost Regulatory Compliance

Page 1: 5 Ways to Boost Regulatory Compliance

1© Copyright 2015 EMC Corporation. All rights reserved.

EMC ENTERPRISE CONTENT DIVISION

EMC InfoArchive Webcast Series presents..........5 Ways to Boost Regulatory Compliance Through Application Decommissioning with InfoArchiveGeorge FlorentineExecutive Vice President, EngineeringFlatirons Solutions@FlatironsSols

Page 2: 5 Ways to Boost Regulatory Compliance

2© Copyright 2015 EMC Corporation. All rights reserved.

Who is Flatirons Solutions?

450+ PROFESSI

ONALS

GLOBAL PRESENCE

ASIACHINA • INDIA

EUROPEUK • DENMARK • NORWAY • SWEDEN •

GERMANY

NORTH AMERICAIRVINE • ARLINGTON • AUSTIN •

BOULDER • PHOENIX

SPECIALIZING IN ENTERPRISE CONTENT

LIFECYCLE MANAGEMENT

EMCPARTNER

FOUNDING MEMBER: INFOARCHIVE CONSORTIUM

2014 WORLDWIDE PARTNER OF THE YEAR, ENTERPRISE CONTENT

DIVISION2013 AWARD FOR OUTSTANDING

INDUSTRY SOLUTION FOR HEALTHCARE

2012 EXCELLENCE IN SERVICES INTEGRATION AWARD

Page 3: 5 Ways to Boost Regulatory Compliance

3© Copyright 2015 EMC Corporation. All rights reserved.

Today’s Speaker• Leads engineering activities across all of

Flatirons’ business lines, including development of value-added solutions on the InfoArchive platform

• 3 decades of experiences in all phases of the software development process

• Has led client engagements on Application Decommissioning projects with InfoArchive in the healthcare, financial services, and energy sectors

• Extraordinary mastery of the complex sets of technologies used by customers across various industries

George FlorentineExecutive Vice President,

EngineeringFlatirons Solutions

Page 4: 5 Ways to Boost Regulatory Compliance

4© Copyright 2015 EMC Corporation. All rights reserved.

DefinitionsWhat is Application Decommisioning?

What is InfoArchive?

5 Ways to Boost Compliance

Healthcare Examples

Financial Services Examples

Today’s Business ClimateWhere did all these regulations come

from?

The cost of (non) compliance

AGENDA

Page 5: 5 Ways to Boost Regulatory Compliance

5© Copyright 2015 EMC Corporation. All rights reserved.

Today’s Business Climate

Page 6: 5 Ways to Boost Regulatory Compliance

6© Copyright 2015 EMC Corporation. All rights reserved.

Healthcare: HIPAA Milestones and Hefty Fines

1996Kennedy-

Kassebaum Bill

1st HIPAA law = The Privacy Rule

1999

Enforcement Rule finalized 2006

2000Transaction and Code Sets Final

Rule+

Security Rule, National Provider Identifier (Unique Identifiers) Rule

3 Biggest HIPAA breach fines

$4.8 million 2014

$4.3 million2010

$2.25 million 2009Source: Healthcare IT

News

The Health Insurance Portability and Accountability Act

Page 7: 5 Ways to Boost Regulatory Compliance

7© Copyright 2015 EMC Corporation. All rights reserved.

Sweeping Regulations in Financial Services

1999Gramm-Leach-

Bliley Act

Sarbanes-Oxley (Sox) Act2002

Dodd-Frank Wall Street Reform and

Consumer Protection Act

2010

2010-11Third Basel Accord, Basel Committee

on Banking Supervision (2010)

– defines compliance risk

In 2014US and European banks

paid nearly

$65 billionin penalties and fines

40% greater than in 2013

Source: The Wall Street Journal

Ongoing Impact

Chief Compliance Officers &

DepartmentsFundamentals of Financial Services Compliance – BU

School of LawEnron,

Worldcom scandals

2008 financial crisis,

bailouts

Page 8: 5 Ways to Boost Regulatory Compliance

8© Copyright 2015 EMC Corporation. All rights reserved.

What Does This Mean for You?“We’re in an era of very, very

vigorous enforcement, of heightened super

regulation.” New York’s Superintendent for Financial Services, The Wall Street

Journal

The heavy penalties and increased likelihood of HIPAA non-compliance being discovered means healthcare organizations have now run out of time and must ensure the appropriate administrative, physical and technical safeguards are employed to improve data security and keep ePHI protected.

Source: HIPAA Journal

Source: CIO.com

8© Copyright 2015 EMC Corporation. All rights reserved.

The way you make your case for better security and compliance could make the difference between embarrassing security breaches or a marketable advantage.

Page 9: 5 Ways to Boost Regulatory Compliance

Definitions

9© Copyright 2015 EMC Corporation. All rights reserved.

Page 10: 5 Ways to Boost Regulatory Compliance

10© Copyright 2015 EMC Corporation. All rights reserved.

Definitions

What is Application Decommissioning?

The process of moving data off of outdated, unsupported applications to a single, future-proof repository that provides a secure and regulatory-compliant tool for accessing legacy data.

What is InfoArchive?

An integrated product suite from EMC that archives inactive information from legacy applications, allowing them to be decommissioned. Specifically suited for large organizations that generate substantial and growing volumes of data from business applications and that must comply with a wide range of regulations, especially long-term data retention policies.

Why do organizations decommission legacy applications using InfoArchive?

• Free up IT budget spent maintaining legacy applications

• Simplify IT infrastructure• Lower compliance risk• Give access to legacy data for

big data analytics

Page 11: 5 Ways to Boost Regulatory Compliance

11© Copyright 2015 EMC Corporation. All rights reserved.

5 Ways to Boost Compliance

through Application Decommissioning with

InfoArchive

11© Copyright 2015 EMC Corporation. All rights reserved.

Page 12: 5 Ways to Boost Regulatory Compliance

12© Copyright 2015 EMC Corporation. All rights reserved.

5 Ways to Boost Regulatory ComplianceThrough Application Decommissioning with InfoArchive

Facilitate Records Audits

Enable Business Continuity after M&A

Enforce Capitation Agreements

Easily Execute 1000s of Compliance Policies

Easily Produce Legal Medical

Records

01

04

02 03

05

Page 13: 5 Ways to Boost Regulatory Compliance

Place Holder for Image

#1 Facilitate Recovery Audits

A review of disbursement transactions and the related supporting data to identify and recover various forms of over payments and under-deductions to suppliers.

• Patient data spread over 600+ applications, many legacy• Legacy apps, when no longer needed, aren’t supported, may present

security vulnerabilities and risk of data loss, increasing risk of compliance violations

• Consolidating 600 applications with 15 years of data into one data center

• Providing one repository with an easily accessible and unified archive

• Makes it easy to access legacy patient data to comply with RAC audits

• Reduces risk of losing legacy data on unsupported applications

What is a Recovery Audit?

Client Situation

How Application Decommissioning with InfoArchive Helps

Example: Large non-profit hospital network in the U.S.

Page 14: 5 Ways to Boost Regulatory Compliance

Place Holder for Image

#2 Enforce Capitation Agreements

• Spending 100s of millions of $$ hosting, maintaining 100s of applications no longer needed but that had to be retained for legal reasons

• Physical hosting machines and applications themselves were decades old

• Finding people to keep the data active was difficult• Retire three legacy systems (Healthcare Information, Explanation of

Benefits, and Billing Statements) – composed of 10 specific applications – as a first phase

• Extract 8 TB of data from various databases, convert to XML, consolidate in a central InfoArchive repository

• Develop 45+ easy searches and core screens for access to data to keep in compliance

Client Situation

How Application Decommissioning with InfoArchive Helps

Example: Leader in health benefits and services Serving 75 million people worldwide

A healthcare plan that allows payment of a flat fee for each patient it covers. Under a capitation, an HMO or managed care organization pays a fixed amount of money for its members to the health care provider.

What is a Capitation Agreement?

Page 15: 5 Ways to Boost Regulatory Compliance

Place Holder for Image

#3 Easily Produce Legal Medical Records (LMRs)

The documentation of patient health information that is created by a health care organization, required to prove quality of care, substantiate billing invoices, etc.

• Client had moved to new Epic EMR system but still spending significant $$ to maintain original home-grown legacy applications for legal and compliance reasons

• The EBCIDIC-based mainframe systems and applications were decades old and finding people to keep the data active was difficult

• Retire three applications (HR, Patient Information, Medical Records) as a first phase

• Convert 2.4 TB of legacy data to XML, move it to a central InfoArchive repository, integrate with Active Directory, and develop several easy searches and core screens to allow access to the data to keep client in compliance

• Consolidate all the applications into a single, inexpensive, hosting environment, all under 5 months

What is an LMR?

Client Situation

How Application Decommissioning with InfoArchive Helps

Example: Network of hospitals and primary care clinics

Page 16: 5 Ways to Boost Regulatory Compliance

Place Holder for Image

#4 Enable Business Continuity After M&AExample: To show all lending activity for a banking customer, including lending activity that occurred prior to an acquisition.

• Acquisitions and mergers resulted in duplication of numerous systems, applications, and data

• PeopleSoft application cost BMO $5M+ a year to maintain• PeopleSoft data referenced infrequently, therefore ideal for retirement

• Performed 2-week assessment to determine feasibility and scope of project

• Retired 4 PeopleSoft modules using EMC XML archiving technology, inclusive of process to export, translate, load (ETL), test and retain data

• BMO achieved $5 M savings, while providing long-term access to business-critical data for reporting and regulatory compliance

• Project executed in 3 months; project payback achieved in 4 months

When is data continuity required?

Client Situation

How Application Decommissioning with InfoArchive Helps

Example: Bank of Montreal (BMO) Harris

Page 17: 5 Ways to Boost Regulatory Compliance

Place Holder for Image

#5 Easily Execute 1000s of Compliance Policies

Global organizations may define data retention policies by geography or region. Complying with regulatory requirements to keep the policies current and apply them correctly across disparate systems is a challenge.

• Complex retention policy rules (5,000+)• Difficulty applying retention rules consistently across a wide variety of

application data spanning many years of operation in a global market

• InfoArchive configured to support thousands of retention polices• Consistently applied across a diverse set of sourcing applications• Configured to leverage customer’s use of EMC’s Isilon SmartLock

clustered file system technology• Reduced risk and financial exposure from failed audits

What makes compliance policies complex?

Client Situation

How Application Decommissioning with InfoArchive Helps

Example: Multinational financial services organization

Page 18: 5 Ways to Boost Regulatory Compliance

18© Copyright 2015 EMC Corporation. All rights reserved.

What Does This Mean for You?

Data Compliance isn’t going away – it’s only getting worse

The amount of data you have to manage will only continue to grow

Implementing an Application Decommissioning strategy can help you get a handle on legacy data as part of your overall compliance program

Page 19: 5 Ways to Boost Regulatory Compliance

19© Copyright 2015 EMC Corporation. All rights reserved.

Get started – Free, half-day, on-site application portfolio analysis

www.FlatironsSolutions.com/application-decommissioning

Page 20: 5 Ways to Boost Regulatory Compliance

www.FlatironsSolutions.com/Application-Decommissioning