Even before the pandemic, data security and compliance were on the minds of C-suite leaders in all industries. Now, after two years of adopting new ways of working, often remote and virtual, the challenges of information governance and compliance are again taking center stage. While organizations try to stay within compliance, the challenge is in overcoming the uncertainty that will continue well into 2022 and beyond.
Organizations must confront countless regulatory requirements around the globe, as well as internally driven demands. And this is not to mention changing societal and customer expectations when it comes to privacy, authenticity, and accountability. For information management professionals, the frenzy of activity is not expected to slow down anytime soon.
The implications of data security and compliance can be seen clearly by looking at two important market sectors: Financial Services and Healthcare. Both are experiencing tremendous disruption and increasing risk, and provide a grounding for the compliance challenges across all industries and regions. Let’s take a look at both in detail.
The Financial Services industry is facing many challenges in 2022. Security threats. New regulatory requirements. Increased demand from new users and devices. There’s a lot to consider. But that is nothing new for an industry that began experiencing a major transformation long before “digital transformation” was a thing. Indeed, for most everyone today, the very idea of visiting a physical bank branch has become an antiquated notion. And that perception became a norm during the pandemic. You could say that the banking industry is the most digitally disrupted industry today, and with that disruption comes some critical impacts.
Hybrid work environments
As the business world returns to some form of normality, banks and financial service firms are making big decisions about what the new work environment will look like. Like most organizations, the pandemic forced banks to go digital as employees began working from home. While at first, it was a survival tactic, many firms found that remote work has its’ advantages.
Remote work, however, introduces an extra level of compliance complexity for banks. Organizations have had to adapt quickly to evolving restrictions and revise their internal policies and practices to include remote work, particularly when it comes to safeguarding sensitive information away from the office. In Europe, this includes meeting GDPR requirements. And the ICO has already issued guidance and security checklists on how organizations can better protect data remotely by identifying typical IT vulnerabilities. Remote employee conduct and ethics also must be considered. Reduced oversight when employees are working remotely can lead to increased levels of noncompliance.
Evolving regulatory landscape
In addition to pandemic-fueled regulatory change, banks and financial firms must now also consider political disruptions that influence the regulatory landscape. These include disruption in Europe from Brexit and the many personnel and policy changes under Joe Biden’s administration in the U.S. in key regulatory agencies that are reversing many Trump policies and tightening banking oversight in general. Financial services companies must also prepare for new regulations concerning UK/EU trade agreements.
Banking compliance officers know that staying current on all of these regulatory obligations requires overwhelming amounts of data and documentation from multiple policymakers. Organizations must be able to translate that information into actions and strategies that update relevant organizational processes, controls, and policies. Failure to do so can lead to large fines. For a serious infringement of the GDPR, for example, the potential fines are up to 20 million euros or 4% of an organization’s worldwide annual revenue.
The pandemic accelerated digital transformation within the banking sector and today’s customers demand an always-on experience. Consumers are now embracing digital platforms to access many different products and services, which has pushed technology to the forefront of the strategic agenda for many financial service organizations. To meet this challenge head-on, IT teams need access to the right architectural and operational expertise for technology solutions that help you scale to handle increased customer engagement and grow into new revenue opportunities.
Regulatory experts warn that digital transformation is still a relatively gray area when it comes to banking compliance, however; with no one-size-fits-all approach as to how it should be regulated. Regulators are struggling to keep up with the pace of digitization, especially in areas related to machine learning, artificial intelligence, and big-data analytics. The question for compliance officers and technology leaders is: at what point will regulators intervene with a bank’s digital-transformation efforts? A successful digital transformation program requires good overall data governance and risk management. Compliance officers need a front-row seat as organizations evolve their data strategy as part of the wider digital transformation.
For practitioners in healthcare, one of the biggest challenges of data security and compliance is that of matching IT resources with highly complex compliance requirements while keeping daily processes working efficiently and securely. Indeed, moving patients efficiently through a single or multi-physician practice while handling the necessary daily workflow…while at the same time ensuring ever-higher levels of compliance…is a huge challenge. And the sensitivity and privacy of medical information make regulatory compliance an increasingly front-and-center C-suite concern.
Data security and compliance in healthcare are complex. And while many large-scale healthcare organizations have enterprise-sized budgets and teams of IT to support the effort, many small medical practices struggle to balance data security and regulatory compliance demands with the needs of effectively running the clinic and delivering healthcare. There are several impacts to consider.
Healthcare is the top target of hackers and cyber thieves because of the rich stores of private and sensitive information available. Indeed, according to the U.S. Department of Health and Human Services Office for Civil Rights, more than 500 healthcare cybersecurity breaches were reported in the past year. These breaches affected more than 5 million patients. The effects of the pandemic have created the conditions that lead to many of these breaches as healthcare facilities have adopted new methods of working to deal with the business place effect of COVID-19 guidelines. This has meant many organizations need to handle sensitive information online through servers that were at times unprotected. Read the article “Cybersecurity in 2021” for more on this topic.
In the U.S., healthcare organizations will spend roughly $125 billion on cybersecurity this year to help update outdated systems and protect patient information. Healthcare organizations must ensure that there are systems in place to audit claims and monitor for potential billing irregularities. To do this, communication will be key. Compliance officers will need to establish clear lines of communication so that everyone knows what is at stake. One way to do that is to have regular employee cybersecurity training and meetings that demonstrate that cybersecurity is a top concern.
The use of telemedicine has grown significantly over the past 18 months. According to the American Medical Association, telemedicine jumped from 25% in 2018 to almost 80% in 2020. Indeed, 67% of physicians connected with patients using video-based visits last year. Remote patient monitoring jumped as well, with 20% of physicians saying they used remote patient monitoring today, almost twice as many as pre-pandemic. Physicians also increasingly turned to telemedicine to consult with colleagues, though not as much as they use the technology to connect with patients. Over 26% used videoconferencing to consult with colleagues last year.
Regulating telehealth has been a big concern for compliance officers. Maintaining and protecting the increasing variety and volume of data has been another challenge as new regulations have made cybersecurity a significant priority through the HIPAA Security Rule. Cybersecurity is a substantial threat to ensuring compliance with a remote workplace.
Best practices for conquering compliance
The need to conquer compliance challenges is not just limited to financial services and healthcare organizations. Where does your organization sit in terms of data security and compliance? Here are some recommendations to improve your information governance efforts.
- Create an information governance team including representatives from IT, Records Management, Compliance, Legal, and all lines of business.
- Review the risks posed by the types of information that you hold. What happens if it is lost or exposed, including those involving internal staff or caused by general negligence?
- Draft an information governance policy. Focus initial efforts on areas where the content is the most sensitive.
- If you have extensive image archives of scanned documents, consider re-capturing them with modern OCR to create enhanced metadata and improve the potential for analytics.
- Investigate day-forward process automation and data classification, particularly for process-based and routine inbound content that will, in effect, automate ongoing compliance.
Today, information security and compliance demand greater levels of information governance. Data hacking is at an all-time high, regulations are getting stricter, and the risks posed to organizations have never been more demanding. Consider these factors and best practices as you design your strategies. Look for providers and partners with the right mix of capability, vision, and expertise that will allow you to take the right actions to properly secure and protect private information.