FDA 21 CFR 11
The Food and Drug Administration’s (FDA) Code of Federal Regulations (CFR) Article 21, Part 11 requires
all FDA regulated, including pharmaceutical, medical equipment manufacturing, healthcare and food services
companies, to preserve and secure information by establishing audit trails. CDMS Solutions assist
FDA regulated organizations in gaining compliance with features and functionality built into the software.
Users are able to establish audit trails and retention schedules all while maintaining documents in a
centralized repository for easy access and retrieval.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act is Federal legislation that protects the privacy of student
education records. The law is pertinent to all schools that receive funding under the applicable program
of the U.S. Department of Education. The law awards parents certain rights regarding their children’s
educational records, which transfer to the child at the age of 18 or when the student participates in
additional schooling at a higher level. In addition to being able to gain access to the student records,
parents and eligible students have the right to request corrections of the records if they can substantiate
that it is not accurate or is misleading, or to add a statement to the records if a formal hearing is granted,
but amendments are refused.
In general, schools musts receive written permission from the student or student’s parent in order to release
student records, but FERPA allows schools to disclose the information to certain parties without student or
parent permission. Recipients to whom the information could be sent without the aforementioned permission
include schools to which a student is transferring, organizations requiring information connected with financial
aid, officials involved in health and safety emergencies, State and local authorities involved with juvenile
justice in accordance with their State laws, and other entities mentioned in the legislation. CDMS helps
school administrators to track requests for, and release of, student records, and to build in security regarding
who can access which information, thus enabling schools to demonstrate their compliance with the legislation.
Gramm Leach Bliley Act (GLBA)
The Gramm Leach Bliley Act of 1999, a form of Federal financial privacy legislation, substantially modernized
regulation of financial services and repealed the main provisions of the Glass-Steagall Act and the Bank
Holding Company Act that formerly limited bank holding companies in affiliating with insurance companies and
securities firms. The GLBA allows eligible bank holding companies and foreign banks to become financial
holding companies (FHCs) and expand their array of financial-related activities, and introduces some functional
regulation of these FHCs.
Under the act, financial institutions are required to provide clear and regular notice to customers of the
institution’s policies as they relate to the collection and disclosing of non-public personal information to
other parties. It requires them to create, implement, and maintain safety measures to ensure that customer
information is safe. Companies were required to be compliant starting in 2001. CDMS assists organizations
in maintaining records and leaving thorough audit trails to show compliance with these regulations.
Health Information Portability Accounting Act (HIPAA)
The primary focus of HIPAA, which went into effect in the first quarter of 2003, is centered on protecting a
patient’s privacy. The law encompasses any document that contains a patient’s identifiable information,
including e-mail, electronic, fax, paper, oral, voicemail and phone conversations. Key provisions of the act
include standardizing data exchange, protecting patient confidentiality and securing administrative, health
and financial information by enforcing security procedures.
CDMS Solutions can assist organizations in becoming compliant with HIPAA by implementing
internal controls to manage the flow of information, establishing security precautions limiting access to
patient information and archiving patient records for future retrieval. CDMS also enables organizations
to streamline the healthcare claims process, reduce paperwork to amplify efficiencies and reduce costs, and
improve services to providers, insurers and patients by increasing the accessibility of information.
Sarbanes-Oxley Act (SOX)
SOX was signed into law on July 30, 2002 in response to recent accounting scandals in corporate America. The
primary focus of the act is to assure accuracy and accountability of financial accounting and records retention
of publicly traded companies in the United States. The core focus of SOX is to require organizations to validate
the accuracy and integrity of financial management and to establish procedures for reporting obligations. Under
the act, organizations are required to implement and document internal controls to carry out these procedures.
Once applied, these controls must be evaluated and satisfy audit tests to ensure operating effectiveness.
CDMS helps organizations to comply with SOX legislation in a variety of ways. The software enables retention
scheduling to be built in based on a customer’s needs, and workflow processes enable administrators to sign off
on materials that are to be purged. CDMS Solutions create audit trails that enable auditors (and managers who are
given the appropriate rights) to view the processes and their individual steps in detail.
By leveraging the CDMS Solution, organizations can comply with SOX by establishing audit trails to
monitor access to financial documents, applying security precautions to limit user rights related to document
alteration, instituting retention schedules and archiving final-forms of documents.
Securities and Exchange Commission Rules and Regulations
The CDMS Solution also assists organizations in complying with SEC initiatives. According to the provisions
of the rules and regulations, the software can be configured to establish a centralized, tamper-proof repository
to ensure the accuracy and quality of archived information. It also allows you to electronically create a backup
copy of documents in the event of a business catastrophe.
USA Patriot Act
In response to recent world events, the USA Patriot Act requires financial institutions to verify new accountholder
identification, maintain records of information used for account verification and cross-referencing identities
against Federal terrorism lists. CDMS provides these organizations with a centralized repository to
store records related to customer verification. This allows financial institutions to electronically maintain all
customer records, including names, addresses, dates of birth, and ID number-such as a tax ID numbers, Social
Security numbers or passport numbers.
