« The Changing User Interface | Main | What types of decisions in the mortgage industry can use EDM? »

How can a business rules solution enable compliance with Sarbanes-Oxley, HIPAA or similar?

A formalized, auditable collection of rules for collecting and acting upon information is central to the requirements of regulatory mandates such as Sarbanes-Oxley and HIPAA. Companies must ensure and enforce compliance by every employee, for every transaction, and in every automated system. With traditional programming techniques, logic on how a program should behave is hard coded into each individual system. So if a corporate policy needs to be changed (because of a new law or increased reporting requirements), each program must be examined, recoded, tested, and redeployed to production.

A business rules product such as Blaze Advisor allows the logic that controls such requirements to be stored in a single location, where it can be reviewed, updated, audited, and accessed by multiple computer programs. Since the logic is not duplicated in multiple programming systems, it is consistent and up to date for use throughout the company.

In a real world scenario, this could mean things like proper privacy warnings posted and audit logs generated for any health services applicant giving information over:

• An interactive website

• A touchtone phone response system

• A telephone conversation with a call center agent

• A computerized application form processed in batch

Because business rules can fire based on immediate changes in known data values (whether calculated or input), they can add controls to the process of data collection as well. Information that is not needed for a particular case can be bypassed, secure in the knowledge that all applicable use scenarios have been considered by the rule engine. This saves time and money for the healthcare provider. Rules can also find cases where one piece of information produces the need for other, related pieces of information as specified by regulatory considerations. The rules make sure that everything that is needed is collected up front, reducing multiple contacts, turnaround time, and the potential for unauditable transactions for compliance purposes.

First time on the EDM blog?
Subscribe to the EDM blog feed or check out some other recent posts:


TrackBack URL for this entry:

Listed below are links to weblogs that reference How can a business rules solution enable compliance with Sarbanes-Oxley, HIPAA or similar?:



I would like to introduce one website for your website visitors if they are interested to know more about HIPAA compliance. How big and small business associates are effected with HIPAA? and also how they can deal with HIPAA regulations along with many other regulations which are important for many small and big business, the regulations like SOX, OSHA, ISO17799, etc. This website acts as a resource to find more information on many different regulatory authorities

The comments to this entry are closed.

Search Site



  • enter your email

Upcoming Events

  • FICO Tools & Analytics User Forum 2012
    BERLIN: September 11-12, 2012 LONDON: September 18-19, 2012 Gain new insights for improving business performance through advanced analytics and decision management tools.