“What is your message? Is it the same ole stuff?” ~ Miller Heiman

There are only 5 more Selling Days left in July and 49 remaining in the Quarter!!!

It seems most every executive I talk to is trying to figure out a way to create compelling messages to the market that drive interest and create new opportunities. They are all searching for ways to be relevant in a time when there is a clear economic headwind. The funny part is that the end result – the actual marketing piece or sales call – seems to still have the same “ho-hum” message and impact. It appears that people are still afraid to take risks and to create provocative points-of-view.

I think prospects and clients want to hear these points of view so they can quickly figure out if you are someone who understands what is going on in their world. Companies have so much going on right now in terms of just making sure they have a strong foundation for survival. They don’t have time to have drawn out strategic discussions with potential vendors/partners to teach them about their business. Instead, they look for solutions to solve obvious problems.

If your message to the market is generic and more related to how great your company is then I don’t see this as an effective way to generate interest and develop new opportunities. Specific insights demonstrate that you really are an expert and you really do think about the trends in the market. It shows that you will state your opinion even though it may not be aligned with the clients’ issues. But even if it is not aligned, most customers and prospects will move the discussion along and explain how they have a whole different set of issues… either outcome is great!

Selling is truly all about the customer and their issues. The best way to determine if you remain relevant to the market is to look at the new opportunities that are in your Sales Funnel. If you don’t have many, then it is time to change the way you are doing things. At least that is my point of view.

Go out and have a Great Selling Day and make a difference in at least on person’s life today.

“See You at the Top” ~ Bryan Flanagan

In Zig Ziglar’s book See You at the Top, page 48 had a great impact on my life. It was one sentence, but it changed the way I thought about myself. Here’s the sentence:

“You cannot consistently perform at a level that is inconsistent with the way you see yourself.”

You cannot outperform the image you have of yourself. Increase your deserve level; believe in yourself. Transfer that belief to prospects, customers and in fact with everyone you meet no matter where even if it is at the gas station but do it today with the “3 c’s” – confidence, courage and conviction.

Go out and have a Great Selling Day but make sure you make a difference in at least one person’s life today.

As a Record Manager you have to think not only about hard copy storage and destruction but about items that stored daily on your servers – your computers and yes now your phones. Technological innovation, tighter regulation, and a variety of new content channels have all increased the demands placed on electronic archives. Today, archives must address a range of challenges that go beyond its traditional function as a storage facility for email. Archives must serve multiple purposes across all enterprise content, which includes deriving value from information, automating business processes and facilitating compliance and eDiscovery. Therefore, archiving today requires advanced strategy and technology to help you be intelligent about how you manage your enterprise content.

There are many issues that The File Room has to take into consideration as they help companies develop and implement a very specific archiving policies and practices, including:

• Handling all document types and formats, including email, rich media and social media
• Auto classification
• Retention Management and Content disposition
• Corporate governance and Legal mandates (federal/state/local laws and industry regulations)
• Legal holds
• The impact of the Cloud
• End user access and Mobility

These are just a few elements that face all record managers today, issues that we did not have to face 10 years ago or even 5 years ago for that matter. So the questions are: have your reviewed your current policies? Do have a written policy? Are you even following and enforcing that policy? These are critical questions that must asked and answered in the world we live in today so that you remain ready.

It is clear that the Health Information Technology for Economic and Clinical Health (HITECH) Act era creates substantial new legal obligations for entities that operate as “business associates” under the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. What is far less clear is what exactly these new obligations are and when they take effect. This confusion itself further complicates HIPAA contracting today for business associates, the covered entities they serve and any downstream contractors of the business associates. Business associates need to pay careful attention to these issues even today, to ensure appropriate behavior now and to prepare for substantial new compliance obligations that are coming soon.

BACKGROUND - Since HIPAA began, the HIPAA rules have applied directly only to “covered entities”—typically, health plans (such as health insurers and self-insured employee benefit plans) and health care providers (doctors, hospitals, pharmacies, etc). Service providers to these covered entities—called “business associates”—did not have direct compliance obligations. Because the Department of Health and Human Services (HHS) had no direct jurisdiction over business associates but wished to safeguard certain information they would possess, HHS imposed an obligation on the covered entities to implement specific contracts with these vendors that would create contractual privacy and security obligations for these vendors. The failure to execute such contracts would mean the covered entity violated the HIPAA rules. A business associate’s failure to meet a contractual privacy standard would be a breach of that contract but would not subject the business associate to federal enforcement exposure because the business associate was not regulated under the HIPAA rules.

The HITECH law altered this core relationship. By law, Congress imposed new obligations on business associates to comply with specific HIPAA provisions directly under law, not just through contractual arrangements. While this legislation does not turn a business associate into a covered entity, it does create—for the first time—direct accountability for these business associates, with potential civil and criminal liability for a failure to meet applicable requirements. At the same time, Congress also increased the range of penalties that could be imposed for HIPAA violations, creating a double whammy for these service providers.

THE GOOD NEWS  – The HITECH law appeared to impose these new HIPAA obligations one year after it was passed, meaning Feb. 17, 2010. Business associates have prepared to meet this new compliance obligation, both by developing HIPAA-compliant policies and procedures and through renegotiation of tens of thousands of business associate contracts. HHS issued no guidance on these business associate contracts, leaving each covered entity and business associate on its own to determine what appropriate language should be. In a Notice of Proposed Rulemaking (NPRM) published on July 14, 2010, several months after this apparent statutory deadline, HHS finally stepped in to make clear its position that, despite the wording of the HITECH law, these new obligations for business associates would not be enforced until a final HITECH regulation was published and a subsequent seven-month compliance period had run its course. (The proposed rule is available at http://edocket.access.gpo.gov/2010/pdf/2010-16718.pdf.) So, the good news for business associates is that HHS is of the view that business associates are not yet subject to direct HIPAA enforcement, and will not be subject to this enforcement until at least seven months after publication of this final rule (which was expected sometime in 2011, perhaps by the end of the first quarter, but now seems more likely to occur at the end of 2011). This means that until this post-finalization compliance deadline is reached, business associates do not yet have an obligation to meet the full range of requirements imposed by the HITECH law. Also, until the rule is finalized, business associates cannot even be sure exactly what those obligations will be.

THE BAD NEWS  – While this good news is important, there also is significant bad news. First, while it seems clear that HHS will not enforce the HIPAA rules against business associates until the final HITECH rule is published and the compliance period has run, there is no certainty that the state attorneys general (who were granted enforcement authority over HIPAA in the HITECH law) will take the same approach. So, any business associate who “ignores” HIPAA in this interim period is at risk. Second, it is clear that the HIPAA security breach notification rule does apply directly to business associates today, even without the broader set of HIPAA obligations, because the breach notification regulation already is in effect. Because HHS acted more quickly to develop the breach notification rule (though only as an “interim final regulation”), business associates do have a current legal obligation to notify covered entities of certain security breaches, even though they do not yet have a legal obligation to do much of anything else under HIPAA. While the final details of this breach notification rule are still under evaluation, business associates across the country are addressing security breach risk-assessment issues today. These current breach notification obligations (coupled with a wide range of applicable state breach laws) should encourage business associates to move forward with improved security practices across their operations. Third, because current HIPAA rules still require business associate contracts, business associates (and their contracting partners) face ongoing confusion about how to properly implement new business associate contracts. Because there is no final rule, it is not determined what changes—if any—will need to be made to an appropriate existing business associate contract once the rule is finalized. However, until that time, covered entities and business associates still need to implement business associate contracts, amid the ongoing uncertainty and foreseeable need to renegotiate these agreements yet again once the rule is finalized. While recognizing the need to enter into contracts, business associates should be careful not to unwittingly take on obligations beyond those imposed by HIPAA today. Fourth, HHS also complicated the downstream contracting process for business associates in the proposed rule by creating a new obligation to impose full business associate legal obligations on their subcontractors at all levels. While many commentators on the proposed rule objected to this expansion, no final decision has been made. Therefore, again, business associates must enter into contracts now that may need to be renegotiated in a few months. It is clear that appropriate contracts with subcontractors are required now; the open issue is, ultimately, what (if any) legal obligation will be imposed on these subcontractors and what contract changes will be needed to effectuate these requirements.

IMMEDIATE ACTION -   While there are significant open issues about timing and the substance of new compliance obligations, business associates with the assistance of The File Room personnel should be moving aggressively to understand their obligations and prepare for significant changes.