Minimizing the risk: Document privacy and compliance
Insurance companies and other businesses in regulated industries view security breaches and regulatory infractions associated with customer communications as big risks. Poorly-constructed documents, errors in distribution, or obsolete content can result in fines, lawsuits, remediation expenses, negative publicity and even loss of customers.
Mistakes and regulatory infractions can happen in high-volume documents and “1-off” single-recipient correspondence alike, but for different reasons and the preventative actions need to be different.
In production environments, a great many personalized documents are created in large batches, largely unseen by human eyes. Software bugs, human error, and network communication interruptions can cause data from two different customers to be printed on the same document. Or events such as mechanical issues, paper jams, or operator errors can result in pages from different accounts finding their way into an envelope mailed to a single customer.
Double-stuffed envelopes, out of sync duplex printing, incorrect paper or envelope stock, obsolete boilerplate text, and mixed up data can cause concern for customers and grief for the insurance provider and their print/mail processing vendors. I recently heard a story where one TPA solution provider incorrectly printed and mailed over 10,000 documents to Carrier A’s insured using Carrier B’s logo and name. You can imagine the nightmare that caused.
Modern print and mail facilities should have safeguards to prevent or catch these kinds of mistakes, but they still happen. When they do, the negative publicity is damaging. Sending corrected documents, staffing for extra customer service support, and measures such as stopping payment on checks or paying for credit monitoring are expensive.
Exposure of a different kind
Though the number of impacted customers is small compared to high-volume document operations, employee errors or lack of controls in departmental “1-off” correspondence systems can cause privacy or compliance issues too. Without a centralized document template facility, employees may be relying on the copy-and-paste method of document composition. This can lead to embarrassing and costly mistakes.
A simple human error such as choosing the wrong document template can create problems when regulations for document language or content differ among localities. Accidently leaving private information in the body of a document (left over from the previous recipient) is another easy mistake made in manual workflows based on standalone copies of word processing software.
Take preventative measures
Fortunately, insurers can reduce the risk of regulatory and privacy infractions in both the high-volume environment and “1-off” correspondence.
Insurance companies should perform regular audits to verify the processes, controls, and procedures at in-house or outsourced print/mail facilities to prevent or intercept document errors before they get into the mail. The audits should confirm quality control protocols are diligently enforced.
For “1-off” correspondence and other lower-volume materials produced by internal departments, insurers can lower their exposure to privacy and compliance violations by implementing centralized document template repositories. Once centralized, the only copy of a document template is the official one authorized by the legal department. In this type of environment, there is no risk of individual users working with obsolete materials. Templates containing variable data placeholders, including locality-specific text blocks, are resolved at composition time. Such solutions eliminate many of the errors associated with copying and pasting.
Electronic documents are not exempt from privacy and regulatory compliance violations. Though paper-handling issues are no longer present, many of the items that cause incidents are the same as those encountered in physical document workflows. Similar error-checking, quality control, and centralization strategies are useful in the world of electronic messages just as they are for print.