Humana Inc. And the Sarbanes-Oxley

HUMANA INC. And the Sarbanes-Oxley Act

Internal controls and constraints: Adapting to new regulations

No corporation looks forward to implementing new internal controls, but the passage of the Sarbanes-Oxley Act (SOX) has made it a necessity for all public companies. According to M. Fitzgerald's 2006 article from CIO Insight entitled "The art of compliance," because the Humana corporation made regulatory compliance part of its corporate culture, Sarbanes-Oxley seemed like a proverbial piece of cake. As a leading player in the healthcare industry, the need to conform the onerous requirements of the Health Insurance Portability and Accountability Act (HIPAA) made Humana experienced in how to effectively deal with the demands of federal regulatory agencies (Fitzgerald, 2006, p.47). Humana had always been a pioneer in the field of internal control constraints. It already had a regulatory compliance department to oversee such challenges without other distractions. In the case of implementing HIPAA, this was also important in terms of restricting the visibility of patient data as much as possible (Fitzgerald, 2006, p.50).

The efficiency and effectiveness of Humana's it department was vital in meeting the requirements of an it-specific law such as HIPAA. But creating an online, single, Web-based source of information has also been cited as important in Sarbanes-Oxley compliance, so that financial and non-financial data can be validated by as many eyes as possible. (One contrast between SOX and HIPAA is that while the latter was designed to restrict access to information to preserve patient confidentiality, SOX's intention was to increase transparency). Information must be immediately visible to optimize Sarbanes-Oxley compliance, and thus an organization should use high-quality software programming appropriate to its needs: once again harkening back to the need to have it workers specifically focused upon regulatory conformity (Beal 2003). But it is not only a single department that can or should shoulder the burden: the main reason to use a Web-based application for SOX compliance is so everyone, no matter what their position, is involved in collaborating and facilitating the flow of information and engaged in the collecting and reporting of relevant data (Beal 2003). To improve security procedures, annual compliance training for all employees is mandated at Humana.

Humana has also been praised for its positive organizational attitude in adapting to HIPAA and SOX, although corporate officials acknowledged that some aspects of meeting regulatory goals were challenging. Still, compliance with both legislative acts has been portrayed by top management as 'good hygiene' in terms of patient security and accounting practices. There was none of the excessive hostility or secrecy sometimes seen when adapting to new regulatory challenges at other corporations (Fitzgerald, 2006, p.50). This attitude made all employees more willing to take such steps as memorizing rather than writing down passwords, which may have proved an irritant had not the organization stressed its necessity.