DMS SYSTEM COMPLIANCE

WITH PINPOINT, YOU DON'T HAVE TO WORRY ABOUT MAINTAINING COMPLIANCE STANDARDS

DOD | HIPAA | ISO | ADA | OSHA | SEC | SOX | FDA | FACTA

Clinical Document Management

We comply with all FERPA, HIPAA, SOX, OSHA, DOD, and FDA via data governance with full audit trail of all user activity, full role-based security, with BCP in place. System compliance is supported and updated as the rulings are updated or changed. Track all activity by user with date and time stamps. View the complete document life-cycle and all of its versions where reports can be generated and exported for compliance.

LSSP COMPLIANCY

PinPoint ensures to follow these HIPAA compliance standards:

164.308(a)(7)(i)

Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

164.308(a)(7)(ii)

(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.

164.312(a)(1) Access Controls

Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4).

164.312(b) Audit Controls

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

164.312(c)(1) Data Integrity

Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

164.312(c)(2)

Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

164.312(d) Authentication

Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

ADA Compliance

PinPoint is Fully Accessible to All With the Proper Security Access

As Electronic Document and Records Management Systems become more evident, so does the importance of following ADA compliance standards. At LSSP Corporation, we have researched the American Disabilities Act, focusing on the requirements involved in WCAG 2.0, regarding accessibility to electronic documents and records for all.To review the WCAG 2.0 Requirements set forth in section 508 of the Rehabilitation Act, Click Here

PinPoint Document Management Software is compliant in regards to ADA standards, with the ability to convert files to PDF/UA. Visually, PinPoint applies adjustments to the screen colors for visibility. Text to Speech of content captured from the files is also built-in using ADA settings. LSSP Corporation complies with all areas including vision, hearing, and interactions. While we create easy to use UI screens for anyone’s use, we are also working with AI-powered solutions in order to meet complianc standards with the WCAG 2.1, ADA, Section 508 and other legislation to make PinPoint fully accessible. For more information regarding ADA Compliance and Electronic Document and Records Management, you can visit the U.S. Department of Health and Human Services website or Click Here

Document Management and ISO Compliance

PDF/UA, or “Universal Accessibility” represents the International Standard Organization’s (ISO) standards for Accessible PDF technology. PinPoint has the ability to convert files to PDF/UA so that it maintains compliant with the PDF/UA requirements. These features within PinPoint ensure that documents can be more accessible than any other document management system out there. For more information on PDF/UA and accessibility, Click Here

SEC Compliance

LSSP Corporation maintains compliance with the following standards:

17a-4(f)(2)(ii)(A) Email Preserved Format

Preserve the records exclusively in a non-rewriteable, non-erasable format.

17a-4(f)(2)(ii)(B) Automatic Integrity Verify

Verify automatically the quality and accuracy of the storage media recording process.

17a-4(f)(2)(ii)(C) Serialized Record Capture

Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required
period of retention.

17a-4(f)(2)(ii)(D) Immediate Download Functionality by Examining Authority

Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.

17a-4(f)(3)(i) Legibility for Examining Authority

At all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images.

17a-4(f)(3)(ii) Audit Accessibility by Examining Authority

Be ready at all times to provide, and immediately provide, any facsimile enlargement which the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer may request.

17a-4(f)(3)(iii) Separate Duplication

Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required.

17a-4(f)(3)(iv) Index Accuracy

Organize and index accurately all information maintained on both original and any duplicate storage media.

17a-4(f)(3)(iv)(A) Index Accessibility by Examining Authority

At all times, a member, broker, or dealer must be able to have such indexes available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

17a-4(f)(3)(iv)(B) Index Redundancy

Each index must be duplicated, and the duplicate copies must be stored separately from the original copy of the index.

17a-4(f)(3)(iv)(C) Index Preservation

Original and duplicate indexes must be preserved for the time required for the indexed records.

17a-4(f)(3)(v) Audit Accountability

The member, broker, or dealer, must have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved pursuant to Rules 17a-3 and 17a-4 to electronic stage media and inputting of any changes made to every original and duplicate record maintained and preserved thereby.

17a-4(f)(3)(v)(A) Audit Record Access by Examining Authority

At all times, a member, broker, or dealer must be able to have the results of such audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

17a-4(f)(3)(v)(B) Audit Record Preservation

The audit results must be preserved for the time required for the audited recordsAccess Means by Examining Authority 17a-4(f)(3)(vi)The member, broker, or dealer must maintain, keep current, and provide promptly upon request by the staffs of the Commission or the self-regulatory organization of which the member, broker, or broker-dealer is a member, all information necessary to access records and indexes stored on the electronic storage media.

SOX Compliance

LSSP Corporation maintains compliance with the following standards:

103(a)(2)(A)(i) Record Retention

Prepare and maintain, for a period of not less than 7 years, audit work papers and other information related to any audit report, in sufficient detail to support the conclusions reached in such report.

105(b)(2)(B) Production of Records

Require the production of audit work papers and any other document or information in the possession of a registered public accounting firm or any associated person thereof, wherever domiciled, that the Board considers relevant or  aterial to the investigation, and may inspect the books and records of such firm or associated person to verify the accuracy of any documents or information supplied.

301(4)(A) Retention of Complaints

The receipt, retention, and treatment of complaints received -by the issuer regarding accounting, internal accounting controls, or auditing matters.

404(a)(1) Internal Controls

State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

Section 802(a) Record Alteration or Destruction

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

FDA Compliance

PinPoint maintains FDA compliance in regards to electronic records and electronic signatures. Below is a review of these standards:

Electronic Signatures. Sec. 11.200 Electronic signature Components and Controls


Electronic signatures that are not based upon biometrics shall:

•Employ at least two distinct identification components such as an identification code and password.

•When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at  least one electronic signature component that is only executable by, and designed to be used only by, the individual.

•When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

•Be used only by their genuine owners; and be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

•Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.