Wednesday, May 8, 2013

Report from Recent Risk Roundtables in LA & SF

Last week, we held a Risk Roundtable series in Los Angeles and San Francisco. Many thanks to Sheppard Mullin and Sedgwick for hosting. The events featured lively discussions on risk issues ranging from law firm best practices for HIPAA compliance, strategic policies for information governance, new business intake and engagement management. Kathryn Hume, who manages and moderates the Risk Roundtable Program, sends this update:
  • Dan, I'm pleased to report back a successful west coast Risk Roundtable series. Sheppard Mullin and Sedgwick generously agreed to host our group of risk managers and technology leaders. A special thanks to Steven Shock, Chief Technology Officer at Irell & Manella, who led a spirited discussion about the challenges of changing and successfully executing an information governance program. Attendees shared various opinions on email management, document management, records retention and disposition. 
  • At both events, Adam Carlson, who recently joined the IntApp team as an information security expert and consultant, lead a discussion about best practices for HIPAA compliance in law firms. Drawing on his experience helping firms improve their compliance posture before the September 23 enforcement deadline, Adam advised firms to survey systems and practice groups to identify PHI, designate a privacy and security official, tag PHI during intake and develop an access control and activity monitoring strategy to meet key HIPAA privacy and security requirements. 
  • Firms agreed that there remains cultural resistance to implementing a "minimum necessary" model for information access in law firm environments, even as regulations, state laws and clients push firms to restrict access to those who need it to do their work. To contain risk without entirely closing down systems, many firms choose to lock down their most sensitive and valuable information, while leaving less sensitive information available for general internal use. Risk and IT stakeholders agree that it is crucial that management foster a culture of risk awareness to change organizational habits and drive project success.
  • Finally, we spent substantial time in our San Francisco meeting discussing engagement management and new business intake. Firms across the board reported that clients were demanding discounted rates, putting pressure on firms to budget matters on the front end to ensure profitability. In response, many firms are seeking to improve insights into matter pricing patterns so as to make informed decisions about engaging clients in the future. Firms are also revisiting intake to build processes and procedures lawyers endorse and comply with, both to improve data quality and decrease risk.
We're looking forward to our upcoming Roundtable in Toronto.

No comments:

Post a Comment