The regulatory compliance landscape has experienced dramatic changes in recent years. Historically, specific industries such as energy, utilities, manufacturing, health care and aviation had stringent compliance requirements for learning management. Today, almost every industry, including financial services, government and retail, has complex compliance requirements.
As regulations have grown in number, scope and complexity, the penalties for noncompliance have expanded to include hefty fines, as well as jail sentences. With corporate compliance continuing to be top of mind for executives at all levels within organizations, chief learning officers increasingly look for ways to leverage their learning management systems (LMS) to meet ever-changing and increasing regulatory mandates.
As new regulations emerge and existing standards continue to evolve, organizations need to carefully monitor and manage their compliance initiatives and implement effective systems that automatically deliver and track critical employee training. Employee knowledge and learning must be captured, tracked, validated and measured to ensure precise standards are followed. In industries such as manufacturing and energy, for example, organizations must be able to certify an employee’s ability to operate equipment and machinery.
Corporate Compliance is Both Self-Regulated and Externally Regulated
Corporate compliance today generally falls into two categories: self-regulated and externally regulated. Many companies self-regulate to improve business performance, to ensure employee safety and to reduce insurance costs. Companies tend to comply with external regulations to avoid severe legal consequences (including substantial fines), to minimize shareholder lawsuits and to maintain a positive public image.
An LMS’ ability to facilitate corporate compliance largely depends on a company’s industry and the regulations that govern policies and practices within that industry. Even within one industry, companies will leverage the components of an LMS differently to meet their specific, individual challenges. While some might have challenges with revision management and version control, others struggle with electronic signatures. The following high-profile examples of severe and negative consequences that can result from noncompliance highlight the value an LMS can provide in augmenting corporate efforts to adhere to both self-regulated and externally regulated mandates.
In the self-regulated category, consider the complex issues relating to sexual harassment in the workplace. In general, sexual harassment is governed by Title VII of the Civil Rights Act of 1964, which prohibits employment discrimination based on race, sex, national origin or religion. Although the U.S. Equal Employment Opportunity Commission (EEOC) has issued regulations defining sexual harassment and can initiate lawsuits against private employers, the commission does not actively monitor individual corporations’ efforts to prevent sexual harassment in the workplace. Individual companies — regardless of size, industry or geography — must demonstrate they actively work to prevent illegal discrimination.
For some companies, demonstrating they have put forth their best effort in preventing sexual harassment has been an ongoing challenge. In 1996, complaints of sexual harassment by women at a large automotive plant in Illinois resulted in an EEOC investigation and a landmark lawsuit. The company ultimately paid out $34 million in compensatory damages because it could not prove its employees had been adequately trained and informed about corporate sexual harassment policies.
More recently, another large automotive manufacturer settled a sexual harassment lawsuit against a high-ranking executive. In this case, which was settled out of court, an employee filed a $190 million lawsuit against the company, accusing the executive of harassing her while other company executives, upon being made aware of her complaints, failed to take action to protect her.
In each of these cases, an LMS could have been an asset to the companies by proving the accused individuals had been told in advance such behavior was not acceptable. The burden of proof was on the companies to demonstrate to the courts that employees had been trained and agreed to behave in accordance with a specific code of conduct. An LMS links training requirements to specific jobs and automatically assigns appropriate training to employees. The systems provide training progress reports and track revisions to procedures. Most importantly, the systems provide an electronic audit trail that shows which employee learned what and when. This helps companies defend against sexual harassment suits by providing proof that it took the proper steps to prevent the situation from occurring.
An LMS also can aid externally regulated mandates. One of the most well-known regulations in this classification is the Sarbanes-Oxley Act of 2002 (SOX). This regulation, passed in the wake of investor fraud scandals at industry giants Enron Corp. and WorldCom Inc., governs public companies and addresses accounting and reporting practices — specifically auditor independence, corporate governance and financial disclosures. The regulation also holds chief executives criminally accountable if the provisions aren’t followed. Federal employees are subject to the government equivalent to SOX: the Office of Management and Budget’s (OMB) Circular A-123, which defines the management responsibilities for internal financial controls in federal agencies. Circular A-123 requires federal managers to establish, assess, correct and report on management controls that improve the accountability and effectiveness of federal programs and operations.
An LMS facilitates SOX and OMB compliance by providing an audit trail, demonstrating transparency and accountability. An LMS maintains a complete record of every learning and administrative activity and offers a wide variety of customizable reports detailing the specific training an individual has received. Individuals no longer can claim ignorance of corporate or government policies. In this way, responsibility — and often liability — is transferred from the company to the individual.
In the health care industry, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates procedures for health insurance coverage, security and privacy of health data. The regulation requires health care organizations, whether individual physician practices or large HMOs, to ensure they are protecting the privacy and security of patients’ medical information and using a standard format when submitting electronic transactions such as insurance claims. Failure to comply with HIPAA regulations can result in civil and criminal penalties. Civil penalties can cost $100 per violation, up to $25,000 per year. Criminal prosecution can result in fines of up to $250,000 and imprisonment for up to 10 years.
An LMS can ease HIPAA compliance by ensuring employees are trained quickly and updated — continually and automatically — on any changes to regulations. An LMS also prioritizes training based on job function. The system reviews job functions and identifies which employees need training immediately.
Externally regulated Good Manufacturing Practice (GMP) regulations also present compliance challenges that an LMS can address. Overseen by the U.S. Food & Drug Administration (FDA), GMP regulations apply to manufacturers, processors and packagers of drugs, medical devices and food. In essence, GMP regulations address recordkeeping, personnel qualifications, cleanliness, equipment verification and complaint handling to ensure products are safe, pure and effective.
Bonfils Blood Center is an example of a nonprofit organization that is subject to many of the same FDA regulations as larger pharmaceutical firms. As Colorado’s only community blood center, Bonfils operates two subsidiaries: the Laboratories at Bonfils, which performs mandatory testing on patients for procedures such as transplant compatibility, and HemoNet, an application service provider to manage blood donor databases. Bonfils uses an LMS from Plateau to administer and track employee training, which ranges from job-specific instruction for lab manufacturing personnel who create different blood products to career and leadership development training. Because course content frequently is revised to ensure compliance with changing FDA mandates, it is imperative that Bonfils employees remain current in their training. As such, Bonfils relies heavily on its LMS system to rigorously track training completion for the most current courses.
When organizations do not follow GMP regulations, the impact can be catastrophic. For example, in 2004 a plant belonging to one of the largest U.S. manufacturers of the influenza vaccine was shut down amid contamination concerns. A nationwide panic ensued, and more than two years later, although the supply is fully restored, consumer confidence in the availability of the vaccine remains tenuous.
If product contamination is suspected, the training of every employee who worked on that product will be audited. In order to provide a validated environment that can withstand FDA scrutiny, companies must be able to demonstrate their training is thorough and their records haven’t been altered. The electronic signature functionality of an LMS is critical for maintaining compliance with GMP regulations. In fact, the regulations specifically call for electronic signatures in Title 21 of the Code of Federal Regulations (21 CFR Part 11), which states that if a change is made to a record, a company must document what the record was before the change, and what it became after the change. Each change must have a signature associated with it. Using the electronic signature functionality of an LMS can result in huge advantages for companies working to comply with GMP regulations.
Key Aspects of a Learning Management System in Managing Compliance
As companies develop their LMS strategies and system criteria, they should not overlook the benefits of selecting and deploying a system that also can facilitate their corporate compliance efforts. Strategic deployment of an LMS can help with compliance in many ways:
The LMS can tie new revisions of procedures to the individuals who need the training and then deliver the new training to those individuals in a way that can be automatically tracked and audited.
In evaluating an LMS’ ability to aid with regulatory compliance, savvy buyers will ask the following questions:
A Mission-Critical Imperative
An increasingly complex, challenging and dynamic regulatory environment has made learning management a mission-critical imperative for most organizations today. Effectively managing compliance can help companies improve quality and employee safety, as well as reduce insurance costs and avoid legal consequences and fines. Successful companies gain real value in today’s regulatory environment by delivering and tracking employee training to ensure adherence to corporate governance standards. By enabling transparent, verifiable training records, learning management systems play a critical role in corporate compliance initiatives.
Ed Cohen joined Plateau as chief technology officer in 1999 as part of a merger between Plateau and Sensory Computing. He founded Sensory Computing, which produced instructional titles, an LCMS and reusable learning objects functionality within an authoring tool. He can be reached at ecohen@clomedia.com.