Client portal

Last updated

A client portal is an electronic gateway to a collection of digital files, services, and information, accessible over the Internet through a web browser.

Contents

The term is most often applied to a sharing mechanism between an organization and its clients. [1] The organization provides a secure entry point, typically via a website, that lets its clients log into an area where they can view, download, and upload private information.

Client portals are most prevalently used for the secure exchange of financial information, usually when teams are working remotely. Privacy laws such as the Gramm–Leach–Bliley Act require that organizations encrypt their clients' personally identifiable information that is sent online electronically. Sharing such information through email does not comply with the Gramm–Leach–Bliley Act and other federal privacy laws. [2] Client portals allow users to centralise and virtualise their organization, usually to increase efficiencies and communication.

Other advantages of client portals, as distinguished from email, include increased file size limitations and self-service access to a private repository.

Client portals are often used in conjunction with workflow automation and document management to maximize work environment efficiency. [3]

Industries

Client portals are prevalent in many industries. Industry sectors include various commercial organisations and aren't usually specific to one industry. Owing to the nature of the industry, law firms make up a significant number of client portal users. This is because lawyers are constantly collaborating and interacting with clients, involving a significant amount of paperwork. In these cases the file sharing functionality is imperative. [4] Some client portal features extend to invoicing, time logging and expenses tracking. These benefits lead to a number of Small and medium enterprises using client portals to manage their business operations. [5]

Issues

Security has been a hot topic surrounding client portals. Many client portals feature 256 bit SSL, similar to that of online banking,[ citation needed ] but businesses with sensitive information, such as medical data, sometimes express concerns about their data being in the cloud. Businesses still wishing to use client portals usually adopt private cloud solutions and host the software on-premises.

See also

Related Research Articles

<span class="mw-page-title-main">Intranet</span> Network of private resources in an organization

An intranet is a computer network for sharing information, easier communication, collaboration tools, operational systems, and other computing services within an organization, usually to the exclusion of access by outsiders. The term is used in contrast to public networks, such as the Internet, but uses the same technology based on the Internet protocol suite.

A web portal is a specially designed website that brings information from diverse sources, like emails, online fora and search engines, together in a uniform way. Usually, each information source gets its dedicated area on the page for displaying information ; often, the user can configure which ones to display. Variants of portals include mashups and intranet "dashboards" for executives and managers. The extent to which content is displayed in a "uniform way" may depend on the intended user and the intended purpose, as well as the diversity of the content. Very often design emphasis is on a certain "metaphor" for configuring and customizing the presentation of the content and the chosen implementation framework or code libraries. In addition, the role of the user in an organization may determine which content can be added to the portal or deleted from the portal configuration.

A document management system (DMS) is usually a computerized system used to store, share, track and manage files or documents. Some systems include history tracking where a log of the various versions created and modified by different users is recorded. The term has some overlap with the concepts of content management systems. It is often viewed as a component of enterprise content management (ECM) systems and related to digital asset management, document imaging, workflow systems and records management systems.

<span class="mw-page-title-main">Gramm–Leach–Bliley Act</span> Act of the 106th United States Congress (1999–2001)

The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies, and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies. The legislation was signed into law by President Bill Clinton.

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Enterprise content management (ECM) extends the concept of content management by adding a timeline for each content item and, possibly, enforcing processes for its creation, approval, and distribution. Systems using ECM generally provide a secure repository for managed items, analog or digital. They also include one methods for importing content to bring manage new items, and several presentation methods to make items available for use. Although ECM content may be protected by digital rights management (DRM), it is not required. ECM is distinguished from general content management by its cognizance of the processes and procedures of the enterprise for which it is created.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.Morrison, Steven R. "What the Cops Can't Do, Internet Service Providers Can: Preserving Privacy in Email Contents". Va. JL & Tech.</ref>

<span class="mw-page-title-main">Telephone Records and Privacy Protection Act of 2006</span>

The Telephone Records and Privacy Protection Act of 2006 prohibits pretexting to buy, sell or obtain personal phone records, except when conducted by law enforcement or intelligence agencies. The recent bill threatens up to 10 years in prison to anyone pretending to be someone else, or otherwise employs fraudulent tactics to persuade phone companies to hand over confidential information about their customers.

<span class="mw-page-title-main">SharePoint</span> Web application platform

SharePoint is a web-based collaborative platform that integrates natively with Microsoft 365. Launched in 2001, SharePoint is primarily sold as a document management and storage system. However the product is highly configurable, and its usage varies substantially among organizations, mostly spacing from sharing information through intranets to internal apps implementing business processes through workflows.

Email archiving is the act of preserving and making searchable all email to/from an individual. Email archiving solutions capture email content either directly from the email application itself or during transport. The messages are typically then stored on magnetic disk storage and indexed to simplify future searches. In addition to simply accumulating email messages, these applications index and provide quick, searchable access to archived messages independent of the users of the system using a couple of different technical methods of implementation. The reasons a company may opt to implement an email archiving solution include protection of mission critical data, to meet retention and supervision requirements of applicable regulations, and for e-discovery purposes. It is predicted that the email archiving market will grow from nearly $2.1 billion in 2009 to over $5.1 billion in 2013.

<span class="mw-page-title-main">ShareFile</span>

ShareFile is a secure content collaboration, file sharing and sync software that supports all the document-centric tasks and workflow needs of small and large businesses. The company also offers cloud-based or on-premises storage, virtual data rooms and client portals. ShareFile is owned by Citrix Systems.

Employee monitoring is the surveillance of workers' activity. Organizations engage in employee monitoring for different reasons such as to track performance, to avoid legal liability, to protect trade secrets, and to address other security concerns. This practice may impact employee satisfaction due to its impact on the employee's privacy. Among organizations, the extent and methods of employee monitoring differ.

Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created (ESI).

Document Capture Software refers to applications that provide the ability and feature set to automate the process of scanning paper documents or importing electronic documents, often for the purposes of feeding advanced document classification and data collection processes. Most scanning hardware, both scanners and copiers, provides the basic ability to scan to any number of image file formats, including: PDF, TIFF, JPG, BMP, etc. This basic functionality is augmented by document capture software, which can add efficiency and standardization to the process.

<span class="mw-page-title-main">Internet Security Awareness Training</span>

Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT).

NIST Special Publication 800-92, "Guide to Computer Security Log Management," establishes guidelines and recommendations for securing and managing sensitive log data. The publication was prepared by Karen Kent and Murugiah Souppaya of the National Institute of Science and Technology and published under the SP 800-Series; a repository of best practices for the InfoSec community. Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time.

Privacy and the United States government consists of enacted legislation, funding of regulatory agencies, enforcement of court precedents, creation of congressional committees, evaluation of judicial decisions, and implementation of executive orders in response to major court cases and technological change. Because the United States government is composed of three distinct branches governed by both the separation of powers and checks and balances, the change in privacy practice can be separated relative to the actions performed by the three branches.

Financial privacy laws regulate the manner in which financial institutions handle the nonpublic financial information of consumers. In the United States, financial privacy is regulated through laws enacted at the federal and state level. Federal regulations are primarily represented by the Bank Secrecy Act, Right to Financial Privacy Act, the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act. Provisions within other laws like the Credit and Debit Card Receipt Clarification Act of 2007 as well as the Electronic Funds Transfer Act also contribute to financial privacy in the United States. State regulations vary from state to state. While each state approaches financial privacy differently, they mostly draw from federal laws and provide more stringent outlines and definitions. Government agencies like the Consumer Financial Protection Bureau and the Federal Trade Commission provide enforcement for financial privacy regulations.

Spy pixels or tracker pixels are hyperlinks to remote image files in HTML email messages that have the effect of spying on the person reading the email if the image is downloaded. They are commonly embedded in the HTML of an email as small, imperceptible, transparent graphic files. Spy pixels are commonly used in marketing, and there are several countermeasures in place that aim to block email tracking pixels. However, there are few regulations in place that effectively guard against email tracking approaches.

References

  1. American Institute of CPAs. "The Rage Surrounding Client Portals (July 2008)". Archived from the original on 2016-03-04. Retrieved 2010-08-17.
  2. Journal of Accountancy. "Client Portals: A Secure Alternative to E-Mail (February 2010)".
  3. CPA Technology Advisor. "Building Strategy: How Workflow, Document Management and Portals Work Together (June 2010)". Archived from the original on 2010-12-12. Retrieved 2010-08-17.{{cite web}}: |last= has generic name (help)
  4. Seyle, Donna. "Expand Your Solo or Small Firm Practice Using Client Portals" (PDF). Law Practise Today. Archived from the original (PDF) on 18 April 2016. Retrieved 29 January 2014.
  5. Cohn, Michael (28 January 2014). "Zoho Revamps Online Accounting Software". Accounting Today. Retrieved 29 January 2014.