1

Record Management

Medical Center Administrative GroupFall Symposium

November 15, 2000

University Audit

2

Office of University Audit

Salim M. Alani, Director

ext. 5-2291

salani@audit.rochester.edu

Sandra E. Dano, Auditor

ext. 5-1100

sdano@audit.rochester.edu

website: http://listener.uis.rochester.edu/audit/

3

Office of University AuditOrganizational Chart

M an ag er M an ag er M an ag er

D irec to rO ffice o f U n ive rs ity A u d it

S en io r V ice P res id en tfo r A d m in is tra tion an d F in an ce

an d C h ie f F in an c ia l O ffice r

P res id en t

B oard o f Tru s tees(A u d it C om m ittee )

S en io rA u d ito r A u d ito r A u d ito r

4

Mission Statement

To provide audit and advisory services to the University Community by assessing risks, analyzing controls, and ensuring that business practices are effective, efficient, and compliant with University and regulatory policies.

5

Records Management Topics

What are Records Proper Treatment of Confidential Records

– security over storage, limiting access, transporting, faxing, legislation

Compliance Issues Destruction of Records Petty Cash Funds

6

Three Words to Remember:

Communicate

Compliance

Confidentiality

7

What are Records?

The records we’re talking about in today’s presentation are collections of items of data and information.

8

Records may be on: computer-stored files paper notes, forms and

reports x-rays drawings photographs video or sound tapes microfilm/microfiche e-mail electronic imaging

9

Confidential Records Include:(but are not limited to)

social security numbers salary information information about patients and their care student grades employee performance evaluations

10

Confidential Records

Must be stored to protect confidentiality.

- locked drawer, cabinet, office

Access is limited to appropriate users.

- legitimate business purpose; need to know basis

Secure records sent to other areas.

- lock totes, seal envelopes

Exercise caution when faxing data.

- consider adding a disclaimer to your cover page

11

Health Insurance Portability and Accountability Act (HIPAA)

Access of patient information is to be limited to the minimum necessary to perform specific jobs.

Protection of health care information to ensure privacy and confidentiality when health information is electronically stored, maintained or transmitted.

12

New York State Bill A09965

This is an act to amend the education law. It prohibits the use of social security

numbers as student identification numbers. It was passed into law and will go into

effect on July 1, 2001.

13

Why not keep all records forever?

14

Factors to Consider for Retention Periods:

University policies external compliance requirements optimizing use of space minimizing the cost of retention preserving the history of the University audit or enforcement proceeding where the

records need to be kept

15

Risks and Costs of Excess Retainage Periods

If the records are stored in an outside facility, then expenses are incurred for this storage.

If the records are stored internally, there are staff costs to consider for the time it takes your employees to sort through, maintain and move around the records.

There are opportunity costs for the internal space used to store the excess records.

16

Risks and Costs of Excess Retainage Periods

Holding onto records for extended periods of time can expose the University to undue risk.

Rights of access are extended beyond the legally required periods, if the records are retained, and last as long as the records are retained.

17

Destruction of Records

Historic value to UR?

Non-sensitive material

Sensitive Information disposal without confidential status being compromised

18

Destruction of Confidential Records

Paper Shredders– small volumes of paper records– can be done in each office

Autoclave– large volumes or heavy paper records– call MC Housekeeping/Environmental Services

at 5-3666 to request pickup of records– follow records through to actual destruction

19

Three Words to Remember:

Communicate

Compliance

Confidentiality

20

Petty Cash Funds

Collect original receipts when paying out of fund. Receipts plus cash on hand must equal the total fund amount.

Account for food purchases and human subject payments in accordance with UR policies.

Properly secure this fund in a locked cash box, which is kept in a locked desk or cabinet (or a safe for large amounts).

21

Questions?