AIIM Presentation June 23 2010

Download Report

Transcript AIIM Presentation June 23 2010

AIIM
Automation Alley
Modern Concepts in Data &
Records Management
June 23, 2010
Carol Romej
Butzel Long
[email protected]
248-593-2098
RIM
• Records and Information
Management
Why Have a Record Management
Program?
 Direct Legal Requirements
 Indirect Legal Requirements
 Litigation
 Destruction of documents is an
acceptable stage in the information life
cycle
The Sedona Conference
www.thesedonaconference.org
Sedona Guideline
1. An organization should have reasonable policies
and procedures for managing its information
and records
Sedona Guideline
2. An organization’s information and records
management policies and procedures should be
realistic, practical and tailored to the
circumstances of the organization.
Sedona Guideline
3. An organization need not retain ALL electronic
information ever generated or received.
Sedona Guideline
4. An organization adopting an information and
records management policy should consider
including procedures that address the creation,
identification, retention, retrieval and ultimate
disposition of information and records.
Sedona Guideline
5. An organization’s policies and procedures
must mandate the suspension of ordinary
destruction practices and procedures as
necessary to comply with preservation
obligations related to actual or reasonably
anticipated litigation, governmental
investigation or audit.
Document Management - Principles
• One size does not fit all
• Match the natural information flow of the
functional departments in the organization
• Set attainable standards and policies
“Big Bucket” Strategy
• Simplifying records retention schedules
• Combine record types related to a business function
or process
• A standardized approach to utilize ‘bigger’ retention
buckets
•
Cisco, Susan; Big Buckets for Simplifying Records Retention
Schedules; Hottopic, © ARMA International, www.arma.org
Elements of a
Comprehensive Policy
1. Assigns responsibilities to appropriate groups and
individuals.
2. Provides for the storage and protection of vital records.
3. Includes a formal email retention policy.
4. Includes a formal hold procedure for all data.
5. Includes an accurate records retention schedules for all
data.
6. Provides processes for revisions and updates to policy and
to the schedule.
7. Requires training and auditing.
Email and Voice Mail Retention Policy
The various categories:
1. Spam or other un-requested.
2. Transitory/non-business emails not required for
any legal, business or regulatory purpose.
3. Personal emails a user wishes to keep but that are
not necessary for any legal, business or regulatory
purpose.
4. Business emails that must be retained for legal,
business or regulatory reasons.
Litigation: Effect on Retention Policies
Record Management Programs Get
“Trumped” by a Litigation Hold
Primary Data and Record
Considerations
• What is the legal requirement for keeping the
record?
– Federal and state laws/regulations
• What is the business reason for keeping the record?
– Operations
– Documentation
– Litigation & defense
Sample Retention Regulations
• OSHA: Employers are required to keep
records of both medical and any employees
who are exposed to toxic substances and
harmful agents for 30 years.
• HIPAA: Authorization and disclosure forms,
Business Associate Agreements, patient
amendments and complaints related to their
information must be maintained for 6 years.
Data and Records Retention and
Management
• Records management programs are dynamic.
• Expect a 10% change factor annually (new or
amended laws and regulations, and/or new
business ventures/affiliations).
Electronic RIM
• EDMS – Electronic Document
Management Systems
• ERMS – Electronic Records
Management Systems
• Imaging/Digitization
Elements of an Electronic Retention
Policy
• Define records and documents covered by the
policy.
• Address how employees should handle stored
computerized communications and other
documents.
• State specific time periods that documents are
automatically deleted.
• Consider using programs that “shred” deleted
messages so that they cannot be retrieved.
• Adhere to formal retention policies, but suspend
once litigation or an investigation begins.
Electronic Records and Litigation
Discovery
• The ease of creating, and the low expense of
storing, electronic records can lead to massive
amounts of information being retained by
companies.
• The cost of sifting through a mountain of
electronic data to find relevant information can be
quite high.
Questions?
Carol Romej, J.D., LL.M.
[email protected]
(734) 302-1025