1 / 35

Record Retention January 10, 2007

Record Retention January 10, 2007. I. Introduction. Keith Swarts. Record Retention ART and DAS January 10, 2007

callum
Download Presentation

Record Retention January 10, 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Record RetentionJanuary 10, 2007

  2. I. Introduction • Keith Swarts Nebraska’s Pride is 500-miles wide

  3. Record Retention ART and DAS January 10, 2007 Agenda I. Introduction 5 minutes Keith Swarts II. Why We Are Here 15 minutes Sheila Wrobel Importance of record retention What is a record? Records destruction Executive Memorandum 29 and E-Discovery III. Electronic Document Storage 10 minutes Sharon Welna Email and file storage Non-University owned computers Portable media drives IV. Employee Records Retention 45 minutes Connie Rush Clarify roles Review schedule Feedback V. Where Do We Go Next? 10 minutes Keith Swarts Finalize retention schedule in March Begin destruction of records Next series of records retention review: Medical records and facility records Nebraska’s Pride is 500-miles wide

  4. II. Why We Are Here • Sheila Wrobel Nebraska’s Pride is 500-miles wide

  5. Importance of Retaining Records • Records provide documentation to support actions taken • Records required during audits, investigations & litigation to prove: • Policies & procedures followed; “standard of care” • Funds spent appropriately (State $; Grants; Medicare & Medicaid) • Employees (prospective also) & Students’ rights were not violated • “What hasn’t been documented hasn’t been done” Nebraska’s Pride is 500-miles wide

  6. Scenario 1 • A Hispanic female, age 61, is terminated from employment for poor job performance. She files a complaint with the Nebraska Equal Opportunity Commission (NEOC) claiming discrimination based on sex, race and age • Employer must prove that termination was for cause • What documents should the employer have retained to prove the termination was not “against public policy”? • How long should they have been retained? Nebraska’s Pride is 500-miles wide

  7. Scenario 2 • The DHHS Office of the Inspector General conducts an audit of an NIH grant and requests documentation showing proof that Dr. Jones spent 60% of his time on the grant as his effort report indicates • What documentation should Dr. Jones have retained to prove how his time was spent and how long should he retain it? Nebraska’s Pride is 500-miles wide

  8. Scenario 3 • You are in charge of a search committee to hire a department manager. You receive a reference via e-mail from a previous co-worker of one of the finalists for the position. • Do you need to retain the e-mail reference, and if so, for how long? Nebraska’s Pride is 500-miles wide

  9. What is a Record? • Records contain information relating to the operation of the University and/or the interests of persons employed by, enrolled at, or otherwise associated with the University; • Records may be in any form: • Paper, including handwritten & typed • Electronic, including e-mails & e-documents (SAP, etc.) • Sound & video recordings, still pictures • Assume most records are potentially subject to disclosure to the public under public records statutes or to third parties through legal process Nebraska’s Pride is 500-miles wide

  10. What Medium? • The form of the record is not as important as the substantive content • Unless otherwise required by law or university policy, records may be retained in any medium • Records must be capable of being retrieved • If microfiche, maintain a microfiche reader • Electronic records must be in a format accessible by current technology • Create system to retrieve records in a timely manner (i.e. an index) Nebraska’s Pride is 500-miles wide

  11. Record Destruction • Establish a system to date & flag records for destruction on a regular schedule • See UNMC Policy and Procedures 6056 in handouts for proper methods of destruction • Record retention schedules set a minimum time for retention • UNMC schedules will list the repository(s) for each record • Only a single copy of each record must be kept; destroy duplicates as soon as possible Nebraska’s Pride is 500-miles wide

  12. Executive Memorandum 29 • Designates records officers & responsibilities • Joshua Mauk is university-wide records officer • Keith Swarts is UNMC records officer • Preservation Notices for records subject to legal proceedings or public records requests • Recipients must make a good faith effort to collect and preserve records subject to the Notice • Retention schedules suspended for these records – do not destroy during preservation period Nebraska’s Pride is 500-miles wide

  13. E-Discovery Rules • Federal Rules of Civil Procedure amendments effective Dec 1, 2006 related to discovery of electronically stored information in litigation • Addresses the duty to disclose ESI • Party from whom discovery is sought has the burden of proving that ESI is not reasonably accessible because of undue burden or cost Nebraska’s Pride is 500-miles wide

  14. Record Retention Resources • UNMC Record Retention website at: http://www.unmc.edu/dept/compliance/index.cfm?L1_ID=34&CONREF=10 • UNMC Record Retention and Destruction FAQs • University of Nebraska General Counsel E-Discovery FAQs Nebraska’s Pride is 500-miles wide

  15. III. Electronic Document Storage • Sharon Welna Nebraska’s Pride is 500-miles wide

  16. Email and File Storage Nebraska’s Pride is 500-miles wide

  17. Email and file storage • Organize your electronic documents and email • Use the same file structure within email as you store electronic documents • http://office.microsoft.com/en-us/help/HA012191731033.aspx • http://office.microsoft.com/en-us/workessentials/HA011450561033.aspx Nebraska’s Pride is 500-miles wide

  18. Email and file storage • Set up a file structure which will be easy to maintain • Examples: • Subject • Year created • Record Retention • Presentations • 2007 Nebraska’s Pride is 500-miles wide

  19. Non-University Owned Computers • If you store UNMC records on a non-University owned computer, this computer could be needed to respond to a records request. • It is highly recommended that you segregate UNMC records and personal records. • It will be your responsibility to produce the records on the non-University owned computer to respond to a records request. Nebraska’s Pride is 500-miles wide

  20. Data stored on Local hard drive • Employee has responsibility for bringing forward any data stored on a local hard drive similar to data stored on a non-University owned PC • Example: ITS is requested to provide legal a copy of the mail data base for a particular individual. All ITS will be able to provide is data stored on the mail server. It will be the employee’s responsibility to identify other area’s where mail has been stored. Nebraska’s Pride is 500-miles wide

  21. Information Security:Mobile Devices Nebraska’s Pride is 500-miles wide

  22. What is a mobile device? • USB devices • Thumbs drives • USB removable disk drives • Smart Phones • Laptops • PDA • iPod • Blackberry • And more every day……….. Nebraska’s Pride is 500-miles wide

  23. Facts to Consider • 81% of US firms lost laptops with sensitive data in the past year • 97% of stolen computers are never recovered • 60% of information theft results from lost or stolen equipment, only 25% from network intrusions • Source: Computerworld, August 16, 2006 Nebraska’s Pride is 500-miles wide

  24. VA to Encrypt All Computers • VA will install data encryption technology on ALL of its computer • Cost: $3.7 million • Source: Health Data Management (August 15, 2006) Nebraska’s Pride is 500-miles wide

  25. Do NOT put confidential information on a mobile device But, what if I have to? • You MUST ensure that the data is encrypted and password protected. Nebraska’s Pride is 500-miles wide

  26. Encryption • Recommended product to use: • TruCrypt • Contact workstation support if you have questions Nebraska’s Pride is 500-miles wide

  27. Risks of Encrypting Data • If you lost the encryption key, there is virtually no way to recover. • Encryption should only be used on mobile devices • Encrypted file should NOT be your only copy. Keep a copy on a file server Nebraska’s Pride is 500-miles wide

  28. Computer Use Policy • It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner.  Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity. • It is the responsibility of the workforce to protect confidential information when stored electronically (at rest) and when the data is being transferred outside of the facility such as on a mobile device or a diskette Nebraska’s Pride is 500-miles wide

  29. End User Device Policy • Confidential Information on Mobile devices (such as PDA’s laptops): Members of the workforce must utilize password protection. All computerized confidential information should be encrypted where technically feasible. The use of physical security measures such as using safes, locking furniture drawers, and locking office doors is recommended as a supplementary measure to protect confidential information while the data is being stored (or at rest). Members of the workforce are responsible for safeguarding and protecting confidential information when the information is transferred off campus such as on a diskette, PDA, or laptop.. Members of the workforce are responsible for ensuring information obtained and stored on mobile devices is obtained pursuant to the UNMC Policy No. 6051, Computer Use and Electronic Information Security. Nebraska’s Pride is 500-miles wide

  30. Blackberry • If a Blackberry is misplaced, lost or stolen • Notify the IT Help Desk immediately • IT will work with you to notify Verizon • Misplaced Blackberry device • Server can send a “set password” and “lock” command • Lost or stolen • Server can send an “erase application data” command • Server can send a show owner information command Nebraska’s Pride is 500-miles wide

  31. Preventing Mobile Device Theft • No place is safe. • Never leave mobile devices unattended • Never leave user id/password in the carrying case Nebraska’s Pride is 500-miles wide

  32. Avoid a disaster while on the road • Start every trip with a backup of your system • Connect to the office using your VPN connection and back up files to your home drive • When in doubt, switch to paper Nebraska’s Pride is 500-miles wide

  33. Make security a habit to ensure retention of records Nebraska’s Pride is 500-miles wide

  34. IV. Employee Records Retention • Connie Rush Nebraska’s Pride is 500-miles wide

  35. V. Where Do We Go Next? • Finalize retention schedule and permanent records • Destruction of records • Next series of record retention review • Questions? Nebraska’s Pride is 500-miles wide

More Related