1 / 37

Presenter: Michael DeVanna, MLS, CRM October 24, 2011

What is Records & Information Management?. Presenter: Michael DeVanna, MLS, CRM October 24, 2011. What is Records & Information Management?. Michael DeVanna is Records & Information Manager for Blue Cross Blue Shield of Massachusetts.

tempest
Download Presentation

Presenter: Michael DeVanna, MLS, CRM October 24, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is Records & Information Management? Presenter: Michael DeVanna, MLS, CRM October 24, 2011

  2. What is Records & Information Management? • Michael DeVanna is Records & Information Manager for • Blue Cross Blue Shield of Massachusetts. • The opinions expressed herein are Michael’s personal views and do not necessarily reflect the views of: • Blue Cross and Blue Shield of Massachusetts, Inc. • Blue Cross and Blue Shield of Massachusetts HMO Blue, Inc. • Blue Cross Blue Shield of Massachusetts Foundation, Inc.

  3. What is Records & Information Management? Overview of Records & Information Management NFPA 1600, sec. 4.8: Records Management Vital Records Authorities Records & Information Management (RIM) Standards Questions & (hopefully) Answers Bibliography Contact Information

  4. What is Records & Information Management? Overview of Records & Information Management Organization-wide management of information assets Electronic documents and records Physical documents and records Consistent organization-wide retention Everyone onboard, no exceptions

  5. What is Records & Information Management? Overview of Records & Information Management Risk mitigated by: Retention of required records Destruction of eligible records Compliance with federal & state law Heeding Federal Rules of Civil Procedure

  6. What is Records & Information Management? Overview of Records & Information Management Risk mitigated by: Heeding Federal Sentencing Guidelines Following industry best practices Cognizance of contractual clauses Lowering legal/discovery costs

  7. What is Records & Information Management? What is Records & Information Management? Overview of Records & Information Management Productivity improved by implementation of: Searching and browsing for documents and records Naming conventions for documents, records, folders Filing “system” as opposed to chaos

  8. What is Records & Information Management? What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.1: The entity shall develop a records management program

  9. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (1) Records classification

  10. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (2) Maintenance of confidentiality

  11. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (3) Maintenance of integrity incorporating audit trail

  12. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (4) Record retention

  13. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (5) Record storage

  14. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (6) Record archiving

  15. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (7) Record destruction

  16. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (8) Access control

  17. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.2: Policies shall be created, approved, enforced to address the following: (9) Document control

  18. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.3: The entity shall apply the program to existing and newly created records

  19. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.4: The entity shall develop and enforce procedures coordinating the access and circulation of records within and outside of the organization

  20. What is Records & Information Management? NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010) sec. 4.8: Records Management sec. 4.8.5: The entity shall execute the records management program

  21. What is Records & Information Management? Vital Records Authorities 15 USC 78dd-1: Foreign Corrupt Practices Act 36 CFR 1236.12: National Archives / NARA 45 CFR 164.306: HIPAA 45 CFR 164.308: HIPAA Federal Rules of Civil Procedure: Rules 26 & 34 Office of Management & Budget: Circular A-130 Federal Information Management Security Act Federal Regulators

  22. What is Records & Information Management? Vital Records Authorities 15 USC § 78dd-1: Foreign Corrupt Practices Act of 1977 Document a corporate compliance program Engage in recordkeeping that “fairly reflects the transactions and dispositions of the assets” of the organization Devise and maintain a system of internal accounting controls

  23. What is Records & Information Management? Vital Records Authorities 36 CFR 1236.12: National Archives and Records Administration / NARA Electronic information systems must ensure “that all records in the system will be retrievable and usable for as long as needed to conduct…business” (i.e., for their NARA-approved retention period) Migration of records and associated metadata to new storage media or formats in order to avoid loss due to media decay or technology obsolescence

  24. What is Records & Information Management? Vital Records Authorities 45 CFR 164.306: Health Insurance Portability and Accountability Act of 1996 (HIPAA) Covered entities must Ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI) the covered entity creates, receives, maintains, or transmits Protect against any reasonably anticipated threats or hazards to the security or integrity of such information

  25. What is Records & Information Management? Vital Records Authorities 45 CFR 164.308: Health Insurance Portability and Accountability Act of 1996 (HIPAA) Covered entities must Establish emergency (fire, vandalism, system failure, natural disaster) policies and procedures for ePHI Establish data backup procedures to ensure retrievable exact copies of ePHI Establish disaster recovery plan to restore any loss of ePHI Establish emergency operation plan to continue critical business operations and protection of ePHI

  26. What is Records & Information Management? Vital Records Authorities Federal Rules of Civil Procedure (2006): Rule 26. Duty to disclose [A party must provide to other parties]: A copy of, or a description by category and location of, all documents, data compilations, and tangible things that are in the possession, custody, or control of the party Time allowed for disclosure may be as short as 14 days

  27. What is Records & Information Management? Vital Records Authorities Federal Rules of Civil Procedure (2006): Rule 34. Producing documents or electronically stored information (ESI): A party must produce documents as they are kept in the usual course of business A party must produce [ESI] in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms

  28. What is Records & Information Management? Vital Records Authorities Office of Management & Budget: Circular A-130 (1996) Government agencies will ensure that information is protected commensurate with the risk and magnitude of the harm that would result from the loss, misuse or unauthorized access to or modification of such information

  29. What is Records & Information Management? Vital Records Authorities Federal Information Management Security Act of 2002 Federal agencies will be responsible for providing for information security and protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of an agency (includes contractors and other third parties)

  30. What is Records & Information Management? Vital Records Authorities Federal regulators requiring business continuity plans Commodities Futures Trading Commission (CFTC) CFTC issues proposed BC-DR regulation (July 14, 2010) To be continued under the Dodd-Frank Act Federal Deposit Insurance Corporation (FDIC) 12 CFR Part 364 – Standards for Safety and Soundness Federal Reserve Board 12 CFR Part 208 – Standards for Safety and Soundness Internal Revenue Service (IRS) Rev. Proc. 98-25 – Required records must be kept available at all times Financial Industries Regulatory Authority (FINRA) FINRA Rule 4370 – Business Continuity Plans and Emergency Contact Information

  31. What is Records & Information Management? Vital Records Authorities Federal regulators requiring business continuity plans National Credit Union Administration 12 CFR Part 749.2 – Vital Records Preservation Program National Futures Association (NFA) NFA Compliance Rule 2.38 – Business Continuity and Disaster Recovery Plans Office of Comptroller of the Currency, Department of the Treasury 12 CFR Part 30, Appendix A – Standards for Safety and Soundness Office of Thrift Supervision, Department of the Treasury 12 CFR Part 570, Appendix A – Standards for Safety and Soundness Securities and Exchange Commission (SEC) SEC Release No. 34-48545 – Business Continuity for Trading Markets

  32. What is Records & Information Management? Records & Information Management Standards DIN 32757-2: Shred particle security levels (1985) DOD 5015.2: Electronic records management software applications design criteria standard (2007) Generally accepted recordkeeping principles / GARP (2009) ISO 15489-1: Information and documentation – records management, part 1: principles (2001) ISO 15489-2: Information and documentation – records management, part 2: general (2001) ISO 16175 – 1: Principles and functional requirements for electronic records in office environments – part 1: overview and statement of principles (2010) ISO 16175 – 2: Principles and functional requirements for electronic records in office environments – part 2: guidelines and functional requirements for digital records management (2011)

  33. What is Records & Information Management? Records & Information Management Standards ISO 16175 – 3: Principles and functional requirements for electronic records in office environments – part 3: guidelines and functional requirements for records in business systems (2010) ISO 22310: Information and documentation – guidelines for standards drafters for stating records management requirements in standards (2006) ISO 23081-1: Information and documentation – records management processes – metadata for records, part 1: principles (2004) ISO 23081-2: Information and documentation – records management processes – metadata for records, part 2: conceptual and implementation issues (2007) ISO 26122: Information and documentation – work process analysis for records (2008) NFPA 232: Standard for the protection of records (2007)

  34. What is Records & Information Management? Bibliography ANSI/ARMA 5-2010 Vital Records Programs: Identifying, Managing, and Recovering Business-Critical Records. Overland Park, KS. ARMA International (2010). Dearstyne, Bruce W. Managing Records & Information Management Programs. Lenexa, KS. ARMA International (2009). Grenig, Jay E., Browning E. Marean, and Mary Pat Poteet. Electronic Discovery and Records Management Guide: Rules, Checklists, and Forms, 2010-2011. Eagan, MN. West Publications (2010). Guide to Records Retention: The Lawyer’s Role (3 vols.). Eagan, MN. West Publications (Looseleaf service updated twice annually). Saffady, William. Managing Electronic Records,4th ed. Lenexa, KS. ARMA International (2009). Saffady, William. Records and Information Management: Fundamentals of Professional Practice, 2nd ed. Overland Park, KS. ARMA International (2011).

  35. What is Records & Information Management? Professional Associations American Health Information Management Association www.ahima.org American Society for Information Science & Technology www.asis.org Association of Records Managers and Administrators International www.arma.org ARMA local chapters www.armaboston.org and www.armanortheast.org Information and Records Management Society www.irms.org.uk Institute of Certified Records Managers www.icrm.org National Archives and Records Administration www.archives.gov/records-mgmt National Association of Government Archives & Records www.nagara.org Nuclear Information & Records Management Association www.nirma.org Records & Information Management Professionals Australasia www.rimpa.com/au Society of American Archivists www.archivists.org

  36. What is Records & Information Management? Questions?

  37. What is Records & Information Management? Contact Information: Michael DeVanna, MLS, CRM Records & Information Manager Blue Cross Blue Shield of Massachusetts 401 Park Drive; MS: 01/07 Boston, MA 02215 michael.devanna@bcbsma.com (617) 246-5564 | direct dial

More Related