Record Management
Medical Center Administrative Group
Fall Symposium
November 15, 2000
University Audit
1
Office of University Audit
 Salim M. Alani, Director
ext. 5-2291
[email protected]
 Sandra E. Dano, Auditor
ext. 5-1100
[email protected]
website: http://listener.uis.rochester.edu/audit/
2
Office of University Audit
Organizational Chart
Board of Trustees
(Audit Committee)
President
Senior Vice President
for Administration and Finance
and Chief Financial Officer
Director
Office of University Audit
Manager
Auditor
Manager
Manager
Auditor
Senior
Auditor
3
Mission Statement
 To provide audit and advisory services to
the University Community by assessing
risks, analyzing controls, and ensuring that
business practices are effective, efficient,
and compliant with University and
regulatory policies.
4
Records Management Topics
 What are Records
 Proper Treatment of Confidential Records
– security over storage, limiting access,
transporting, faxing, legislation
 Compliance Issues
 Destruction of Records
 Petty Cash Funds
5
Three Words to Remember:
Communicate
Compliance
Confidentiality
6
What are Records?
 The records we’re
talking about in
today’s presentation
are collections of
items of data and
information.
7
Records may be on:
 computer-stored files
 paper notes, forms and







reports
x-rays
drawings
photographs
video or sound tapes
microfilm/microfiche
e-mail
electronic imaging
8
Confidential Records Include:
(but are not limited to)
 social security numbers
 salary information
 information about patients and their care
 student grades
 employee performance evaluations
9
Confidential Records
 Must be stored to protect confidentiality.
- locked drawer, cabinet, office
 Access is limited to appropriate users.
- legitimate business purpose; need to know basis
 Secure records sent to other areas.
- lock totes, seal envelopes
 Exercise caution when faxing data.
- consider adding a disclaimer to your cover page
10
Health Insurance Portability and
Accountability Act (HIPAA)
 Access of patient information is to be
limited to the minimum necessary to
perform specific jobs.
 Protection of health care information to
ensure privacy and confidentiality when
health information is electronically stored,
maintained or transmitted.
11
New York State Bill A09965
 This is an act to amend the education law.
 It prohibits the use of social security
numbers as student identification numbers.
 It was passed into law and will go into
effect on July 1, 2001.
12
Why not keep all
records forever?
13
Factors to Consider for
Retention Periods:
 University policies
 external compliance requirements
 optimizing use of space
 minimizing the cost of retention
 preserving the history of the University
 audit or enforcement proceeding where the
records need to be kept
14
Risks and Costs of Excess
Retainage Periods
 If the records are stored in an outside
facility, then expenses are incurred for this
storage.
 If the records are stored internally, there are
staff costs to consider for the time it takes
your employees to sort through, maintain
and move around the records.
 There are opportunity costs for the internal
15
space used to store the excess records.
Risks and Costs of Excess
Retainage Periods
 Holding onto records for extended periods
of time can expose the University to undue
risk.
 Rights of access are extended beyond the
legally required periods, if the records are
retained, and last as long as the records are
retained.
16
Destruction of Records
 Historic value to UR?
 Non-sensitive material
 Sensitive Information disposal
without confidential status
being compromised
17
Destruction of
Confidential Records
 Paper Shredders
– small volumes of paper records
– can be done in each office
 Autoclave
– large volumes or heavy paper records
– call MC Housekeeping/Environmental Services
at 5-3666 to request pickup of records
– follow records through to actual destruction
18
Three Words to Remember:
 Communicate
Compliance
 Confidentiality
19
Petty Cash Funds
 Collect original receipts when
paying out of fund. Receipts
plus cash on hand must equal
the total fund amount.
 Account for food purchases and
human subject payments in
accordance with UR policies.
 Properly secure this fund in a
locked cash box, which is kept
in a locked desk or cabinet (or
a safe for large amounts).
20
Questions?
21