Policy Manual

 
  6.MEP.13  

Data Storage and Retention      

Type: Procedure                 Category: Information Technology                 Level: Community Care 

Parties: Community Care employees and contractees

Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=6.MEP.13&nonav=yes

Supporting References: 

Parent Effective Date Approval Level Revision Dates Last Reviewed
N/A  12-18-2003  Department Head    12-18-2003
Related Document Code Related Document Name Type
6.MEP.36 Data Archiving and Destruction Procedure

Procedure:  .

1.      Responsibility and Authority - The Administrative Services Manager is responsible for establishing, maintaining and implementing this procedure. All Team management/supervision is responsible for adhering and executing the guidelines established by this procedure.

2.      Definitions

2.1.   Agency Data - Agency data is the electronic representation used in support of Agency business functions.

2.2.   Record - "A record" is defined as recorded information that is generated internally or received from external sources that is either utilized in the transaction of Agency business, related to Agency legal obligations, documenting a transaction or verifying a receipt. All records must be tangible and retrievable.

2.3.   Non-Record - "A non record" is defined as materials that do not qualify as "A record" and include duplicate copies of records where original copies exist, or records, regardless of media, used for the informal communication of information. Informal communication is defined as records that do not set policy nor establish guidelines or procedures, document a transaction, or become a receipt. The retention of non-record is discretionary and not subject to retention guidelines.

2.4.   Data Storage - All information input into a computer system is stored as data, as a requirement of computer design. The data is stored on media of which memory, hard disk or removable media are examples.

2.5.   Network File Server - Is the primary Data Storage device for Agency information data. A network file server is a computer system that is directly managed, administered and backed up by the Community Care IT department.

2.6.   Owner - The person or Team responsible for the maintenance and control of any segment of Agency information. All information must have a designated owner. All sensitive information must be marked accordingly, which is assigned by the information owner. The owner is responsible to define which providers are permitted to access information of each designation, and to define its authorized use.

2.7.   Custodians - Custodians are in physical or logical possession of either Agency information or information that has been entrusted by the Agency. While IT staff members are clearly Custodians, users of distributed single or multi-use systems, including personal computers are also necessarily Custodians.

3.      Procedure -

3.1.   Data Storage

3.1.1.      Agency Data

3.1.1.1.All information that is generated in support of Agency business must be stored in a manner that ensures that it is backed up regularly. It must be secure from unauthorized access, theft, loss and viruses. Agency data stored on IT administered systems must be secured by the systems Custodian, all agency data stored elsewhere is the responsibility of the Information Owner to secure and backup.

3.2.   Agency Developed Business Applications

3.2.1.      Agency applications are a type of business data that must be stored in a manner that ensures that it is backed up regularly. Proper storage of developed business applications is the responsibility of the Information Owner. All developed Agency data sorted on IT administered systems must be secured by the systems Custodian, all Agency data stored elsewhere is the responsibility of the Information Owner to secure and backup.

3.3.   Electronic Mail

3.3.1.      All Agency information that is transmitted or received by Agency e-mail must be stored within the e-mail system or as a Personal Folders file (.pst) in a shared folder on a network file server.

3.4.   Laptop Computers

3.4.1.      Laptop computers are permitted to contain Agency data while they are being used off-site. Upon returning to the office, the laptop owner must transfer all Agency data to an IT managed network file server.

4.      Retention

4.1.   All Agency records will be retained in accordance with applicable law and regulations and this procedure

4.1.1.      Retain information concerning past and present decisions and activities.

4.1.2.      Retain evidence of past and present activities to meet accountability guidelines.

4.1.3.      Retain the context of the record which will enable future users to judge authenticity and reliability of records

4.2.   Records, which contain confidential and/or proprietary information, will be maintained in a secure environment, which ensures no unauthorized access.

4.3.   All records are the property of Community Care and no employee has any personal or property rights to such record regardless of his or her position or the fact that he or she may have developed of compiled them.

4.4.   The unauthorized destruction, removal, or use of Agency records is prohibited.

4.5.   The falsification or inappropriate alteration of any record is prohibited

4.6.   Eliminate, as early as possible and in a systematic manner, records that are no longer required. When records have satisfied their required period of retention, they will be destroyed in an appropriate manner.

4.7.   Suggested Retention Periods:

 

ACCOUNTING SYSTEMS

Accounts Payable Ledger P

Accounts Receivable Aging Reports 7

Accounts Receivable Ledger 10

Accounts Receivable Invoices 7

Accounts Written-off 7

Authorization - Accounting 5

Balance Sheets P

Bank Reconciliation's 7

Bank Statements 10

Bank Deposit Slips 3

Budgets 3

Canceled Checks 10

Cash Book P

Cash Disbursement & Receipt Record P

Charge Slips 10

Charts of Accounts P

Check Register P

Expense Reports 7

Financial Statements P

General Ledger P

Journal Entries P

Petty Cash Records 7

Profit/Loss Statements P

Purchase Order 7

Subsidiary Ledger P

Trial Balance P

Vendor Invoices 7

Voucher Check Copies 7

 

PAYROLL

Checks - Payroll 7

Employee Withholding Exemption Certificates 10

Payroll Register 7

Payroll Records - After Termination 10

Salary History 8

Time Reports 7

W-2 Forms P

 

FIXED ASSETS

Depreciation Schedule P

Inventory Records P

Plans and Blueprints P

Property Appraisals P

Property Register P

 

HUMAN RESOURCES

Accident Reports - Settled 7

Attendance Records 7

Dental Benefits 5

Disability Benefits - After Expiration/Settlement 6

Employee Medical History 7

Employment Application - Not Hired 3

Garnishments 5

Life Insurance Benefits 5

Medical Benefits 7

Pension Plan Agreement P

Performance Record - After Termination 7

Personnel File - After Termination 7

Personnel Files - Current Employees P

Profit Sharing Agreement P

Safety Reports P

Vacation Files 4

Workers' Compensation Benefits 10

 

SECURITY

Classified Material Violations P

Visitor Clearance 2

 

MEDICAL

Patient Records P

 

INSURANCE

Automobile Ins. Claims 10

Disability Insurance Claims - After Termination 7

Expired Insurance Policies 10

Fire Inspection Reports 6

Insurance Appraisals P

Safety Records 6

 

LEGAL

Bill of Sale P

Business Permits P

Claims and Litigation Concerning Torts and Breach of Contract P

Contracts - Employees P

Contracts - Government P

Contracts - Special P

Copyrights P

Correspondence - Legal P

Deeds/Titles P

Leases/Canceled 10

Licenses P

Mortgages P

Notes Receivable - Canceled 10

 

TAXATION

Canceled Checks - Tax Payments P

Correspondence - Tax P

Depreciation Schedules P

Income Tax Returns P

Inventory Reports P

Payroll Tax Returns P

Revenue Agent Reports P

Sales Tax Returns P

 

MISCELLANEOUS

Receiving Documents 10

Title Papers P

Vehicle Operating and Maintenance 2

T�l�communications Copies 1

HIPAA Security

Rule documentation 6

 

P = Permanent records

Numeric = Suggested retention period in years

 

Due to space limitations, records needing to be archived should be records that are considered to be inactive and need to be retained for legal, or informational reasons, but are no longer consulted on a regular basis. See Archiving Data procedure for additional guidance.