1.
Responsibility
and Authority - The Administrative Services Manager is responsible for
establishing, maintaining and implementing this procedure. All Team
management/supervision is responsible for adhering and executing the guidelines
established by this procedure.
2.
Definitions
2.1.
Agency
Data - Agency data is the electronic representation used in support of Agency
business functions.
2.2.
Record
- "A record" is defined as recorded information that is generated
internally or received from external sources that is either utilized in the
transaction of Agency business, related to Agency legal obligations,
documenting a transaction or verifying a receipt. All records must be tangible
and retrievable.
2.3.
Non-Record
- "A non record" is defined as materials that do not qualify as "A
record" and include duplicate copies of records where original copies
exist, or records, regardless of media, used for the informal communication of
information. Informal communication is defined as records that do not set
policy nor establish guidelines or procedures, document a transaction, or
become a receipt. The retention of non-record is discretionary and not subject
to retention guidelines.
2.4.
Data
Storage - All information input into a computer system is stored as data, as a
requirement of computer design. The data is stored on media of which memory,
hard disk or removable media are examples.
2.5.
Network
File Server - Is the primary Data Storage device for Agency information data. A
network file server is a computer system that is directly managed, administered
and backed up by the Community Care IT department.
2.6.
Owner
- The person or Team responsible for the maintenance and control of any segment
of Agency information. All information must have a designated owner. All
sensitive information must be marked accordingly, which is assigned by the
information owner. The owner is responsible to define which providers are
permitted to access information of each designation, and to define its
authorized use.
2.7.
Custodians
- Custodians are in physical or logical possession of either Agency information
or information that has been entrusted by the Agency. While IT staff members
are clearly Custodians, users of distributed single or multi-use systems,
including personal computers are also necessarily Custodians.
3.
Procedure
-
3.1.
Data
Storage
3.1.1. Agency Data
3.1.1.1.All information that is
generated in support of Agency business must be stored in a manner that ensures
that it is backed up regularly. It must be secure from unauthorized access,
theft, loss and viruses. Agency data stored on IT administered systems must be
secured by the systems Custodian, all agency data stored elsewhere is the
responsibility of the Information Owner to secure and backup.
3.2.
Agency
Developed Business Applications
3.2.1. Agency applications are a type
of business data that must be stored in a manner that ensures that it is backed
up regularly. Proper storage of developed business applications is the
responsibility of the Information Owner. All developed Agency data sorted on IT
administered systems must be secured by the systems Custodian, all Agency data
stored elsewhere is the responsibility of the Information Owner to secure and
backup.
3.3.
Electronic
Mail
3.3.1. All Agency information that
is transmitted or received by Agency e-mail must be stored within the e-mail
system or as a Personal Folders file (.pst) in a shared folder on a network
file server.
3.4.
Laptop
Computers
3.4.1. Laptop computers are
permitted to contain Agency data while they are being used off-site. Upon
returning to the office, the laptop owner must transfer all Agency data to an
IT managed network file server.
4.
Retention
4.1.
All
Agency records will be retained in accordance with applicable law and
regulations and this procedure
4.1.1. Retain information
concerning past and present decisions and activities.
4.1.2. Retain evidence of past and
present activities to meet accountability guidelines.
4.1.3. Retain the context of the
record which will enable future users to judge authenticity and reliability of
records
4.2.
Records,
which contain confidential and/or proprietary information, will be maintained
in a secure environment, which ensures no unauthorized access.
4.3.
All
records are the property of Community Care and no employee has any personal or
property rights to such record regardless of his or her position or the fact
that he or she may have developed of compiled them.
4.4.
The
unauthorized destruction, removal, or use of Agency records is prohibited.
4.5.
The
falsification or inappropriate alteration of any record is prohibited
4.6.
Eliminate,
as early as possible and in a systematic manner, records that are no longer
required. When records have satisfied their required period of retention, they
will be destroyed in an appropriate manner.
4.7.
Suggested
Retention Periods:
ACCOUNTING
SYSTEMS
Accounts Payable Ledger P
Accounts Receivable Aging
Reports 7
Accounts Receivable Ledger
10
Accounts Receivable
Invoices 7
Accounts Written-off 7
Authorization - Accounting
5
Balance Sheets P
Bank Reconciliation's 7
Bank Statements 10
Bank Deposit Slips 3
Budgets 3
Canceled Checks 10
Cash Book P
Cash Disbursement &
Receipt Record P
Charge Slips 10
Charts of Accounts P
Check Register P
Expense Reports 7
Financial Statements P
General Ledger P
Journal Entries P
Petty Cash Records 7
Profit/Loss Statements P
Purchase Order 7
Subsidiary Ledger P
Trial Balance P
Vendor Invoices 7
Voucher Check Copies 7
PAYROLL
Checks - Payroll 7
Employee Withholding
Exemption Certificates 10
Payroll Register 7
Payroll Records - After
Termination 10
Salary History 8
Time Reports 7
W-2 Forms P
|
FIXED ASSETS
Depreciation Schedule P
Inventory Records P
Plans and Blueprints P
Property Appraisals P
Property Register P
HUMAN RESOURCES
Accident Reports - Settled
7
Attendance Records 7
Dental Benefits 5
Disability Benefits - After
Expiration/Settlement 6
Employee Medical History 7
Employment Application -
Not Hired 3
Garnishments 5
Life Insurance Benefits 5
Medical Benefits 7
Pension Plan Agreement P
Performance Record - After
Termination 7
Personnel File - After
Termination 7
Personnel Files - Current
Employees P
Profit Sharing Agreement P
Safety Reports P
Vacation Files 4
Workers' Compensation Benefits 10
SECURITY
Classified Material
Violations P
Visitor Clearance 2
MEDICAL
Patient Records P
|
INSURANCE
Automobile Ins. Claims 10
Disability Insurance Claims
- After Termination 7
Expired Insurance Policies
10
Fire Inspection Reports 6
Insurance Appraisals P
Safety Records 6
LEGAL
Bill of Sale P
Business Permits P
Claims and Litigation
Concerning Torts and Breach of Contract P
Contracts - Employees P
Contracts - Government P
Contracts - Special P
Copyrights P
Correspondence - Legal P
Deeds/Titles P
Leases/Canceled 10
Licenses P
Mortgages P
Notes Receivable - Canceled
10
TAXATION
Canceled Checks - Tax Payments
P
Correspondence - Tax P
Depreciation Schedules P
Income Tax Returns P
Inventory Reports P
Payroll Tax Returns P
Revenue Agent Reports P
Sales Tax Returns P
MISCELLANEOUS
Receiving Documents 10
Title Papers P
Vehicle Operating and
Maintenance 2
T�l�communications Copies 1
HIPAA Security
�Rule
documentation 6
|
P = Permanent records
Numeric = Suggested retention
period in years
Due to space limitations,
records needing to be archived should be records that are considered to be
inactive and need to be retained for legal, or informational reasons, but are
no longer consulted on a regular basis. See Archiving Data procedure for
additional guidance.