RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: FERPA/HIPAA at Universities
From:
"Gebhardt, Allen" <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Tue, 30 Aug 2011 10:17:16 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (61 lines) 
Hello Erin,

Regarding your post, let me just say... wow!  I can’t speak to the legal technicalities of FERPA OR HIPPA because my expertise is with managing records for law firms.  I do want to say, however, that at my firm Records has access to all files and documents in our RM database.  We have override permissions and have in place special security processes for handling of sensitive material such as H.R. records.  What you describe sounds like the beginning of a Kafka or Vonnegut novel and it is frankly a bit insulting to the professional nature of records management.  With some RM databases you can set your audit trail to track who has accessed an image or file.  You also may be able to set permissions such that only Records Managers and above would have access to particularly sensitive material.  Fundamentally there is no case for I.T. having greater access to content than Records.  In fact it is the reverse because the role of I.T. is technical support and the role of Records is content management.  Let me ask you this.  Does the I.T. department have access to these images?  Would they say they must have access in order to manage them?  This would be a starting point for showing the illogical nature of this restriction.

Good luck to you in changing this attitude.

Allen Gebhardt
Regional Records Manager
Cooley LLP
Direct: 650-849-7030 • Fax: 650-849-7400
Email: [log in to unmask] • www.cooley.com
Printing of emails does have an effect on the environment.   If possible, please refrain.


-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Erin Vandenberg
Sent: Tuesday, August 30, 2011 9:37 AM
To: [log in to unmask]
Subject: FERPA/HIPAA at Universities

At the university where I work we are in the process of reigning in and
putting some governance around a workflow and scanned image database that
quite a few departments have been using for awhile.  The same company that
makes this product also makes a records retention module that we will be
adding to the database to assist with applying the records retention
schedule to the images that are stored in it.

As the Records Management department proceeds we've found that we have the
need to access all the "drawers" where these images are stored to assist
with workflow development, best practices, and, of course implementing the
retention module.  Our IT department required that we ask permission of all
the image "owners" before giving us access.  Some of the image owners have
denied us access by saying that the images in the database contain
information covered by FERPA or HIPAA and, as such, we are not allowed to
see them.

Has anyone else out there encountered this?  Does FERPA or HIPAA really
exclude an internal department such as records management from viewing
records that are considered covered by these regulations?

Thanks,
Erin Vandenberg
Director of Records Management
DePaul University
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]


This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained in this communication (including any attachment) is not intended or written by us to be used, and cannot be used, (i) by any taxpayer for the purpose of avoiding tax penalties under the Internal Revenue Code or (ii) for promoting, marketing or recommending to another party any transaction or matter addressed herein.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2