LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FERPA/HIPAA at Universities
From:	"Nemchek, Lee" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 30 Aug 2011 11:30:43 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (31 lines)

I think, depending on the corporate culture and individual policies of the organization, it can go either way.  In other words, there's no right or wrong way to handle the issue.  Assuming that HR, Legal and Compliance all agree that the RIM department staff can be given the appropriate HIPAA training, then there's no reason why RIM can't manage the records.  However, many organizations may take a stricter line.  For example, I've been given access to and permission to manage practically all record repositories in my organization, with the exception of HR records.  I worked with HR to create their file plan and to train them in how to maintain it, but they did all of the clean-up work themselves.  For other groups that I work with, I actually do file plan conversions and shared drive clean up for the business unit, but not HR.  I think that's appropriate for some companies and not insulting to my professionalism.  Frankly, I don't really want to take on responsibility for safeguarding individual health and compensation records; in a regulated environment, there's too much risk involved with providing access to those outside the core "need to know" group.  However, I do agree that if IT has been given access to records, there's not a valid reason to exclude RIM from the access group.  

--Lee 

Lee R. Nemchek, MLS, CRM
Vice President, Records Management 
Oaktree Capital Management, L.P.
333 South Grand Avenue, 28th Floor
Los Angeles, CA  90071 

p +1 213 830-6252   f +1 213 830-8504
[log in to unmask]
www.oaktreecapital.com 

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Julie J. Colgan
Sent: Tuesday, August 30, 2011 10:31 AM
To: [log in to unmask]
Subject: Re: FERPA/HIPAA at Universities

I'm with Dwight on this one.  I suggest you make the argument that access by RM is appropriate (to allow the organization to properly manage ALL of it's content), and request whatever training is necessary to meet regulatory requirements (your SO/PO will know what that is).

The issue doesn't appear to necessarily be a misinterpretation of the regulations, rather a misinterpretation of what RM does and why it is important.

Allen's analogy of IT's role is a good one to use to illustrate the point.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US