LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Imaging Medical and Restricted Files
From:	"Savage, Jimmie" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 24 May 2007 13:46:43 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (42 lines)

Mary:

While we are not in the insurance business as a state pension fund we have many of the same confidentiality issues you described. We also have some of the same struggles and debates about confidentiality and what should go in the imaging system. Our imaging system is FileNet IS. We have talked about going to P8 but don't have a strong functional requirement for it at this time.

The records we have on the imaging system are basically member benefit files. These files are confidential by law. Since we also administer health insurance programs and get into medical issues with disability retirees, HIPAA applies as well.

The approach we've taken to security is role based. That is access to information (images) is based on whether someone needs it to perform their job. In our case that is relatively easy since anyone who works with member files generally needs access to all of the documents in a file. 

However that model also creates perception problems because it gives the impression that in the imaging system "everyone has access to everything". So our biggest challenge as we begin to identify situations where we want to limit access to certain sets of documents, has been educating users about the security capabilities of the system and convincing them that they really do work.

FileNet has a very robust security system that allows restricting access in a variety of ways - subject, account type, etc. Basically if you can identify something in the attributes of a document that indicates it should have limited access, the security system can handle it. Some examples of restriction criteria that might apply are documents relating to our own employees, documents relating to divorce proceedings, documents relating to disability retirements or certain medical conditions, documents on appeals to benefit determinations, etc. The attributes governing the security restriction would either be set in the imaging data base and/or our mainframe data bases. In some cases users would have to manually identify the documents that need restrictions. 

We are only beginning to address this issue. The tendency has been for the more conservative groups (Legal, etc.) to "withhold" documents from the system they feel shouldn't have widespread access. This has a number of unfortunate side effects - dual processing paths for documents, difficulties in setting up procedures that have a high degree of integrity and accountability, lost documents, compliance problems when disclosure is required, etc.

Thus one of your main priorities needs to be establishing confidence in your user groups that the system can accommodate their needs for restricting access to information. And that the people that operate the system understand and respect those requirements. It's not an easy task or one that will be accomplished in one step. Progress tends to be incremental as you establish confidence and a trusting working relationship with each of these user groups.

Jimmie E. Savage, CRM
Manager, Member Data Services
Teacher Retirement System of Texas 

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]]On
Behalf Of Mary Frances Janicik
Sent: Wednesday, May 23, 2007 4:58 PM
To: [log in to unmask]
Subject: [RM] Imaging Medical and Restricted Files

I'm looking for guidance from RMs in other life insurance companies or the health industry on how they deal with the security issues related to imaging medical documents or restricted files. We define restricted files as those belonging to home office employees or producers, high net worth clients, or those with protected medical conditions.

Any advice you have on how to maintain the security of these documents to satisfy Legal & Compliance will be greatly appreciated. Since our Compliance team is extremely risk-averse, examples of how this is handled in other companies usually helps us sell our position.



Mary Frances Janicik, CRM


List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US