LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FERPA/HIPAA at Universities
From:	"Lyons, Sherry A" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 30 Aug 2011 13:19:51 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (19 lines)

Hi Erin,

I think your IT dept was right about getting permission from the process owners for access. However, I also think the process owners are adhering to a very narrow interpretation of the law and that a meeting with all of the players would be beneficial. I don't find anything in FERPA or HIPAA that excludes the Records Management staff from viewing those records, especially if you are trying to apply retention periods to the data. Here, at The University of Texas at Houston, the Records Management department owns and manages EMC Documentum - which houses all of our imaged records, in addition to content management. We also use the Records Manager / Retention Policy Services modules to manage the records in Documentum. Each application has a functional process owner that sets the security wrappers, for lack of a better word, and determines other parameters for their process.

The overall Documentum Administrator and the Records Manager (me) have access to all of the records within Documentum - students, patients, research, etc. Our process has very reviewed and approved by Legal, Compliance, the Privacy officer, the HIPAA officer, Risk Management; a seemingly never-ending list of departments and functions without issue. When other areas ask for access to a Documentum application, we direct them to that process owner / department head. Usually, they will pull any information the other department needs and in some rare instances, grant temporary access to a specific employee. Requesting / granting access is usually an electronic process with digital signatures required.

Perhaps some open discussion with your departments could clear up any misconceptions.

**********
Thanks,
Sherry A. Lyons, CRM
[log in to unmask]
713-500-8504

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US