Embed Size (px)
Citation preview
Michelle Ryder
Compliance Strategies for
Records Management
AgendaIntroductionHigher Education Records Management
ScenarioHealthcare Records Management
ScenarioQ&A
IntroductionBS in Business Administration; UMWMBA and MS in Healthcare Management; MarymountMarymount Advancement since 2010Constituent Management
Gift ProcessingReceipts / Tax ComplianceAcknowledgementsData Maintenance (Ellucian)
Prospect ResearchProspect ReportsProspect ManagementCampaign Research
Higher Education
Confidentiality AgreementsEmployees
Usually held by HR and IT departmentsProtect the institution andconstituents of the
institutionStudents
Usually held by Manager of the student worker
Certain access granted; protects the institution and constituents and the student!
Example for Student Agreement
Higher Education
Maintenance vs. InquiryMarymount = EllucianAll Databases have some form of Inquiry vs.
MaintenanceInquiry Access
Access to view specific information through the system
MaintenanceActual maintenance of data; access to change
information and run reportsWhy does this matter?
You should not give maintenance access to more than one or two individuals in a department
Procedures as to who updates what are needed
Higher Education
In-Office Information PrivacyCredit Card Numbers
PCI ComplianceDO NOT keep cc numbers in office (black out)DO NOT send cc through email unless secure
Prospect FilesUnder lock and keyNo medical or health informationAvailable to prospects at any time
Higher Education
Pledge AgreementsVerbal vs. Written
Verbal cannot be entered as a technical pledge and cannot be enforced
Written pledge agreements should be kept as you keep your gift files
Should specify exactly what the donor and institution have agreed on (time, contingencies, programs, etc.)
Example of our Gift/Pledge Agreement
Higher Education
Campaign Planning and CampaignsCampaign Consultants
Interviews with Potential DonorsAccounting for Pledges vs. Gifts
They effect the bottom line differentlyRecord keeping outside of the official gift
numbersExcel Spreadsheets
Naming OpportunitiesPresentation to DonorPledge Releases
Anonymous Donors
Higher Education
FERPARights of Parents
Prior Consent for disclosure of informationDonor InformationFAFSA Information
Rights of StudentsPrior Consent for disclosure of informationDirectory InformationEducation Records
Higher Education
Scenario 1
An alumnus calls in looking for contact information for his college girlfriend. He knows her name and grad year. He would like for you to give him her phone number. What should you do?
Higher Education
Scenario 2
A donor has generously worked out an agreement to donate $1 million to your Catholic University. It turns out, the donor is also a heavy supporter of Planned Parenthood. Should you continue with the agreement or turn down the gift?
Healthcare
Physical RecordsUniversal switch to digital recordsKept under lock and keyNeed for more privacy in healthcare; break-
ins, stealing, etc.
Healthcare
Digital RecordsRequirements
Now required to switchMust be on compatible devices that are
password protectedConfidentiality
All confidentiality laws still apply to digital record keeping
Patient AccessPatient’s can still request to see their
information at any timeWebsites are being created for Patient’s to
login to their own accounts and access their information and request appointments
Must be encrypted and password protected
Healthcare
Confidentiality Agreements and Training (Optima Health)
Each employee is required to sign an updated confidentiality agreement annually
Each employee is required to read and sign off on compliance agreements annually
Each employee is required to participate in annual webinars based on confidentiality, compliance and workplace ethics
Healthcare
Computer RestrictionsInsurance companies should restrict access
to all organization computersEach employee should have a password and
be required to logout of their system anytime they are away from their computer
Passwords should be changed regularlyEach employee should have independent
access based on their needsEmployees should only have access to
individual patient files if needed
Healthcare
Digital Copies / ScanningPassword Protected DocumentsShared Drives with access granted to
individual departmentsNetwork Secure System
Outside emails are secured by typing {SECURE} in subject line
Healthcare
Confidential ShreddingMost companies are switching to electronic
record keeping systemsAll physical records should be shredded by
an organization that specializes in confidential shreddingEx: IronMountain
Records should never be placed in trashcans
Healthcare
HIPAAHealthcare Governing body is HIPAA
“The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.”
Covers rights of physicians, insurance agencies, patients, patient’s family, etc.
HHS.gov
Healthcare
Scenario 1
A young woman named Erin is about to attend college. Her stepmother calls your physician’s office to get copies of all needed forms to send to the school. After checking Erin’s record you see that her next of kin are only listed as her mother and father. Her stepmother is persistent. What should you do?
Healthcare
Scenario 2
You work for a Health Insurance Company. In a staff meeting, someone brings up the need to streamline the process of sending payment information to patients. They want to institute an automated calling system that will notify patients of their upcoming payments. Do you see anything wrong with this? For example, what if you have an incorrect telephone number?
QUESTIONS
