Document Retention Project Tool Worksheet

Similar documents
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Facility Security Policy

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Processing Amendment to Google Apps Enterprise Agreement

Identity Theft Prevention Policy

Self-Assessment Questionnaire A

peace of mind kit FAQ s Q: Is AccuPay bonded?

The Common Controls Framework BY ADOBE

An Introduction to the ISO Security Standards

Information Security Policy

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

Employee Security Awareness Training Program

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES

Colocation Service Terms

Section 1: Assessment Information

HIPAA Privacy and Security Training Program

Information Security Key Elements. for. irunway. Information Security. May 31, Public

Policy & Procedure HIPAA / PRIVACY DESTRUCTION

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

SHARED SERVICES COSTS

Donor Credit Card Security Policy

EXHIBIT A. - HIPAA Security Assessment Template -

ISO/IEC 17065:2012 VERTICAL/FILE REVIEW ASSESSMENT

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

Standard CIP Cyber Security Physical Security

Information Technology General Control Review

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Select Agents and Toxins Security Plan Template

GETTING STARTED WITH THE SIG 2014: A RESPONDENT S GUIDE By Shared Assessments

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Regulation P & GLBA Training

Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel

Recommendations for Implementing an Information Security Framework for Life Science Organizations

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Table of Contents. PCI Information Security Policy

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

SECURITY & PRIVACY DOCUMENTATION

STORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)

Checklist: Credit Union Information Security and Privacy Policies

IAM Security & Privacy Policies Scott Bradner

DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE

Records Retention Policy

( Utility Name ) Identity Theft Prevention Program

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Physical and Environmental Security Standards

Signature Practices and Technologies for TMF An Industry Overview. Kathie Clark Wingspan Technology Vice President Product Management

Cloud-Based Data Security

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

TELECOMMUNICATIONS ACCESS POLICY 2011

Code of Ethics Certification 2018 CHECKLIST

Keys to a more secure data environment

Standard CIP-006-4c Cyber Security Physical Security

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

Preparing for a Breach October 14, 2016

Reliability Standard Audit Worksheet 1

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

SOUTHERN CALIFORNIA EDISON COMPANY

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Wayne State University

TCP AUDIT QUESTIONNAIRE

Data Center Access Policies and Procedures

Standard CIP-006-3c Cyber Security Physical Security

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

SECTION 15 KEY AND ACCESS CONTROLS

INTERNATIONAL SOS. Information Security Policy. Version 2.00

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

The simplified guide to. HIPAA compliance

Applications/Data To Include in Survey (include applications that meet one or more of the following criteria)

ADIENT VENDOR SECURITY STANDARD

APPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES

HIPAA Security Checklist

STATE OF MINNESOTA PROFESSIONAL FUNDRAISER SOLICITATION NOTICE INSTRUCTIONS

HIPAA Security Checklist

Vendor Security Questionnaire

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

1.0 Executive Summary. 2.0 Features and Benefits

Building Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

Security Note. BlackBerry Corporate Infrastructure

Trust Services Principles and Criteria

FACILITY USER GUIDE. Colocation in Key Info s Agoura Court Data Center

Hosted Testing and Grading

Standard CIP-006-1a Cyber Security Physical Security

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) B GUIDE

Section 1: Assessment Information

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Records Information Management

Content Protection & Security Standard

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

IBM Cloud Service Description: Watson Analytics

Infrastructure Security Overview

Transcription:

Start Pg. Box A Document Retention On-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Documents stored On-site? If yes, go to question ; If no go to the for Off- Site storage. Documents stored in a Secure Location?. Storage location is within the main facility?. Secured behind locked door and access is limited to appropriate facility personnel?. If yes to both. and., skip to Question, If no to either or both. and/or., go to question. Can the documents be secured?. If yes to question, secure documents within the main facility behind a locked door in which access is limited to appropriate personnel at the facility, then go to question.. If no to question, Contact CCD and initiate the "Move Process" by first applying destruction criteria in question 6, continue through question 7 to relocate all stored documents. Pg, Pg, Box C Pg, Box F Pg, Box F 5 6 Are the documents "known"?. Does the facility maintain an accurate log, manifest or inventory of stored material? Documents that are required for recall can be obtained in a timely manner without searching through multiple boxes?. If yes, the documents are Known, go to Question 5; If no skip to question 6. On-site storage location meets requirements? 5. Documents stored on-site require immediate and frequent access or planned storage less than one year? 5. Is an accurate index of all documents maintained? 5. Are all boxes labeled with destruction dates? 5. Are documents destroyed in a timely manner and pursuant to the CHSPSC Document Retention Policy and schedule? 5.5 Is the On-site storage location an effective use of Facility space? 5.6 If the answers to questions 5. - 5.5 are all yes, maintain current On-Site storage area and follow Retention Requirements via CHSPSC Document Retention Policy; If any answer was no, go to question 6. 6. Destroy documents with surpassed retention periods; follow CHSPSC Document Retention 6. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention 6. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an 6. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool); Obtain certificate of destruction 6.5 Note number of boxes destroyed, retain Certificate of Destruction and identify any remaining boxes that must be moved to a secure storage location and/or vendor. 6.6 Criteria for every group of Unknown documents in storage less than 5 years: 6.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance 6.6. B. Answer the questions below for each group of Unknown non-medical record documents. 6.6.. Are there any accurate logs, manifests or inventories, formal or informal, maintained for 6.6.. Is a log kept of boxes retrieved from this location? 6.6.. When was the last time a box was retrieved from this location? For what purpose was that 6.6.. What types of documents are stored at this location? 6.6..5 How long have documents been stored at this location? 6.6..6 Were documents stored at this location prior to the acquisition of this facility by CHS? 6.6..7 Are documents currently being added to storage at this location? 6.6..8 When was the last time a box was added to storage at this location? 6.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 7 Will Documents be moved? On-Site Storage Worksheet: Page of

Pg, Box D Document Retention On-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Note: prior to initiating the move process, destruction criteria (Box F) must be applied. For any documents not meeting the criteria to be destroyed, execute one or more of the actions below: Medical records in the HIIM Department: contact Regional HIIM Director for guidance storing 7. with EvriChart All other documents, including documents with PHI, but not HIIM department medical records, contact X records storage vendor for previously negotiated discounted pricing 7. 7. If you do not have a contract for document storage, contact your CCD for guidance On-Site Storage Worksheet: Page of

Off-Site Storage Pg, Pg, Pg, Box F Pg, Box F Document Retention Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Are documents stored at Iron Mountain or EvriChart? If yes, go to question ; If no go to the for Other Off-Site storage. Note: Documents stored with Iron Mountain or EvriChart are defined as "Secure". Are the documents "known"?. Does the facility maintain an accurate log, manifest or inventory of stored material? Documents that are required for recall, can be obtained in a timely manner without searching through multiple boxes?. If yes, the documents are Known, go to Question ; If no skip to question.. Have any documents have met required retention period? If yes, go to Question ; If no, Maintain Retention Requirements via CHSPSC Document Retention Policy.. Destroy documents with surpassed retention periods; follow CHSPSC Document Retention. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool): Obtain certificate of destruction.5 Note number of boxes destroyed, retain Certificate of Destruction..6 Criteria for every group of Unknown documents in storage less than 5 years:.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance.6. B. Answer the questions below for each group of Unknown non-medical record documents..6.. Are there any accurate logs, manifests or inventories, formal or informal, maintained for.6.. Is a log kept of boxes retrieved from this location?.6.. When was the last time a box was retrieved from this location? For what purpose was that.6.. What types of documents are stored at this location?.6..5 How long have documents been stored at this location?.6..6 Were documents stored at this location prior to the acquisition of this facility by CHS?.6..7 Are documents currently being added to storage at this location?.6..8 When was the last time a box was added to storage at this location?.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 Off-Site Storage Worksheet: Page of

Other Off-Site Storage Pg. Box B Document Retention Other Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions Does the storage vendor meet all Off-site physical security requirements?. Storage vendors has perimeter security (e.g. fence, proximity sensors, monitored cameras, /7 Guard)?. Are all entry points are locked?. Is there controlled access to facility via badge, guard, key or keypad?. All employees must have background checks to screen out potential employees for arrests and/or convictions including: theft and/or identity theft.5 Is an access log maintained for all visitors?.6 Does the storage locations have /7 guard and/or video surveillance?.7 Is there intrusion, fire protection and moisture alarm systems?.8 The storage facility has HVAC climate controlled units to prevent freeze and exposure to extreme heat?.9 Multi tenant storage segregation; Is the CHS affiliate storage inaccessible to others? If yes to questions. -.9 the documents are "Secure", go to question ; If no to any of the questions. -.9, initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Click here for hyper link to FDQ Pg, Box E Is the storage vendor a Potential Referral Source?. Obtain and review the Financial Disclosure Questionnaire (FDQ). If no, go to question ; If yes initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Is the financial arrangement cost effective?. Obtain contract or agreement of current vendor that specifies the Other Off-Site storage vendors costs. Open the "Other Off-Site Storage vendor Cost Comparison_Template.xlsx" spreadsheet. Enter the Other Off-Site storage vendor costs for each the billing category that match and review the results in row 0, columns K-M. Review with CFO and determine which vendor is more cost effective for Off-Site storage.. If experiencing issues using the spreadsheet email. If the financial arrangement is cost effective go to step, if not cost effective, initiate the "Move Process" by first applying destruction criteria in question 7, continue through question 8 to relocate all stored documents. Is there a current fully executed contract?. If yes, go to Question 5; If no, contact your CCD ASAP, if required, the respective CCD will engage Legal to determine the next steps. 5 Is there a current *CHS BAA attached to the contract? 5. If yes, maintain Retention Requirements via CHSPSC Document Retention Policy; If no, contact your CCD ASAP, if required, The respective CCD will engage with Legal to determine the next steps. The most current BAA must be executed and in effect. 6 *Use Current CHS BAA Legal and Compliance Team Review 6. Left intentionally blank to document Compliance and Legal team notes and findings. Pg, Box F 7 7. Destroy documents with surpassed retention periods; follow CHSPSC Document Retention 7. Destroy Unknown documents in storage for 5 years or greater; follow CHSPSC Document Retention 7. Excludes documents with a litigation hold - contact Legal if you are unsure if there is an 7. Contact an approved destruction vendor (See Box D on page of the Document Retention Project Tool); Obtain certificate of destruction 7.5 Note number of boxes destroyed, retain Certificate of Destruction and identify any remaining boxes that must be moved to a secure storage location and/or vendor. 7.6 Criteria for every group of Unknown documents in storage less than 5 years: OtherOff-Site Storage Worksheet: Page of

Pg, Box F Document Retention Other Off-Site Storage Worksheet Response Actions Taken Questions, Answers and Actions 7.6. A. HIIM Medical Records; contact Regional HIIM Director for guidance 7.6. B. Answer the questions below for each group of Unknown non-medical record documents. 7.6.. Are there any accurate logs, manifests or inventories, formal or informal, maintained for 7.6.. Is a log kept of boxes retrieved from this location? 7.6.. When was the last time a box was retrieved from this location? For what purpose was that 7.6.. What types of documents are stored at this location? 7.6..5 How long have documents been stored at this location? 7.6..6 Were documents stored at this location prior to the acquisition of this facility by CHS? 7.6..7 Are documents currently being added to storage at this location? 7.6..8 When was the last time a box was added to storage at this location? 7.7 Provide answers to the best of your ability, DO NOT index or inventory records, contact CCD for guidance if the records are Unknown and storage time can be confirmed at less than 5 Pg, Box D 8 Will Documents be moved? Note: prior to initiating the move process, destruction criteria (Box F) must be applied. For any documents not meeting the criteria to be destroyed, execute one or more of the actions below: 8. Medical records in the HIIM Department: contact Regional HIIM Director for guidance All other documents, including documents with PHI, but not HIIM department medical records, contact X records storage vendor for previously negotiated discounted pricing 8. If you do not have a contract with X for document storage, contact your CCD for guidance 8. CHSPSC Compliance Department requires the FCO and CEO to complete a & Attestation to certify complete and accurate review of each Document Retention Project Tool. A signature blank has been provided at the end of the document; typed names will be accepted as signature. By signing this document, you are certifying the following: I certify the Document Retention Project Tool has been completed for each survey response. All issues of concern or non-compliance have been reported to a CHSPSC Compliance Director. FCO Signature Date CEO Signature Date OtherOff-Site Storage Worksheet: Page of

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback