Compliance Strategies for Records Management Michelle Ryder

Agenda Introduction Higher Education Records Management Scenario Healthcare Records Management Q&A

Introduction BS in Business Administration; UMW MBA and MS in Healthcare Management; Marymount Marymount Advancement since 2010 Constituent Management Gift Processing Receipts / Tax Compliance Acknowledgements Data Maintenance (Ellucian) Prospect Research Prospect Reports Prospect Management Campaign Research

Higher Education Confidentiality Agreements Employees Usually held by HR and IT departments Protect the institution andconstituents of the institution Students Usually held by Manager of the student worker Certain access granted; protects the institution and constituents and the student! Example for Student Agreement

Higher Education Maintenance vs. Inquiry Marymount = Ellucian All Databases have some form of Inquiry vs. Maintenance Inquiry Access Access to view specific information through the system Maintenance Actual maintenance of data; access to change information and run reports Why does this matter? You should not give maintenance access to more than one or two individuals in a department Procedures as to who updates what are needed

Higher Education In-Office Information Privacy Credit Card Numbers PCI Compliance DO NOT keep cc numbers in office (black out) DO NOT send cc through email unless secure Prospect Files Under lock and key No medical or health information Available to prospects at any time

Higher Education Pledge Agreements Verbal vs. Written Verbal cannot be entered as a technical pledge and cannot be enforced Written pledge agreements should be kept as you keep your gift files Should specify exactly what the donor and institution have agreed on (time, contingencies, programs, etc.) Example of our Gift/Pledge Agreement

Higher Education Campaign Planning and Campaigns Campaign Consultants Interviews with Potential Donors Accounting for Pledges vs. Gifts They effect the bottom line differently Record keeping outside of the official gift numbers Excel Spreadsheets Naming Opportunities Presentation to Donor Pledge Releases Anonymous Donors

Higher Education FERPA Rights of Parents Prior Consent for disclosure of information Donor Information FAFSA Information Rights of Students Directory Information Education Records

Higher Education Scenario 1 An alumnus calls in looking for contact information for his college girlfriend. He knows her name and grad year. He would like for you to give him her phone number. What should you do?

Higher Education Scenario 2 A donor has generously worked out an agreement to donate $1 million to your Catholic University. It turns out, the donor is also a heavy supporter of Planned Parenthood. Should you continue with the agreement or turn down the gift?

Healthcare Physical Records Universal switch to digital records Kept under lock and key Need for more privacy in healthcare; break-ins, stealing, etc.

Healthcare Digital Records Requirements Now required to switch Must be on compatible devices that are password protected Confidentiality All confidentiality laws still apply to digital record keeping Patient Access Patient’s can still request to see their information at any time Websites are being created for Patient’s to login to their own accounts and access their information and request appointments Must be encrypted and password protected

Healthcare Confidentiality Agreements and Training (Optima Health) Each employee is required to sign an updated confidentiality agreement annually Each employee is required to read and sign off on compliance agreements annually Each employee is required to participate in annual webinars based on confidentiality, compliance and workplace ethics

Healthcare Computer Restrictions Insurance companies should restrict access to all organization computers Each employee should have a password and be required to logout of their system anytime they are away from their computer Passwords should be changed regularly Each employee should have independent access based on their needs Employees should only have access to individual patient files if needed

Healthcare Digital Copies / Scanning Password Protected Documents Shared Drives with access granted to individual departments Network Secure System Outside emails are secured by typing {SECURE} in subject line

Healthcare Confidential Shredding Most companies are switching to electronic record keeping systems All physical records should be shredded by an organization that specializes in confidential shredding Ex: IronMountain Records should never be placed in trashcans

Healthcare Governing body is HIPAA Healthcare HIPAA Healthcare Governing body is HIPAA “The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.” Covers rights of physicians, insurance agencies, patients, patient’s family, etc. HHS.gov

Healthcare Scenario 1 A young woman named Erin is about to attend college. Her stepmother calls your physician’s office to get copies of all needed forms to send to the school. After checking Erin’s record you see that her next of kin are only listed as her mother and father. Her stepmother is persistent. What should you do?

Healthcare Scenario 2 You work for a Health Insurance Company. In a staff meeting, someone brings up the need to streamline the process of sending payment information to patients. They want to institute an automated calling system that will notify patients of their upcoming payments. Do you see anything wrong with this? For example, what if you have an incorrect telephone number?

QUESTIONS