So, you’re ready to digitize your business records to maintain compliance with government and industry regulations. Should you be looking for a document management system or software that is exclusively for records management? Document management enables you to digitize and archive both documents and records. Let’s explore the differences between the two to clarify the situation.
Table of Contents
- What is records management?
- What is document management?
- Document management vs records management: what are the key differences?
- The cost and chaos of manually monitoring record retention schedules
- DocuWare Cloud takes a New York state town into the digital age
- Document management vs records management: What does your business need?
What is records management?
Records are evidence of a transaction, decision or commitment that an individual, company, nonprofit or government agency has made. A document becomes a record after a business process is completed. Records often contain many parts that can include documents, photos and videos.
Proving compliance, limiting access to information to authorized personnel, ensuring security and enforcing retention schedules are among the main objectives of records management.
The primary components include:
- Archiving: A record must be saved in a secure repository with a unique identifier and indexed so that it can also be retrieved by name, date, keyword, fulltext search and other criteria that an organization defines.
- Retention schedule enforcement: A record must be stored and eventually destroyed according to a defined set of rules established for each document type.
- Access controls: Authorized users must be able to access, retrieve and read the record – but do not have the ability to change it. Occasionally, there is a reason to allow changes to the metadata associated with it.
- Audit trail: The lifecycle of a record should be trackable from beginning to end.
- Security: Encryption and a robust access rights structure are necessary to prevent unauthorized changes.
- Disaster recovery and business continuity: Records must be stored in multiple locations in paper or electronic format to preserve them in case of natural or manmade disasters or a data breach.
What is document management?
Document management provides business-critical functions that meet every records management requirement as well as those that are part of active business processes. It captures, organizes, and manages paper and digital documents while facilitating easy collaboration and retrieval. Unlike records management, which is concerned with preserving final, immutable evidence of actions taken, document management addresses the entire document journey, including drafts, revisions, discussions and works in progress.
Its core capabilities include:
- Indexing: A DMS platform transforms documents into manageable information by reading key portions of data and storing each data point as an index value. These index values describe the purpose and content of the document and are ultra-efficient for searching and organization.
- Archiving and retrieval: This process takes place after records are routed to the correct location via automated workflows. The index data previously assigned to the record ensures clear organization and quick retrieval by authorized users.
- Digital workflows: Document management software uses predefined steps based on an organization’s business rules. The workflow also controls the activities that start it; for example, storing an incoming invoice or other document. Certain deadlines or a change in the status, like approval, can also kick off a workflow. Automated workflow management controls and monitors the workflow with minimal human intervention.
Most document management systems include comprehensive security and backup measures including:
Authentication via a unique username and password. This not only allows specific access rights to be assigned but ensures a complete audit trail of which document was accessed, by whom, and what actions were taken.
Encryption of cloud-based communication through TLS, HTTPS and HSTS to protect against protocol download attacks and cookie high jacking.
Geographically distributed digital backups, housed in high-security data centers to safeguard vital information and ensure quick data recovery without unexpected costs.
Document management and records management might seem alike at first glance, but they handle different business needs.
Records management focuses on maintaining evidence of business transactions and regulatory compliance, while document management encompasses a broader approach to handling information throughout an organization.
Records are:
Not in active use. Stored in final form. Cannot be edited or revised.
Often subject to internal and external audits to confirm compliance with industry, state and federal regulations.
As a result, record management systems enforce strict retention schedules and focus on documents that have completed their active lifecycle.
This contrasts document management which:
Handles documents throughout their entire lifecycle, including creation and active use. Focuses on collaboration and the efficient flow of information. Enables document editing, versioning and tracking. Emphasizes accessibility and productivity across the organization. DMS software incorporates digital workflows automation and provides data security and protection against cyberthreats for both active documents and records. The cost and chaos of manually monitoring record retention schedules
Managing retention schedules manually is a daunting and error-prone task that can lead to serious compliance issues and financial penalties if it’s not done properly.
You’ll notice that the retention requirements in the brief examples below vary widely. This makes it difficult, if not impossible, to keep track of retention schedules without a record management system.
Student records
These retention schedules are governed by the Family Educational Rights and Privacy Act (FERPA).
- Temporary student records like attendance data — at least 5 years.
- Permanent records — at least 60 years.
Consequences of noncompliance include: The possibility that a public school may lose funding from the Department of Education.
Business tax records
- Past tax returns — 3 years.
- Receipts — 3 years.
- Employee tax records — 4 years.
- Deduction of the cost of bad debt —7 years.
Consequences of noncompliance include: Paying extra tax because your company has not kept proof of planned deductions; tax adjustment after an audit and audit failures that result in large fines.
Sarbanes-Oxley Act (SOX)
- Audit and review documents — 7+ years.
- Payroll records, tax records, ledgers and other records — 7+ years.
- General correspondence, credit card receipts and employment applications — 3 years.
Consequences of noncompliance include: the potential for millions of dollars in fines and penalties brought against a company as well as removal from listings on public stock exchanges.
The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA provides federal protections for personal health information (PHI) held by covered entities, such as hospitals and insurance companies, and gives patients an array of rights with respect to that information. HIPAA does not mandate medical records retention requirements because each state has its own laws and HIPAA does not pre-empt them.
However, HIPAA data retention requirements apply to documentation like policies, procedures, assessments and reviews. These documents – must be maintained for 6 years after the content was last used or in effect. When a state-mandated records retention period ends, the Protected Health Information (PHI) must be destroyed according to HIPAA standards.
Consequences of noncompliance include: Substantial fines and penalties.
General Data Protection Regulation (GDPR)
GDPR is a European Union (EU) regulation that has far-reaching effects. Even if your organization isn't based in Europe, it will still have to comply with GDPR if it works with customers or companies in the EU.
GDPR data retention rules require any personal data that is collected or processed to be kept only for as long as data is required to achieve the purpose for which the information was collected, although there are exceptions.
Consequences of noncompliance include: If there’s a likely infringement, a warning may be issued. If there is a proven infringement, there is the potential for a reprimand, a temporary or permanent ban on data use and a fine of up to 20 million euros or 4% of a company’s annual revenue depending on which is higher.
Improve Document Security
Will your security standards protect your data, reduce risk and enforce compliance? Get our ebook and find out.
DocuWare Cloud takes a New York state town into the digital age
When records management is a manual process, it’s inconvenient and time-consuming for everyone involved. For example, if town records like deeds, property surveys, birth, marriage and death certificates are filed on paper citizens must go to the town or city hall to request a copy. The Town of Oakfield needed a modern record system. Prior to their digital transformation with DocuWare Cloud, their offices filed and retrieved official documents and records manually. Continuing to maintain paper records would require more physical space, and the cost of adding a records retention room was quoted at $300,000. Additionally, the records management personnel relied completely on their senior council members to notify them as to when documents could be deleted. This tedious and antiquated system based on human memory needed to be replaced by a modern digital one.
The Town’s office staff currently stores over 40,000 documents in DocuWare’s electronic file cabinets. Approximately 300 new documents are scanned and stored each month. This includes records from the three town cemeteries, vouchers, highway, and inventory data. Given the volume of data that needs to be securely stored and retrieved on an ongoing basis, DocuWare Cloud offers instant access to everything the staff need, ensuring that all business processes can continue in an efficient and highly productive manner. As a result of going digital, the town no longer needed physical space for record retention, saving over half a million dollars.
Document management vs. records management: What does your business need?
When deciding between document management vs records management solutions, it’s important to consider your organization’s primary needs. If your focus is on regulatory compliance, audit preparation and evidence preservation, a dedicated records management solution might seem sufficient. However, most organizations benefit significantly from choosing a comprehensive document management system that includes records management capabilities.
A market-leading DMS like DocuWare Cloud provides the best of both worlds: efficient document handling for day-to-day operations with robust records management for compliance purposes. This integrated approach eliminates silos between active documents and records.
To find out how DocuWare Cloud can meet your company’s records management requirements and provide a complete document management system that can be used across every department in your company: Request a demo.
