So, you’re ready to digitize your business records to maintain compliance with government and industry regulations. Should you be looking for a document management system or software that is exclusively for records management? Actually, document management enables you to digitize and archive both documents and records. Let’s explore the differences between the two to clarify the situation.
Records are evidence of a transaction, decision or commitment that an individual, company, nonprofit or government agency has made. A document becomes a record after a business process is completed. Records often contain many parts that can include documents, photos, and video. They are stored in final form in case they’re needed as confirmation that an action took place rather than because they’re in active use. They cannot be edited or revised. They are often subject to internal and external audits which are required to confirm compliance with industry, state and federal regulations.
Proving compliance, limiting access to information to authorized personnel, ensuring security, and enforcing retention schedules are among the main objectives of records management. The goal of document management is broader. Its objectives include easy storage and retrieval, capture and categorization of paper and electronic documents, workflow automation and emphasizes document and data security and protection against cyberthreats.
The path from document to record
- Contract: When terms are agreed upon, it has been signed by all necessary stakeholders and is ready to be executed
- Invoice: When it is approved and paid
- Warrant: When an arrest is made or the warrant is recalled
- Financial aid application: When financial aid is awarded or the application is rejected
- Tax return: When it is submitted to the IRS and money is returned or taxes that are owed are paid
Monitoring retention schedules without an office automation system can get messy
You’ll notice that the retention requirements in the brief examples below vary widely. This makes it difficult, if not impossible, to keep track of retention schedules manually — and the cost of noncompliance can be substantial.
Student records governed by the Family Educational Rights and Privacy Act (FERPA)
- Temporary student records like attendance data — at least 5 years
- Permanent records — at least 60 years
Consequences of noncompliance include the possibility that a public school may lose funding from the Department of Education.
Business tax records
- Past tax returns — 3 years
- Receipts — 3 years
- Employee tax records — 4 years
- Deduction of the cost of bad debt —7 years
Consequences of noncompliance include paying extra tax because your company hasn’t kept proof of planned deductions; tax adjustment after an audit and audit failures that result in large fines.
Sarbanes-Oxley Act (SOX)
- Audit and review documents — 7+ years
- Payroll records, tax records, ledgers and other records — 7+ years
- General correspondence, credit card receipts and employment applications — 3 years
- Consequences of noncompliance: include the potential for millions of dollars in fines and penalties brought against a company as well as removal from listings on public stock exchanges.
The Health Insurance Portability and Accountability Act (HIPAA)
- HIPAA provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. HIPAA does not mandate medical records retention requirements because each state has its own laws regarding this, and HIPAA does not pre-empt these laws. However, HIPAA data retention requirements that apply to documentation like policies, procedures, assessments and reviews.
- HIPAA-related documents – must be maintained for 6 years after the content was last used or in effect. When a state-mandated records retention period ends the Protected Health Information (PHI) must be destroyed according to HIPAA standards.
Consequences of noncompliance include substantial fines and penalties
The General Data Protection Regulation (GDPR)
- GDPR was passed by the European Union (EU) and has far-reaching effects. Even if your organization isn't based in Europe, it may still have to comply with the rules of the GDPR when it comes to records management, particularly if it works with clients or companies in the EU.
- GDPR data retention rules require any personal data that is collected or processed to be kept only for as long as data is required to achieve the purpose for which the information was collected, although there are exceptions.
Consequences of noncompliance: If there’s a likely infringement a warning may be issued If there is a proven infringement there is the potential for a reprimand, a temporary or permanent ban on data use and of fine of up to 20 million euros or 4% of a businesses' annual revenue depending on which is higher.
What are the primary components of records management?
- Archiving: A record must be saved in a secure repository with a unique identifier and indexed so that it can also be retrieved by name, date, keyword, fulltext search and other criteria that an organization defines.
- Retention schedule enforcement: A record must be stored and eventually destroyed according to a defined set of rules established for each document type.
- Access controls: Authorized users must be able to access, retrieve, and read the record – but make no changes to it. Occasionally, there is a reason to allow changes to the metadata associated with a record.
- Audit trail: The lifecycle of a record should be trackable from beginning to end.
- Security: Encryption and a robust access rights structure to prevent unauthorized changes.
- Disaster recovery and business continuity: Records must be stored in multiple locations in paper or electronic format.
How does document management encompass records management?
A document management system provides all the business-critical functions needed to meet any records management requirement as well as managing information and documents that are part of active business processes.
These capabilities include:
- Indexing transforms documents into manageable information by reading key portions of data and storing each data point as an index value. These index values describe the purpose and content of the document and are ultra-efficient for searching and organizing documents.
- Archiving and retrieval take place after records are routed to the correct location via automated workflows. The index data previously assigned to the record ensures clear organization and quick retrieval by authorized users.
- Digital workflows use predefined processes to automatically archive records and enforce retention schedules.
Comprehensive security and backup measures include:
- Authentication via a unique username and password. This not only allows specific access rights to be assigned but ensures a complete audit trail of which document was accessed, by whom, and what actions were taken.
- Encryption of cloud-based communication through TLS, HTTPS and HSTS to protect against protocol download attacks and cookie high jacking.
- Geographically distributed digital backups, housed in high-security Microsoft Azure data center, safeguard vital information and ensure quick data recovery without unexpected expenditures.
DocuWare Cloud takes a New York State town into the digital age
When records management is a manual process, it’s inconvenient and time-consuming for everyone involved. For example, if town records like deeds, property surveys, birth, marriage and death certificates are filed on paper citizens have to go to the town or city hall to request a copy.
The Town of Oakfield needed a modern record system. Prior to their digital transformation with DocuWare Cloud, their government offices filed and retrieved their official documents and records manually. Keeping paper records required adding physical space, and the price quote to add a records retention room was $300,000. Additionally, the record-keeping personnel relied completely on their senior council members to guide them as to what day/month/year certain documents may be filed by. This tedious and antiquated system based on human memory needed to be replaced by a modern digital one.
The Town’s office staff currently stores over 40,000 documents in DocuWare’s electronic file cabinets. Approximately 300 new documents are scanned and stored each month. This includes records from the three town cemeteries, vouchers, and highway and inventory data. Given the volume of data that needs to be securely stored and retrieved on an ongoing basis, DocuWare Cloud offers anytime anywhere access to everything the staff need, ensuring that all business processes can continue in an efficient and highly productive manner. By going digital, the town no longer needed physical space for record retention, saving over half a million dollars.
To find out how DocuWare Cloud can meet your company’s records management requirements and provide a complete document management system that can be used across every department in your company: Request a demo.