Records Management Policy

I. PURPOSE

1. Policy Statement

RowanSOM recognizes that the efficient management of its records, regardless of their form or medium, is essential to support its core functions, to comply with its legal and regulatory obligations, and to contribute to the effective overall management of the institution. RowanSOM further recognizes that proper methods of records disposal and the determination of what records should be stored in the RowanSom Archives for permanent preservation is an important responsibility. This document provides the policy framework through which to meet this responsibility.

To establish RowanSOM policy for the administration of the Records Management Program and to develop procedures for the creation, use, retention, storage, and destruction of RowanSOM’s records to ensure sound records management practices and comply with all applicable State and Federal retention laws and regulations and in accordance with N.J.S.A. Title 47, Public Records, the Department of State, Division of Archives and Records Management (DARM), and N.J.A.C. 15:3 et seq.

2. Reason for This Policy

• To promote efficient administration and management of the records of RowanSOM.
• To provide guidance on the maintenance, retention, storage and disposition of official records based on their fiscal, legal, administrative, and historical value to RowanSOM.
• To reduce and/or prevent unnecessary legal and fiscal responsibility caused by retaining RowanSOM records longer than the retention schedules authorizes or by premature disposal of RowanSOM records.

3. Who Should Read This Policy

All members of the RowanSOM community

4. Related Documents and Links

RowanSOM Records Management Program (includes Records Retention Schedules)

• Processing Division of Archives and Records Management (DARM) forms:
  • NJ Request and Authorization Form Records Disposal Form
  • Artemis Records Retention & Disposition Management System (Help Manual)
• Identity Theft Compliance Policy
• Draft Information Security Classification Policy
• Minimum Security Standards for Networked Devices
• NIST Special Publication 800-88, Guidelines for Media Sanitization 

II. ACCOUNTABILITY

Under the direction of the President, the Executive Vice President for Academic and Clinical Affairs, Deans and department administrators shall ensure compliance with this policy.

III. APPLICABILITY

This policy applies to all public records created or received at RowanSOM units.

IV. DEFINITIONS

A. Definition of a Record
RowanSOM records are defined as any and all data or information in a fixed form and in any format that is created or received in the course of institutional activity and retained as evidence of that activity for future reference. Records include all textual or printed materials including, but not limited to, papers, manuscripts, correspondence, books, maps, drawings, plans; microfilm, photographs, sound and moving image recordings, electronic data and/or machine readable data on all mediums or other documentary materials regardless of physical form and characteristics.

B. Vital Records
Some RowanSOM records are “essential”; meaning that their loss would jeopardize the rights and privileges of RowanSOM. Vital records include records whose legal status and informational value to RowanSOM is so great, and the consequences of loss are so severe, that special protection is justified in order to reduce the risk of loss. The following records are considered to be essential:

• Records containing information required to re-establish or continue the university in the event of a disaster
• Records containing unique and irreplaceable information necessary to recreate the university’s legal and financial position
• Records that preserve the rights of the organization and its employees, students, and other constituent groups

C. Electronic Records
Electronic records consist of information captured through electronic means, and which may or may not have a paper record to back them up. Electronic records are data or information that has been captured and fixed for storage and manipulation in an automated system and requires the use of the system to render it intelligible by a person. "Electronic records" can encompass both analog and digital information formats and most often refers to records created in electronic format (born digital) but is sometimes used to describe scans of records from other formats. Examples of electronic records include, but are not limited to, email, text messages, PDFs, word processing documents, digital photographs, sound recordings, moving images, formatted data, spreadsheets, databases, and records existing in a university computing cloud such as emails, instant message conversations, calendars, videos, blogs, etc.

D. Archival Records
Archival records are defined as any and all data or information in a fixed form and in any format that is created or received in the course of institutional activity and are permanently retained because of their enduring informational, evidential, and historical value.

E. Active Record
An active record is a RowanSOM record that is currently being used during the ordinary course of RowanSOM business.

F. Inactive Record
An inactive record is a RowanSOM record that is no longer being used in the ordinary course of RowanSOM business, but must still be retained until the end of its Records Retention Schedule.

G. Expired Record
An expired record is a RowanSOM record that is no longer being used in the ordinary course of RowanSOM business when such record has fulfilled its retention requirement in accordance with the Records Retention Schedule and does not need to be permanently retained. A record cannot be considered “expired” if it is currently subject to a “Litigation Hold Notice.”

H. Office of Record
The Office of Record is the designated division, department, unit or individual, as identified in the Records Retention Schedule, responsible for both the retention and timely destruction of RowanSOM records in accordance with this policy.

I. Retention Schedule
The Records Retention Schedule provides a list of official records for each major administrative department in RowanSOM and prescribes the periods of authorized retention. The schedule may be revised periodically to include a newly created record series, to change retention periods, or to address records that are no longer useful or that are obsolete. A RowanSOM record, regardless of the format in which it is created, must be retained for designated periods of time and may only be disposed of in accordance with approved retention and disposition schedules. Once a RowanSOM record has satisfied its retention period, the retention schedule will dictate the document’s ultimate disposition (i.e., authorized destruction, retention extension or transfer to the RowanSOM Archives).

J. Protected Health Information (PHI):
Protected health information means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual. According to N.J. Administrative Code 13:35-6.5(b) (2008) states that PHI held by Physican Offices must be retain for seven (7) years from the date of the last entry.

• Except as provided paragraph two (2) of this definition that is: a) transmitted by electronic media; b) maintained in electronic media; or c) transmitted or maintained in any other form or medium
• Protected health information excludes individually identifiable health information in: a) education records covered by the Family Educational Rights and Privacy Act (FERPA), as amended, 20 U.S.C. 1232g; b) records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and c) Employment records held by a covered entity in its role as an employer.

K. “Government Entity” - any officer, commission, agency or authority of the State or of any political subdivision thereof, including subordinate boards thereof.

L. “Public Record” - A public record means any paper, written or printed book, document or drawing, map or plan, photograph, microfilm, sound-recording or similar device, or any copy thereof which has been;

1. made or is required by law to be received for filing, indexing, or reproducing by a government entity in the course of entity business, or received and/or retained by a government entity in the course of entity operations.

2. Records scanned and stored under the State of New Jersey, State Records Committee scanning certification are subject to this policy. Records kept in the library special collections are subject to this policy. Records access guidelines outlined in the Federal laws listed below supersede this policy and other State policies:

Health Insurance Portability and Accountability Act (HIPAA)

Family Educational Rights and Privacy Act (FERPA),

M. “Nonrecord Material” - Material that is not included in the definition of a public record. Examples of nonrecord material include; rough notes used to collect or compile data after the data has been included in a record; answer pads for a telephone or other informal notes; stenographers' notes after the information contained therein has been transcribed; non-RowanSOM brochures, newsletters, magazines and newspapers, except those portions of newspapers retained as evidence of publication; personal notes which are not prepared for transacting RowanSOM or government business; materials pertaining solely to an individual's private affairs; extra copies and duplicates, the use of which is temporary; information notes that do not represent significant basic steps in the preparation of the public record copies; unofficial copies of documents kept only for convenience or reference; extra identical copies of a public record; stocks of printed or reproduced documents kept for supply purposes where file copies have been retained for record purposes; unused forms; blank forms; and other material of similar nature. Whenever doubt arises whether certain papers are nonrecord materials, it should be presumed that they are records. Material that is not included in the definition of a public record may be disposed of at the discretion of the custodian or the creator of the document, as applicable, subject to any other RowanSOM policy.

N. “Cubic Feet of Destroyed Records” - The New Jersey Department of State, DARM defines 1 cubic foot as the size of a box of copier paper, and a file draw of records will equal 2 cubic feet.

RECORDS MANAGEMENT

I. INTRODUCTION

Records management is the systematic control of recorded information from creation or receipt, through processing and use, until final disposition. Final disposition will be through destruction or transfer into the RowanSOM Archives. Proper records management satisfies compliance with laws and regulations, and ensures that historically significant records are properly preserved.

This policy provides direction on records management to ensure that RowanSOM complies with federal, state, and other regulatory guidelines. Therefore, RowanSOM faculty and staff shall:
• Retain records according to established Records Retention Schedules
• Maintain active and inactive records in appropriate storage equipment and locations
• Preserve records of historical significance
• Protect sensitive information using secure methods of recordkeeping and disposal
• Identify and protect vital records
• Discard (in an approved manner) records that are no longer required

No employee has, by virtue of his/her position, any personal or property right to official records even though he/she may have helped develop or compile them. The unlawful destruction, removal from files, and personal use of official RowanSOM records is strictly prohibited.

II. LOCAL UNIT’S RESPONSIBILITIES

It is the responsibility of each local unit (department, division, area, etc.) to identify a records management liaison who shall be responsible for ensuring the storage of active records in an appropriate manner which is consistent with this policy. Responsibilities of the local unit include, but are not limited to the following:

1. RowanSOM records, both paper and electronic, must be properly maintained during their retention period. In-house maintenance of records should ensure proper accessibility, security, and protection.

2. Identify an authorized location for storing RowanSOM records within the unit’s custody. Questions regarding proper storage and identifying authorized locations should be directed to the Records Management Program.

3. All RowanSOM employees must ensure that information in confidential or privacy-protected records is protected from unauthorized disclosure through the ultimate disposition of these records. As a normal matter of conducting business, destruction of confidential or privacy- protected records will be done by shredding or pulping. "Deletion" of confidential or privacy-protected information in computer files or other electronic storage media Is not acceptable. Electronic records must be "wiped" clean or the storage media physically destroyed. These methods of destruction are specified in the retention schedules so that records may not be viewed or used by unauthorized persons after they are disposed.

4. Many records can be legally destroyed at the end of their active lives, if there are no audit, legal, fiscal, regulatory or historical reasons for the preservation of the records. Those RowanSOM records designated for destruction (after fulfilling their retention requirement) must be disposed of in an appropriate method. Records containing confidential information should be destroyed by pulping, shredding, or incineration. In accordance with HIPAA regulations, the destruction/disposal of all PHI will be accomplished by shredding, incineration or another comparable fashion that ensures that the PHI cannot be recovered or reconstructed.

5. In the case of electronic records, complete and proper deleting and purging should be performed.

6. Email messages and other electronic business records are considered RowanSOM records and are subject to the same retention requirements as that which govern the management of paper records.

For assistance in determining how to dispose of RowanSOM records and/or to identify appropriate storage locations, local units should contact the Records Management Program.

III. RECORDS MANAGEMENT OFFICE RESPONSIBILITIES

The RowanSOM’s Records Management Office, provides resources and information on the creation, management, transfer and/or disposition of all official RowanSOM records. As a continuing management function, the RowanSOM’s Records Management Coordinator shall provide for the retention of RowanSOM records through the period of their value or legal requirement and for their systematic disposition. Rob Yufer is the Records Retention Manger and Christine Brasteter is the Custodian of Public Records.

Inactive records may be stored in RowanSOM Records Management Center, which offers departments a centralized storage facility where inactive records may be stored, retrieved, and disposed of once the Records Retention Schedule has expired. Exceptions may be granted with the written approval of either the Executive Vice President for Academic Affairs or Senior Vice President for Finance and Administration. Records in the Records Management Center remain under the authority of the depositing department, and may be retrieved by that department upon request. Records stored in the Records Management Center may not be used for research except by the depositing department, or with the written permission of the depositing department, or as otherwise determined by an authorized official. Records may also be retrieved in accordance with all relevant legal or fiscal requirements of RowanSOM.

The services of the Records Management Office are available to all university units. The Records Management Office will:

1. Develop Records Retention Schedules in conjunction with departmental staff and monitor the maintenance of and compliance with those schedules.

2. Assist with inventorying departmental active records and analyzing active departmental record-keeping systems.

3. Manage and operate the Records Management Center, retrieving records upon the request of the depositing department or authorized personnel.

4. Arrange for the appropriate disposal of records stored in the Records Management Center, according to the Records Retention schedules.

5. Assist in the preparation for and protection of RowanSOM records in the event of a disaster.

6. Provide departmental consultations and campus-wide workshops to better educate the RowanSOM community in proper records management principals.

IV. AUDIT

Adherence to proper records storage and to the appropriate Records Retention Schedules is subject to audit by the Internal Audit Department.

V. POLICY

A. RowanSOM will create and maintain complete and accurate records. These records will be managed in an orderly manner that facilitates timely retrieval when necessary. Records stored off site must be stored at a RowanSOM approved facility.

B. The President, Central Administration, and the Dean of each school will appoint a Records Liaison. The Records Liaison will assist the RowanSOM's Custodian of Records in implementing the Records Management policy, and will oversee the implementation and maintenance of the policy within RowanSOM.

C. Records will be retained and destroyed in accordance with all appropriate State and Federal laws and regulations and this policy, including the records retention schedules issued by DARM.

D. Upon satisfaction of the required period of retention, public records may be destroyed only with prior written authorization from DARM.

E. RowanSOM units must obtain and retain a completed Request and Authorization for Records Disposal form, approved by DARM, prior to the destruction of public records. The form must be completed and signed by the school, or unit’s Record Liaison, and the RowanSOM's Records Custodian to implement this policy, prior to submitting the form to DARM.

F. Destruction/disposal of records with protected health information, personal financial or other personal identifying information, intellectual or other proprietary rights shall be accomplished by shredding, incineration or other comparable fashion ensuring that the record cannot be recovered or reconstructed. The disposition of such destruction must be documented on the Request and Authorization for Records Disposal form.

G. Email may be a public record and must be retained in compliance with all applicable State and Federal retention laws and regulations and in accordance with N.J.S.A., Title 47, Public Records, DARM, and N.J.A.C. 15:3 et seq.

H. Electronic records, including but not limited to electronic medical, human resources, and student records, shall be created using the RowanSOM standard software. Mainframes, servers, Personal Computers (PCs), and other devices containing the electronic files must adhere to RowanSOM standards and procedures for data security, business continuity, and disaster recovery. All other RowanSOM procedures, timelines, and requirements for records management and retention shall apply to electronic records.

I. Microfilming and Imaging projects must be certified by DARM in accordance with state regulations NJAC 15:3 and annually renewed.

J. The Vice President of Information Systems and Technology shall be responsible for ensuring that the State of New Jersey State Records Committee Public Records Image Processing System Certificate of Compliance is current.

K. Records which contain confidential and/or proprietary information will be maintained in a secure environment with authorized access, protection against damage or destruction by fire, smoke, water or other means, and meet all State and Federal requirements.

L. All public records are the property of RowanSOM and no employee has any personal or property right to such records regardless of his or her position or authorship.

M. The unauthorized destruction, removal, or use of RowanSOM records is prohibited.

N. The falsification or inappropriate alteration of any public record is prohibited.

O. RowanSOM Office of Compliance will be responsible for performing periodic reviews of selected units and departments of RowanSOM to ensure compliance with this policy. These reviews must occur no less frequently than on an annual basis.

P. The President & Chief Compliance Officer, through the Director of Ethics Programs, will develop and provide general training to the RowanSOM workforce regarding record management policy, procedures and regulatory requirements.

VI. REFERENCES

A. State of New Jersey State Records Committee Certificate of Compliance No. 04071501-NM

B. N.J.S.A. Title 47, Public Records

C. N.J.A.C. 15:3 et seq.

D. State of New Jersey State General Records Retention Schedule

E. State of New Jersey Four Year College Record Retention Schedule

F. State of New Jersey Health Care Facilities Retention Schedule

G. HIPAA

H. FERPA

I. Access to RowanSOM Records

J. Records Retention and Disposition Management System

K. Request and Authorization For Records Disposal Form 

L. Records Retention & Disposition

VII. EXHIBITS

A. State of New Jersey Records Committee Certificate of Compliance No.