An Electronic Record Retention Policy: No Longer A Luxury

By Sylvia A. Ezenwa, JD

Sylvia A. Ezenwa, JD

In my last article, " The Cost of Destroying Electronic Records " (October 2005), I discussed the sanctions that a court might impose on an orthotics and prosthetics practice, its practitioners, and support staff for the destruction of electronic records relevant to a federal investigation, or pending or reasonably anticipated litigation.

For practitioners and staff in a publicly traded company, sanctions could range from a fine, up to 20 years in prison, or both, as mandated by the Sarbanes-Oxley Act of 2002 ¹ For practitioners and staff in any company—whether public or private—the judge could instruct the jury to infer that the record destroyed contained information unfavorable to your practice. ² The judge could also order your practice to pay the cost of restoring any archival media on which a lost record is stored, not to mention, the reasonable litigation expenses, including attorney's fees, incurred by your opponent in filing a motion for discovery and production of the record. ³

In sum, the goal of every O&P practice, practitioner, and staff member should be to guard against such costs. And the best way to do that is by drafting and enforcing an effective electronic record retention policy. This article will show you how.

Definition of "Record"

A " record " is a document, or transcribed information of any kind, expressed in either ordinary or machine language, which serves as a memorial or permanent evidence of whatever matter the record relates to. Meanwhile, a " document " is an instrument that contains information or ideas expressed in the form of letters or words (e.g., contracts), numbers or figures (e.g., accounting journals and ledgers), or other marks or symbols (e.g., X-rays). ⁴ This means that nearly every document or piece of information in your office can be considered a "record." And since it is often too costly to keep all records, the challenge is to determine which records may be relevant to proving a disputed issue in a future trial; it is only those relevant records that must be retained.

Not too long ago, the management of paper records and documents was the chief concern of most companies. Manila file folders were used for document organization; boxes and file cabinets for temporary storage; and off-site facilities or warehouses for archival. But now, with electronic records fast becoming the norm, document management has evolved into the use of active computer files and folders for organization; electronic databases for temporary storage; and removable media, such as backup tapes and CD-ROMs, for archival. An electronic record retention policy should cover all three— organization, temporary storage, and archival .

Why a Policy is Necessary

As oft-repeated in this article, relevant records should be retained because they can serve as evidence to help bolster your case at a future trial. But equally important, in the event of a natural (e.g., hurricanes and floods) or man-made (e.g., computer viruses and worms) disaster that disrupts your computer network and causes a massive loss of data; it is only the records that are archived on removable media, such as backup tapes, that can be restored and the information contained in them retrieved. Although in some cases of disaster, recovery of data in the computer might be possible, it is very hit-or-miss and may be quite expensive. Thus, backing up crucial data is vital.

How to Draft a Policy

Step 1: Identify which records are relevant.

The first step in drafting an electronic record retention policy is to identify which records are relevant. To do this, make a list of all of the kinds of records that could help prove a disputed issue in a future trial. For example:

• Patient records (e.g., medical and contact information);
• Employee records (e.g., employment applications, performance evaluations, and wage and benefits information);
• Accounting records (e.g., accounting journals and ledgers, budgets, bank deposit slips and statements, cancelled checks, expense reports, inventories, and invoices);
• Corporate records (e.g., annual and quarterly reports, financial statements, articles of incorporation and bylaws, and board and staff meeting minutes);
• Tax records (e.g., federal and state income tax returns, payroll tax returns, property tax returns, and supporting forms and documentation);
• Legal/Insurance records (e.g., vendor contracts, commercial real estate leases, business insurance policies, and Medicare/Medicaid regulatory documents);
• O&P Professional records (e.g., proof of facility accreditation and practitioner certification from the American Board for Certification in Orthotics and Prosthetics (ABC); and proof of state licensure, if applicable).

Step 2: Develop a retention schedule.

The second step in drafting a policy is to develop a retention schedule which stipulates a " retention period " for each kind of record listed in Step 1. A " retention period " refers to how long each kind of record will be kept, both in temporary storage and archives, before being recycled.

The most important factor to consider when determining the retention periods for the kinds of records listed in Step 1 is any applicable state and federal laws, including the " statute of limitations " for filing different kinds of lawsuits. A " statute of limitations " (SOL) is the maximum time allowed by a state or federal law for filing a lawsuit. ⁵

For example: What is an appropriate retention period for federal income tax returns? Well, the SOL for assessment or collection of unpaid taxes by the Internal Revenue Service (IRS) is three years from the date of filing your return; six years if the gross income on your return was misstated by more than 25 percent; and indefinitely if you have filed a false or fraudulent return, willfully evaded paying taxes, or failed to file a return at all. ⁶ Therefore, since the IRS is allowed to sue you for unpaid taxes indefinitely , it would be best to stipulate in your policy that federal tax returns be kept permanently.

An O&P practice is vulnerable to not only malpractice, but also many other kinds of lawsuits, including workers' compensation, wrongful termination, employment discrimination, and sexual harassment. So it is a good idea to develop your retention schedule in consultation with an attorney. Statutes of limitation may vary by state, and often depend on whether a lawsuit is filed under state or federal law. An attorney can help you find and interpret the laws that are most applicable to your profession and specific circumstances.

Besides state and federal laws, other factors you may consider include the cost of archival media and storage, the quantity of data that needs to be stored, plus any other factors that could impact the workability and cost-efficiency of your retention schedule. [Go to www.dbandb.com/Group/pdf/SampleRecordRetentionPolicy.pdf (last visited Sept. 1, 2005) for a sample list of types of records and retention periods].

Step 3: Develop retention procedures.

The final step in developing a policy is two-fold: (1) ascertain from which sources your office either receives or generates information; and then (2) develop a series of procedures for retaining each source of information.

(1) Ascertain your sources of information, such as:

• E-mails and instant messages;
• Faxes (paper and electronic);
• Phone calls and voice mails;
• Internal documents created by word processing and other computer programs;
• External documents received by regular mail, hand-delivered by patients and vendors, or picked up from a remote location.

(2) Develop a series of procedures to:

• Convert paper documents into electronic records using copiers and scanners.
• Choose a location for temporary storage of each source of information. For example, e-mails concerning a particular patient can be saved in an active computer file created for that patient's records for the duration of the retention period.
• Maintain the integrity of electronic records. For example, corporate records can be made "read-only" to prevent alteration by employees.
• Protect the confidentiality of patient records. For example, computers with access to patient records can be protected with complex passwords. All office computers can be protected using Internet security software with firewall, virus, adware, and spyware protection. E-mails with confidential information can be encrypted.
• Install the appropriate technology. For example, use business versions of instant messaging software which allow for archival of messages; consumer versions may not. ⁷

How to Enforce a Policy

Begin enforcement by disseminating your policy to all employees and ensuring that they read and understand it. Courts have intimated that it may be inadequate to simply e-mail employees a copy of an agreement that will substantially affect their rights. For example, an employee's rights may be substantially affected if compliance with a company policy is made a condition of his or her continued employment. So if you choose to mass e-mail your policy to all employees, be sure to request that each employee send a reply e-mail which: (1) acknowledges that he or she read and understood the e-mail (and any attachments); or (2) clearly notes that he or she " accepts " the terms of the policy. Otherwise, hold a staff meeting to announce the implementation of the new policy, and monitor attendance with a sign-in sheet, or simply disburse paper copies of the policy to all employees, and then request that each provide a handwritten signature indicating the acceptance of its terms. ⁸

References:

1. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, §§ 802, 1102.
2. Zubulake v. UBS Warburg LLC, et. al, 02 Civ. 1243, at *20-24, 40, 48 (S.D.N.Y. July 20, 2004) (Loislaw.com, Federal District Court Opinions).
3. Id. at *41, 47-48.
4. Black's Law Dictionary 1273, 481 (6th ed. 1990).
5. Id. at 926-927.
6. I.R.C. § 6501(a), (c), (e).
7. See Jason Krause, Like E-mail, Only Faster, A.B.A. Journal 24 (May 2005).
8. Campbell v. General Dynamics Government Systems Corp., 321 F. Supp. 2d 142, 144-145, 148 (D. Mass. 2004).

Sylvia A. Ezenwa is a lawyer, author, and freelance writer based in Superior, Colorado. She writes regularly on a variety of legal topics for trade and consumer publications. She is licensed to practice law in the state of Texas.

DISCLAIMER: The information in this article is not intended to constitute legal advice. Please consult an attorney regarding your specific situation.

Copyright 2005 Sylvia Ezenwa. Reproduction of any portion of this article in any form is prohibited without the expressed, written consent of the author.

	Protecting O&P Companies from Product Liability - August 2006 Legal EDGE
	Minimizing the Risk of Workplace Litigation - February 2006 Legal EDGE
	After a Disaster: Filing a Business Insurance Claim - January 2006 Legal EDGE
	Natural Disasters: Can Your Practice Survive? - December 2005 Legal EDGE
	The Cost of Destroying Electronic Records - October 2005 Legal EDGE

Table Of Contents - November 2005

	Motivating Your Employees for Higher Productivity Feature
	Achieving Harmony, Motivation in the O&P Workplace Fostering an encouraging work environment leads to increased productivity, enthusiasm, and employee retention. Feature
	Ten Tips for Motivating Yourself Sometimes it’s not enough to motivate your people; at times you may have to motivate yourself too. Feature
	Form, Function Combine in New Hand Prosthesis The real world of unilateral arm amputees and their daily activities reveals that passive cosmetic hands are anything but “passive." Innovations
	Finger Amputees Return to Daily Activities with New Device Innovations
	An Electronic Record Retention Policy: No Longer A Luxury Legal EDGE
	Got FAQs? Got FAQs?
	Scott Anderson, CP Profile
	Lending a Hand (or Foot) Perspective
	From the Editor: Motivating Employees—and Yourself Viewpoint