Choosing Offsite Records Storage Management
http://outsourcingworld.biz/2010/04/offsite-records-storage-management/
by Outsourcing World
One of the first things to do when deciding on which company to choose when it comes to outsourcing the management of you sensitive data and documents is to visit the premises you are considering to see exactly how things work.
Most storage companies will have a variety of ways to manage and store information. This is due to the types of information that they store. Not all files that are kept by a company will need to be retrieved for use at a later date; therefore, how this information is stored may be different to a system used to store information that is likely to be required again.
Archiving information which is no longer needed for retrieval may be stored in secure boxes so when the times comes where they are no longer required to keep by law, they can be easily destroyed.
Information that may be required for retrieval, such as medical records, can be stored in an open shelving environment so that it is alot easier to find that information when it is needed. It isn’t always necessary to send an employee along to the offsite records storage company to retrieve a document as more often than not, these companies can provide a service where they can deliver this information to you in the space of a few hours.
It would be a good idea to write a list before visiting a storage company with questions so that you know exactly how your information is going to be handled. Find out about what security systems they have in place to ensure the safety of your documents. What security is offered when the end of the working day comes and all of the employers have gone home?
Ask questions relating to how the information is going to be managed. Most storage companies will have a bar-coding system which enables your information to be stored, managed and retrieved easily. You can take a look around the premises to see how this works in action as well as see how where your information will be stored.
Offsite records storage companies store all kinds of different information in a variety of formats for a wide range of companies. On many occasions they hold information with people’s personal details relating to all kinds of different situations. Even for a company to hold medical records will give you a good idea of the type of security that needs to be in place to ensure this information is not lost or damaged.
These companies take on a great responsibility when storing this kind of information, so they fully understand the requirements of the businesses they store documents for. However, it is always still advisable to visit a storage company before you decide which one you will use. This then helps you see everything in action as well as different types of storage and management systems they offer to find out which best will suit your requirements.
Most storage companies will also prove to be more cost effective than managing your own information if you accumulate alot of data which is required by law to store for a number of years. Storing and managing your own information can become quite costly, so outsourcing your records management and storage to a professional company could not only keep your information well managed, but when you look at how much it might cost you for self storage, it is likely you will be saving valuable money by using an off site business.
Compliments of FileMan
Read MoreIron Mountain Reports First Quarter 2010 Financial Results Company delivers 7% revenue growth and 11% increase in Adjusted OIBDA
Iron Mountain Reports First Quarter 2010 Financial Results
Company delivers 7% revenue growth and 11% increase in Adjusted OIBDA
BOSTON, Apr 29, 2010 (BUSINESS WIRE) — –First quarter Adjusted EPS increases 19% to $0.23 per diluted share compared to Q1/2009; reported earnings are $0.12 per diluted share
–Company on track towards solid full-year performance; refines 2010 guidance to reflect impacts of Chilean earthquakes
Iron Mountain Incorporated /quotes/comstock/13*!irm/quotes/nls/irm (IRM 26.31, –1.69, –6.04%) , an information management services company, today reported its financial results for the first quarter ended March 31, 2010. The Company announced 7% revenue growth, in line with expectations, and strong Adjusted OIBDA (defined below) and operating income growth of 11% and 9%, respectively, compared to the first quarter of 2009 (see Appendix B). These results were supported by improved internal revenue growth of 4% and sustainable benefits from operational initiatives which drove strong gross margin gains. Solid operating profit gains and controlled capital expenditures drove $54 million of free cash flow before acquisitions and discretionary investments (FCF) in the first quarter (See Appendix B). The Company refined its full-year 2010 outlook to reflect the impacts of the recent earthquakes on its Chilean business.
“Iron Mountain delivered improved revenue growth and continued strong profit gains and cash flow in the first quarter. We are on track towards solid full-year financial performance,” said Bob Brennan, president and CEO. “We remain focused on improving our growth trajectory in 2010 by driving aggressively against new business opportunities while advancing our long-term strategic agenda.”
Key Financial Highlights — Q1 2010
Iron Mountain reported total consolidated revenues of $777 million for the first quarter, a 7% increase over the prior year period, supported by 4% total internal revenue growth. Storage revenue internal …
Read more here … http://www.marketwatch.com/story/iron-mountain-reports-first-quarter-2010-financial-results-2010–04-29?reflink=MW_news_stmp
Compliments of FileMan Research
Read MoreInsurer rejects claims related to stolen U. medical records
Insurer rejects claims related to stolen U. medical records
Theft » U. still works with Sandy firm whose employee mishandled transport.
By Brian Maffly
The Salt Lake Tribune
Updated: 04/28/2010 07:09:41 PM MDT
A Colorado insurance company contends it is not obligated to cover astronomical costs incurred by the University of Utah in 2008 after car burglars stole medical billings records filed with sensitive personal information on 1.7 million patients.
U. officials want Perpetual Storage to reimburse the university more than $3.3 million. That’s how much the school spent notifying patients of the theft and providing credit monitoring to any who asked, according to a suit filed by the firm’s insurer, Colorado Casualty Insurance Co., in U.S. District Court.
The insurer insists the claim is not covered by Perpetual’s policy and is seeking a judicial ruling to support its position.
“This is not an uncommon thing. Insurance companies don’t want to pay claims,” said Perpetual’s lawyer Steve McMurray. “We will defend this aggressively. We think there is coverage.”
The suit does not challenge the merits of the U.‘s claims and the insurer has retained counsel to defend Perpetual against them, McMurray said. Meanwhile, the U. continues to do business with Perpetual.
“We would be disappointed if a judge rules in favor of the insurance company. We would probably pursue other legal means,” said Chris Nelson, a spokesman for University Hospitals and Clinics. “The hospital has had to bear those costs so we have been aggressive as we can to recoup those costs.”
The money was pulled from clinical revenues over two fiscal years, and the loss
Advertisement
Quantcast
did not affect taxpayers and the university’s academic mission. Still, the expenses meant less was invested in the university’s clinical mission, Nelson said.
Perpetual is a Sandy-based company that specializes in long-term storage of business records, using climate-controlled vaults dug into the granite walls of Little Cottonwood Canyon.
In violation of company policies, a Perpetual courier left electronic U. patient records, stored on magnetic tapes and secured in a metal box, in his personal vehicle overnight in June 2008, police reported. Thieves broke into the car, parked outside a Kearns residence, and made off with the box, whose contents covered 16 years worth of hospital and clinic billings. The records were filled with Social Security numbers, dates of birth and procedure codes that tech-savvy criminals could use to steal patients’ identities.
The theft was Perpetual’s only loss in 40 years of business, McMurray said.
Police arrested the thieves and recovered the tapes a month later, reporting that there was no evidence the records had been compromised or misused.
The heist earned the two culprits jail sentences and restitution limited to the $500 value of the metal box. But the crime was not solved in time to spare the U. the obligation of contacting thousands of patients.
According to the insurer’s suit, the U. claims it generated 6,232 in personnel hours responding to “the Incident” and spent $646,149 on printing and mailing costs and another $81,389 on a phone bank to field more than 11,000 calls over two weeks. But the big hit was nearly $2.5 million for credit-monitoring services for those whose Social Security numbers could have been poached.
“Had [Perpetual] followed their own protocols, this would not have happened,” Nelson said. “That individual was the weak link. The company has served us well and continues to do so.”
After the crime, the university suspended its dealings with Perpetual, stored sensitive materials on campus and sent teams to its vaults to assess their security, Nelson said. Officials decided to resume its relationship with the storage outfit because the its vaults proved safe from thieves and natural disasters.
Compliments of FileMan Research
Read MoreNegotiating an ASP/SaaS Agreement for Storage of Electronic Medical Records
Tuesday, April 20, 2010
Hospitals and other health care providers are converting millions of paper records into digital form, and creating others in original digital form. All these records must be stored somewhere, and health care providers need ready access to them. There are at least two storage options. One is for a hospital to install and operate the necessary software and records database on its own servers; the other is to outsource that function to a host, which will install the software and database on its servers and give the hospital access to them, in an Application Service Provider (ASP) arrangement (also known as Software-as-a-Service or SaaS). The difference between these options is that in the first arrangement, the hospital licenses a product (software); in the second, it subscribes to a service (access to the software and database on the vendor’s servers). The pros and cons of each arrangement are outside the scope of this article. But when a hospital elects an ASP/SaaS arrangement for storage of its patients’ medical records, the implications are quite different from those presented by the use of an ASP/SaaS arrangement by a non-health care entity storing other types of records. This article offers a short summary of those implications, and suggests an approach to dealing with each.
Access to Patient Records. The most significant difference lies in the importance to a health care provider of untrammeled access to its patients’ medical records. In most ASP arrangements, there is a provision in the agreement to the effect that in the event of non-payment or other dispute, the vendor can suspend the customer’s access to its records (no payment, no service, the argument goes). One can understand the vendor’s point of view. But where a hospital is concerned, and lives depend on the information in those records, losing access to them – even temporarily, during the resolution of a dispute — would be untenable. Suggestion: negotiate a provision to the effect that the vendor will not withhold or restrict access to patient records in its possession for any reason, under any circumstances; and where non-payment is concerned, provide that the vendor will not suspend or terminate access in the event of a good faith dispute between the parties of which the hospital gives the vendor notice in writing.
Acceptable Use Policy. ASP arrangements often incorporate by reference an Acceptable Use Policy, or AUP, which provides that under certain circumstances, the vendor may block a health care provider’s access to its system (and thus, its patients’ records). This policy is designed to protect the vendor in the event that a user engages in any one of a variety of unacceptable behaviors that expose the vendor to risk. Those behaviors might include infringing on the intellectual property rights of third parties, engaging in illegal activities, transmitting information that is obscene or violates the privacy rights of third parties, promoting fraudulent financial schemes, interfering with the vendor’s network, etc. A vendor has good reason to take steps to protect itself — but those steps generally include blocking the hospital’s access to the vendor’s system. Suggestion: negotiate a provision limiting the circumstances under which the vendor can block the health care provider’s access to its system to one or more of the following: (i) blocking access by the particular user believed to have violated the AUP, (ii) blocking access when the parties agree that the conduct of the user constitutes criminal activity and the vendor could be found to be engaged in a crime by virtue of providing the hosted services, or (iii) blocking access immediately and with advance written notice to the health care provider, following issuance of a court order permitting the vendor to do so.
Disaster Recovery Plan. Consistent with the notion that it must preserve continuous access to its records, a hospital or health care provider should be sure its ASP vendor is contractually obligated to provide a copy of its disaster recovery plan, that the plan complies with appropriate guidelines for information technology disaster recovery plans and that the vendor provides the hospital or healthcare provider annually and at no charge with a statement from its auditors regarding the vendor’s compliance with its disaster recovery plan.
Sunsetting. In the interest of avoiding disruption in its access to its patients’ records, a hospital or health care provider may want to seek assurances that the ASP vendor will not cease to offer its services in the marketplace (known as “sunsetting”) for some period of time. For example, the hospital may negotiate a provision to the effect that the vendor will provide twelve months’ advance written notice prior to sunsetting any component (or all) of its service, and will not give that notice for three years from the date the arrangement is entered into. The incentive for a vendor to honor a sunsetting provision is a promise to refund to the hospital or health care provider a portion of the fees paid to the vendor in the event it ceases offering its services prematurely, such portion to decline with the passage of time.
Transition Assistance. All relationships come to an end, and a hospital’s access to its patients’ records can become an issue when its relationship with an ASP vendor ends, especially if the end is unexpected or the result of a dispute. Consistent with the notion that it must preserve continuous access to its records, the hospital should negotiate a provision to the effect that upon termination for any reason, the vendor will assist the hospital in the orderly transition to a new vendor. That assistance should take the form of access to the vendor’s system and the vendor’s support of that system for up to six (6) months following termination (or whatever period of time the hospital expects it would need to transition to a new vendor), for which services the hospital can be expected to pay the vendor at its then-current hourly rate.
Indemnification. Finally, there is another distinction between hospitals/health care providers and other companies (banks, for example) entering into ASP arrangements. Many hospitals and health care providers – and not just those associated with universities — are nonprofit organizations. For profit organizations are owned by shareholders or members who accept some level of risk in exchange for the expectation of a return on their investments. One of those risks is that in the event the organization incurs liability in some form, it may be called upon to indemnify those to whom it is liable, resulting in a reduction in the investors’ return. Nonprofit organizations have no shareholders who expect a return on investment. Indeed they are prohibited by law from directing earnings to the private benefit of those interested in their activities. The result is that the financial structure of a nonprofit organization is quite different from that of a for profit organization. Suggestion: in cases in which the hospital or health care provider operates on a nonprofit basis, take the position that it is not in a position to defend, indemnify or hold harmless the ASP vendor from any damages of any kind.
As health care providers accumulate patient records in digital form, the question of where to store them becomes critical, because the party that houses the records controls access to them. When considering storage under an ASP arrangement, health care providers need to be aware of the limitations on access typically found in ASP agreements – and that those limitations can be successfully negotiated.
Anne Davies Newman
Read MoreMissing transfer orders ‘may take years’ to find
Missing transfer orders ‘may take years’ to find
By JULIET O’NEILL, Canwest News ServiceApril 28, 2010
Records of Afghan detainee transfer orders showing whether Canadian military commanders took the risk of torture into account are buried in sea shipping containers and “may take years” to locate, the Military Police Complaints Commission was told yesterday.
The revelation by Major Denis Gagnon emerged when he was closely questioned by lawyer Paul Champ, who said the commission is on the verge of deciding whether it has to suspend public hearings, partly because of missing and delayed documents from the Defence Department.
Gagnon said the documents are “all thrown together in a storage bin, a sea container,” and an assessment of how long it would take to catalogue documents and identify the records requested by the commission may take years.
Earlier, a senior military official testified that some Afghan detainee documents requested by the commission have been delayed to ensure no information gets out that could jeopardize the security of troops in Afghanistan.
“We know full well that Canada’s enemies are ready to use that kind of information against our troops that are deployed there,” Brig. Gen. Richard Blanchette said. “That is why there have been certain delays in producing those documents.”
The commission was also told that Defence officials are screening out documents that military police would not have seen in the course of their duties.
Gagnon said he makes the decision on what military police would have seen based on his personal experience and his knowledge of communications channels within the military chain of command and communications links with the Foreign Affairs Department.
Read more: http://www.montrealgazette.com/news/Missing+transfer+orders+take+years+find/2958734/story.html#ixzz0mPukzgUN
Read MoreIf you want to see my LinkedIn profile, click on this button:
