A Compliance Office receives and generates a substantial volume of documents, and other information, in both electronic and hardcopy format (hereinafter collectively referred to as “records”). Much results from the hotline records management functions, including caller information, follow-up action and investigation reports, as well as internal correspondence related to the resolution process. Certain records must be maintained for given periods of time specified by applicable laws and regulations or by contractual obligations. Other records should either be retained or destroyed according to a standard policy. In developing policies, it is advisable to consult with legal counsel knowledgeable in this area of the law. There may be applicable state laws, court and government actions that specifically limit or dictate terms for such a policy.
Compliant hotline records management requires records related to a specific incident to be retained while an internal review or investigation is ongoing. Other records should be purged periodically. The reason for this policy is to ensure the anonymity and/or confidentiality of all those who report incidents or situations to the Compliance Office. It also avoids the retention of a pool of raw information that could later become part of civil litigation. An important exception to this general policy is that all program policy overview memoranda and meeting minutes should be retained in order to substantiate the existence of a vibrant and effective compliance program.
Learn About Our Confidential Hotline ServicesGet Free Quote & Demo
It is strongly advisable to develop a policy that formalizes the procedures for hotline records retention. This should include rules for retaining records in active or inactive storage, as well as for disposing of records at the conclusion of the retention periods. Specifically, policies should include the following:
- All records will be maintained for the minimum period required by applicable state or federal laws and regulations.
- The Compliance Office will retain records that may substantively affect the obligations of the parent organization or that office.
- The Compliance Office will purge records regularly and methodically pursuant to a standard policy in order to avoid any appearance that the Compliance Office deliberately destroyed records in anticipation of outside review or discovery.
- Records will be secured to protect employee and patient privacy rights, as well as company proprietary information.
- The Compliance Officer, through periodic audits, should ensure that file retention policies and procedures are being followed.
- As determined in the policy and procedures document, files should be periodically reviewed to determine whether it is appropriate to purge at that time, or defer to a later date.
- There should be a written record of each review indicating the date it was made and results of the review, prior to any file being destroyed.
Upon receipt of notice regarding the initiation of an external investigation or the service of legal process, immediate steps must be taken to prevent the destruction of any relevant documents pending further notice that the investigation or litigation has been concluded.
To learn more about managing a cost-effective hotline, click here to view our free webinar.