Below is a step-by-step, basic, electronic records management guide — to help protect those electronic records that need to be protected while allowing access to to those electronic records that need to be shared; to gain value from using various computer applications while addressing compliance and governance standards.
First, clearly define as “documents” all content generated in (for example) GoogleDocs, SharePoint 2013, Dropbox or Box. A document is any analog or digital, formatted, and preserved “container” of structured or unstructured data / information. A document can be word-processed or it can be a spreadsheet, a presentation, a form, a diagnostic image, a video clip, an audio clip, a template of structured data….
Second, for legal and compliance purposes, declare as “records” those “documents” in GoogleDocs, SharePoint 2013, Dropbox or Box that 1) follow a life-cycle (i.e., the “documents” are created or received, maintained, used, and require security, preservation and final disposition, such as destruction); 2) must be assigned a retention schedule; and, 3) the content must be locked once the “document” is declared a “record”. Records are different from documents. All documents are potential records but not vice versa.
Third, and again for legal and compliance purposes, designate all the records as either “official” records or “unofficial” records.
Official records include those documents that were generated / received in GoogleDocs, SharePoint 2013, Dropbox or Box and subsequently declared as records according to the above records characteristics. In addition, official records 4) are created or received as evidence of organizational transactions or events that reflect the business objectives of the organization (e.g., receiving reimbursement for services provided, providing patient care); and, 5) qualify as exercises of legal and / or regulatory obligations and rights (i.e., have evidentiary and / or regulatory value).
Unofficial records include those documents that were generated / received in GoogleDocs, SharePoint 2013, Dropbox or Box and subsequently declared as records according to the above records characteristics. However, unofficial records will NOT further organizational business and / or legal / regulatory needs if the records are retained. Typically, unofficial records are retained only for the period of time in which they are active and useful to a particular person or department. Often organizational retention policies allow unofficial records to be retained for x number of years after last modification, but typically no longer than official records. Examples of unofficial records are (what are typically but erroneously called) working “documents”, draft “documents”, reference “documents”, personal copies of documents or records, and copies of official records for convenience purposes.
Fourth, retain / store all the documents and official / unofficial records in GoogleDocs, SharePoint 2013, Dropbox or Box in separate, physically, but logically-linked electronic repositories. For example, “documents” can be stored on individuals’ hard drives. Once documents are declared “records”, the official records (e.g., patient records [including patient-related text messages / email messages /social media entries], employee records, patient spreadsheets, etc.) must be parsed and placed into a secured electronic repository, similar to the organization’s line-of-business system / systems-of-record repositories; e.g., EHR, Vendor Neutral Archive, financial system) — with audit trails, access controls, etc. The unofficial records (e.g., working documents, reference records, etc.) can be stored on organizational shared drives.