Literary Warrant for Functional Requirement #10
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation 36 CFR PART 1234 -- Electronic Records Management. Subpart C -- Standards for
the Creation, Use, Preservation, and Disposition of Electronic Records
Pages 01234.20
Extract For electronic records systems that produce, use, or store data files, disposition instructions for the
data shall be incorporated into the system's design.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
8, Telecommunications, 1991
Pages 8-94
Extract Risks and Controls Associated With E-Mail (Controls) * Policy for destruction at destination of
data at predefined intervals
Citation EDI Security, Control, and Audit by Albert J. Marcella, Jr., and Sally Chan (Massachusetts:
Artech House 1993)
Pages 96
Extract Records should be kept long enough to satisfy business (operational, administrative, financial, and
historical), statutory, and regulatory requirements. Records for which no legal requirements exist should
be destroyed after a reasonable period, based on an organization's specific business needs. Some
experts recommend three years as an adequate standard retention period.
Citation "Compliance Guide to Electronic Health Records: A Practical Reference to Legislation, Codes,
Regulations and Industry Standards" by Jonathan P. Tomes, J.D. (Washington, DC: Faulkner &
Gray 1994-95)
Pages 142
Extract D. Upon termination of computer service bureau services for a physician, those computer files
maintained for the physician should be physically turned over to the physician, or destroyed (erased). In
the event of file erasure, the computer service bureau should verify in writing to the physician that the
erasure has taken place.
Citation Performance Guideline for the Legal Acceptance of Records Produced by Information Technology
Systems: "Part II: Performance Guideline for the Acceptance by Government Agencies of Records
Produced by Information Technology Systems;" Technical Report ANSI/AIIM TR31-1993; Association
for Information and Image Management.
Pages 13-14
Extract Uniform Preservation of Private Business Records Act. 2. Period of preservation Unless a specific
period is designated by law for their preservation, business records which persons by the laws of this
state are required to keep or preserve may be destroyed after the expiration of three years from the
making of such records without constituting an offense under such laws.
Citation Johnson, P.L. ISO 9000: meeting the new international standards. 1993.
Pages 65-66
Extract The standard [ISO 9000] outlines a few guidelines for the facility's document control scheme: ... *
To prevent obsolete editions from being used, a procedure must ensure that outdated documents are
promptly discarded.
Citation 41 CFR Sec. 201 - 9.103 Procedures.
Extract (e) Control the creation, maintenance, and use of agency records and the collection and
dissemination of information to ensure that the agency - (1) Does not accumulate unnecessary
records;