Archives, Records Retention and Certificates of Insurance

Archive.

Even the word sounds old, conjuring up an image of dusty bins of old papers consigned to the graveyard of past events. Archives are accumulations of history, source documents of potentially enduring cultural or evidentiary value. They are also a challenge to define and manage.

I've been thinking about archives lately because we are in the process of storing tens of thousands of records, in this case certificates of insurance (COIs), for a large client. All this indexing and organizing is a lot of work, but in the end the company will have a searchable repository useful to risk management and claims administration personnel if ever needed.

So, what's your policy with regards to this task, or with records retention in general? Is it worth the bother? Big business certainly seems to think so, they spend billions of dollars a year on the effort. There's even a name for it – RIM, or Records and Information Management.

Let's start with the obvious – you probably shouldn't archive information without a valid business or legal need. It's simply not a good use of resources. However, in the case of certificates of insurance the landscape is rife with risk manager tales of injury claims popping up years after the alleged event. What was represented in terms of coverage of the Insured at that time? Better check the COI. Wait, do I have one?

The statute of limitations on personal injury claims varies from state to state. In Kentucky or Tennessee you only get one year; Maine and North Dakota give you six. Complicating things further, the type of claim can extend the period available to file. For example, defamation cases and claims involving minors might be granted a longer time limit but medical malpractice claims could be shorter.

Then there's the "discovery of harm" rule. This says that the time period available to file a claim doesn't start until the injury was "discovered." A workman falling from a ladder and not complaining about back pain until five years after the event might be suspect, but a surgeon inadvertently leaving a tool inside the body of a patient and years later causing the patient to experience adverse symptoms is a different story.

As often with the law, things aren't always clear cut. An organization can't keep everything forever, but it also has some responsibility for records retention. There are legal and business risks associated with your RIM policy (or its absence), and your pile of information is probably growing exponentially. Worse, a lot of material is still in paper form, especially COIs.

Do I hear risk assessment? Pull together your team for brainstorming – Risk management, IT, legal and finance. Call in the experts. Set up some rules and enforce them. Don't be left with exposures that your otherwise well-run organization would find unacceptable.

It's never too late to get started.