HHS Policy for Electronic Mail (Email) Records Management
Office of the Chief Information Officer
Office of the Assistant Secretary for Administration
U.S. Department of Health and Human Service
December 29, 2016
Table of Contents
- Nature of Changes
- Background/Significant Changes
- Policy for Electronic Mail (Email) Records Management
- Systems Requirements
- Access Requirements
- Disposition Requirements
- Roles and Responsibilities
- Applicable Laws/Guidance
- Additional Information and Assistance
- Effective Date/Implementation
Document Revision History
|Version Number||Release Date||Summary of Changes||Section Number/
|Changes Made By|
The Office of the Chief Information Officer (OCIO) is responsible for development and management of the U.S. Department of Health & Human Services’ (HHS) Policy for Electronic Mail (Email) Records Management. Please send any recommended changes via email to email@example.com.
1. Nature of Changes
This policy supersedes and replaces HHS-OCIO-2008-0002.001, HHS OCIO Policy for Records Management for Emails, dated May 15, 2008.
This policy implements the General Records Schedule (GRS) 6.1, Email Managed under a Capstone Approach and identifies its authorities, scope and objectives.
3. Background/Significant Changes
This policy implements Office of Management and Budget (OMB M-12-18, Part I, Goal 1.2. HHS will manage all email records in an appropriate electronic recordkeeping system that supports records management and litigation requirements (which may include preservation-in-place models), including the capability to identify, retrieve, and retain the records for as long as they are required. This policy also addresses recordkeeping requirements when using personal or non-HHS communication tools to conduct HHS business.
HHS employees are responsible for the creation or receipt, maintenance, use and disposition of federal records. Users are required to use the retention policy in the email system to manage email that are official records and remove email records that are non-records.
The Capstone policy applies to all HHS Operating Divisions (OpDivs), Staff Divisions (StaffDivs) and contractors conducting business for, and on behalf of the Department through contractual relationships and service level agreements. OpDivs that wish to apply this GRS in part must ensure that all other email records are covered by another National Archives and Records Administration (NARA) approved disposition authority. OpDivs not managing any of their email under the Capstone approach are responsible for managing their email by applying NARA‐approved records schedules. OpDivs may develop and implement more specific policies and procedures consistent with the overarching Email Records Management Policy. The supplemental preservation requirements that apply to HHS records and other documentary materials that are potentially relevant for litigation, investigations and audit matters may be found in the HHS Policy for Records Holds.
This policy does not supersede any other applicable law, court order, existing labor management agreement, and more stringent retention standard or agency directive, to include the HHS Policy for Records Holds in effect as of the date of this policy.
NOTE: Currently, Capstone applies only to email records, as defined in this policy. All other records, including paper, electronic, or other media are governed by the GRS or agency records schedule.
5. Policy for Electronic Mail (Email) Records Management
5.1 Electronic Mail (Email):
5.1.1 Email often meets the definition of a federal record as provided in the Federal Records Act (44 U.S.C., 3301) which includes: all traditional forms of records, regardless of physical form or characteristics, including information created, manipulated, communicated, or stored in digital or electronic form.
5.1.2 Implementation of the “Capstone” approach.
- Under the Capstone approach, OpDivs will manage email records based on the role of the account holder rather than on the content of each email record. Capstone officials include all those listed on an approved NARA Form 1005 (NA 1005), Verification for Implementing GRS 6.1. This includes those officials in an acting capacity for any of the positions listed on the NA 1005 longer than 60 days. The form serves as a list of permanent Capstone officials for implementation of item 010 and a list of positions excluded from implementation of items 011 and 012 of GRS 6.1.
- Email records captured and managed under the Capstone approach must use an existing records retention schedule or maintained as unscheduled records until the approval of the NA 1005. OpDivs will not implement GRS 6.1 until NARA reviews and approves the submission. Once approved, OpDivs will implement retention and disposition of email records accordingly.
- The verification process will require OpDivs implementing GRS 6.1, Email Managed under a Capstone approach, to submit a NA1005 to the Department Records Officer (RO). The Department RO will review and forward to NARA to receive approval prior to implementation of any items of this GRS.
- The verification process for identifying Capstone officials is located in the record description of GRS 6.1. The section defines the ten categories of senior officials provided in the definition of Capstone (permanent) accounts in item 010 of the GRS. These definitions acknowledge that different OpDivs often have different titles for similar positions which are meant to assist OpDivs in properly identifying senior officials within their OpDivs that correlate to each category.
NOTE: Cabinet level agencies implementing a Capstone approach that includes their components/operatives must apply the definition of “Capstone Official” to each component individually. In these cases, each component/operative is considered a separate agency in terms of the definition of Capstone officials. A component/operative of a cabinet level agency may implement a Capstone approach independent of their department, but must also conform to the entirety of this definition.
5.1.3 Email records are captured and managed according to user role using the following retention approach:
- Email Records of Designated Capstone Officials. Email records (email messages and attachments, calendar appointments, and tasks captured by the electronic recordkeeping system) from designated Capstone official’s email accounts must be retained as permanent. These email records will be transferred to the NARA according to General Record Schedule 6.1, Section 010. Each OpDiv RO will maintain an official list of Capstone officials’ email accounts and will forward a copy of the list to the Department RO annually.
- Email Records Captured from Email Accounts Not Designated as Capstone Officials. Email records (email messages and attachments, appointments, and tasks captured by the OpDiv electronic recordkeeping system) of all other OpDiv account holders will be retained as temporary according to General Record Schedule 6.1, Sections 011 or 012 and destroyed within the electronic recordkeeping system. If GRS 6.1 is not used, a NARA approved agency records disposition schedule must be followed. (NOTE: Preclude records under preservation obligation, such as litigation hold).
5.1.4 Non-Record Emails. HHS employees may delete “non-record” emails not containing any information documenting HHS actions or activities. Non-records include; non-business related, personal, broadcast messages (e.g., HHS messages to all staff) and advertisement. (NOTE: Preclude records under preservation obligation, such as litigation hold).
5.1.5 Transitory Email Records. Transitory records are records of short-term (180 days or less) interest which have minimal or no documentary or evidential value. Email records that are transitory may be deleted when no longer needed. (NOTE: Preclude records under preservation obligation, such as litigation hold).
5.1.6 Managing Email Records Manually. When automated tools or features are not available within the email system to auto-categorize folders and emails, employees must manually create folders within their email inbox and manage records by record type or records disposition dates. (NOTE: For best retention and disposition practices, a folder should be created for each record type the employee creates. Additionally sub-folders may be created to manage records into more specific categories).
5.1.7 Email Retained with Related Records. When business needs require email records to be retained within another electronic recordkeeping system (such as part of a case file), you should also keep a copy of the email with those files. Capstone does not replace existing business practices that require email messages and other related records to be retained together in established electronic recordkeeping systems.
5.1.8 Search and Auditing of System. System-wide email searches may be conducted by OpDiv designated IT personnel with the approval of the General Counsel or Chief Information Officer as part of an internal or external investigation or in response to an access request as needed.
5.1.9 Unauthorized Destruction of Email Records and Reporting Loss. OpDivs will have data/records backup procedures in place. If there’s an instance of unauthorized destruction of email records, the user should first contact their supervisor and then the IT Helpdesk to attempt recovery. If recovery is not possible, the user or office must report the incident to the HHS or OpDiv RO. The RO will subsequently report the incident to the Chief Records Officer for the U.S. Government. Per 36 CFR 1230.14, the report should describe the records, the circumstances in which the unauthorized destruction took place and the corrective steps being taken to properly manage the records in the future.
5.2 Using of Unauthorized External Information Systems to Conduct Department Business. Transmission of HHS “sensitive” information via personal email is prohibited. In the interest of both protecting HHS employee’s personal privacy and increasing transparency for the public, HHS employees assigned an HHS provided computer, email or online storage account must use those government provided resources for conducting any and all official business. Under no circumstances should HHS employees conduct official business using personal computer, email or personal online storage accounts if a federally owned or federally contracted alternative is assigned to them.
5.3 Email Records Management (Capstone) Training. Each HHS OpDiv must provide email records management (Capstone) training to all appropriate staff to ensure they are aware of their responsibilities to maintain and safeguard agency email records, including the obligations under this Policy and the HHS Records Holds Policy.
5.4 New Employees Orientation. HHS employees whose positions has been designated as Capstone (permanent) must receive an initial and departure briefing as part of their training on their email records management responsibilities.
5.5 Annual Training. HHS personnel must complete Records Management training annually, which must include a section on email records management (Capstone Approach).
6. Systems Requirements
6.1 OpDivs must have automated or manual systems in place that produce, manage, and preserve email records in an acceptable electronic format until disposition can be executed. Additionally, systems must support the implementation of agency policies and provide access to email records throughout their lifecycle. (NOTE: Preclude records with preservation obligation, such as litigation hold).
6.2 Systems and business processes must support the management of email records in accordance with all applicable requirements including the manual or automatic execution of their disposition whether using a Capstone-based or content-based record schedule.
7. Access Requirements
7.1 Email records must remain usable and retrievable throughout their lifecycle. Access supports an agency’s ability to carry out its business functions. Access must address internal agency needs and accommodate responses to requests for information.
7.2 Email records must be maintained in a system that preserves their content, context and structure, protects against their unauthorized loss or destruction, and ensures that they remain discoverable, retrievable, and usable for the period specified in their retention schedule.
8. Disposition Requirements
8.1 OpDivs must have a NARA-approved schedule in place to be able to carry out the disposition of permanent and temporary email records – using either agency-specific schedules or GRS) 6.1: Email Managed under a Capstone approach.
8.2 HHS, OpDivs must identify appropriate retention periods for email records and implemented systems and policies to support the disposition as specified in an approved records schedule.
9. Roles and Responsibilities
9.1 OpDiv ROs:
9.1.1 Evaluate and assign positions as Capstone or Non-Capstone and forward to the Department RO. Send your email account designations to your respective OCIO point of contact.
9.1.2 Ensures that Capstone designations are kept current with organization changes.
9.1.3 Provide training to OpDiv staff on Capstone records management implementation.
9.1.4 Ensure NARA-approved schedules are in place that identifies systems that contain Federal email records.
9.1.5 Transfer permanent email records to the NARA in accordance with approved records schedules and applicable laws, regulations, and NARA Transfer Guidance.
9.2 OpDiv and StaffDiv Records Managers (RM) and Records Liaison Officers (RLO): Monitor personnel changes within their offices and inform Record Officers of changes relevant to Capstone status designations.
9.3 HHS OCIO and OpDiv Information Technology Offices:
9.3.1 Ensure email systems retain components of email messages identified in RFC 5322 including email attachments.
9.3.2 Ensure current and departed employees email records remain accessible throughout the record’s lifecycle as determined by the records schedule or legal hold, whichever is longer.
9.3.3 Ensure searches across multiple email accounts or multiple systems to find emails needed for agency business.
9.3.4 Prevent unauthorized access, modification, or destruction of email records.
9.3.5 Ensure supervisor annotate new employee’s level of employment is captured on new email account form (designated as Capstone or Non-Capstone) and is used to determine the employees email records disposition (i.e. administrative, supervisor, manager, Senior Executive Service (SES) member, or Political Appointee).
9.4 HHS Personnel (Employees, Contractors, Interns and Fellows):
9.4.1 Obtain basic records management training and training on how to use the email system.
9.4.2 Recognize the difference between record and non-record material and maintain email records accordingly, to the extent practicable.
9.4.3 Use the HHS email system for all business purposes. This policy applies to all user accounts that the employee uses or monitors.
9.4.4 When a change in supervisory or management status occurs, employees must disclose this change to the OpDiv or StaffDiv RO. In-turn, the ROs will notify OCIO of the change.
9.4.5 Notify your OpDiv RO if you receive a large number of permanent records to determine whether your account should be redesignated as Capstone permanent.
9.4.6 Comply with the requirements of this policy including requirements related to email preservation.
9.4.7 All HHS account holders are responsible for recognizing that the information they create while conducting HHS business are records. Additional information about records management responsibilities may be found in HHS Records Management Policy.
10. Applicable Laws/Guidance
- 36 CFR Chapter XII, Subchapter B – Agency Records Management Responsibilities
- 36 CFR Chapter XII, Subchapter C – Electronic Records Management
- 44 U.S.C. Chapter 21 – National Archives and Records Administration
- 44 U.S.C. Chapter 29 – Records Management by the Archivist of the United States
- 44 U.S.C. Chapter 31 – Records Management by Federal Agencies
- 44 U.S.C. Chapter 33 – Disposal of Records
- OMB M-12-18, Managing Government Records Directive
- General Record Schedule 6.1: Email Managed under a Capstone Approach http://www.archives.gov/records-mgmt/grs/grs06-1.pdf
- HHS Policy for Records Holds
11. Additional Information and Assistance
For additional information about this Policy, please contact the Department’s RO at (202) 690-5521 or firstname.lastname@example.org.
12. Effective Date/Implementation
The effective date of this policy is the date the policy is approved.
These policies and procedures will not be implemented in any recognized bargaining unit until the union has been provided notice of the proposed changes and given an opportunity to fully exercise its representational rights.
The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary’s policy statement dated August 7, 1997, as amended, titled “Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations.”
It is HHS’s policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department’s plans, projects, programs and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.
Darius Taylor Date
Department Records Officer
Beth Anne Killoran Date
Deputy Assistant Secretary for Information Technology
and Chief Information Officer
Attachment 1 - Glossary
Capstone – An approach to managing email where agencies must identify those email accounts most likely to contain records that should be preserved as permanent. Agencies will determine Capstone accounts based on their business needs. They should identify the accounts of individuals who, by virtue of their work, office, or position, are likely to create or receive permanently valuable Federal records. Capstone officials will generally be the top-level senior officials of an agency, but may also be other key decision makers at lower levels of the agency.
Capstone Official – Senior officials designated by account level or by email or by email addresses, whether the addresses are based on an individual’s name, title, a group, or a specific program function.
Control and Custody of Records – HHS records/materials are the property of the Federal government, not the property of individual employees or contractors acting as an agent for the government, and may not be removed from the Department without proper authority. All employees/contractors shall maintain records and non-record documentary materials separately from one another.
Culling – The act of removing or deleting material prior to disposition. This may include deleting non-record email [e.g., email blast (such as agency-wide communications), spam, and personal email (records belonging to an individual and not related to agency business)], and transitory email records (records of short-term interest or that have minimal documentary or evidentiary value).
Electronic Mail (Email) – All traditional forms of records, regardless of physical form or characteristics, including information created, manipulated, communicated, or stored in digital or electronic form.
Electronic Messages – Electronic mail and other electronic messaging systems that are used for purposes of communicating between individuals.
Electronic Mail (Email) System – A computer application used to create, receive, and transmit messages and other documents. Excluded from this definition are file transfer utilities (software that transmit files between users but does not retain any transmission data), data systems used to collect and process data that have been organized into data files or databases on either personal computers or mainframe computers, and word processing documents not transmitted on an email system. (36 CFR 1236.2)
Electronic Records – Any information that is recorded in a form that only a computer can process and that satisfies the definition of a federal record in 44 U.S.C. 3301. Electronic records include numeric, graphic and text information, which may be recorded on any medium capable of being read by a computer and which satisfies the definition of a record.
This includes, but is not limited to, magnetic media, such as tapes and disks, and optical disks. Unless otherwise noted, these requirements apply to all electronic records systems, whether on microcomputers, minicomputers, or mainframe computers, regardless of storage media, in network or stand-alone configurations.
Electronic Records Keeping System – An electronic system in which records are collected, organized and categorized to facilitate their preservation, retrieval, use and disposition.
Preservation In-Place – Protects and secures electronically stored information (ESI) from accidental deletion prior to collection. (NOTE: This is usually in reference to a litigation hold).