RECORDS MANAGEMENT POLICY · 2.0 BACKGROUND AND OTHER INFORMATION . The importance of sound records...

RECORDS MANAGEMENT POLICY

DOCUMENT INFORMATION

CATEGORY: Policy THEME: Information

DOCUMENT REFERENCE: 7.07 POLICY LEAD: Medical Director

APPROVAL DATE: 27 April 2017

APPROVAL BODY: Quality Committee

BOARD RATIFICATION DATE: 11 May 2017

FINAL REVIEW DATE: 31 May 2020

CONTENTS

Section Page 1.0 Policy Statement 3

2.0 Background & Other Information 3

3.0 Legal and Professional Obligations 4

4.0 Roles and Responsibilities 5

5.0 Risk and Incident Reporting 6

6.0 Information Governance 6

7.0 Confidentiality and Data Protection 6

8.0 Freedom of Information Act 2000 8

9.0 Equality, Diversity and Human Rights Act 1998 8

10.0 General Principles 8

11.0 Records Management 9

12.0 Process for Efficient Storage 11

13.0 Retention and Disposal Schedules 12

14.0 Transportation of Records 12

15.0 Records Management Audit 12

16.0 Training 13

17.0 Strategy Objectives 13

18.0 References 14

Appendix 1 Retention Schedule 15

Appendix 2 Corporate Records Audit Tool 33

1.0 POLICY STATEMENT

1.1 The purpose of a records management policy is to have a systematic and planned approach for the management of records, to minimise the level of risk attributed to the records activity, continually improve the records management process and to reduce duplication.

(Ref. Risk Management Policy No 4.18).

1.2 Three key areas are identified, these being:

Confidentiality Information is required to be 'fit for the purpose', access confined to those with specified authority to hear, view, process and store information.

Integrity Systems are operating correctly according to their specification and in the way users believe them to be operating.

Availability Information is delivered to the right person when it is needed.

(Ref. Information Security & Data Protection Policy No 7.03)

1.3 The Records Management: NHS Code of Practice for Health and Social Care 2016 has been published by the Information Governance Alliance (IGA) for the Department of Health as a guide to use in relation to the practice of managing records. The code is relevant to organisations who work within, or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.

1.4 This policy relates to all clinical and non-clinical records held in any format

by the Trust. These include: • All administrative records (e.g. personnel, estates, financial, notes

associated with complaints, etc.); and • All patient health records

1.5 Records Management is a discipline which utilises an administrative system

to direct or control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally safe, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are:

• Record creation • Record keeping • Record maintenance (including tracking of record movements)

• Access and disclosure • Closure and transfer • Appraisal • Archiving and Disposal

1.6 Information is a corporate asset. The Trust’s records are important sources

of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.

1.7 This policy is not intended to act as a stand-alone document and therefore

should be read in conjunction with current national publications and local policies as listed in references, page 14.

2.0 BACKGROUND AND OTHER INFORMATION The importance of sound records management practice in the NHS:

2.1 Records management is most effective when it is regarded as a professional activity requiring specific expertise.

2.2 Trust records are its corporate memory, providing evidence of actions and

decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision making, protect the interests of the Trust and the rights of patients, staff and members of the public. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways. The information is only useable if it is correctly and legibly recorded in the first place, is regularly updated and is easily accessible when it is needed.

2.3 The Trust Board has adopted this Records Management Policy and is

committed to ongoing improvement of its records management functions as it believes that it will gain a number of organisational benefits. These include:-

• Better use of physical and server space • Better use of staff time • Improved control of valuable information resources • Reduce costs • Support patient care and continuity of care. • Support evidence based clinical practice. • Support day-to-day business which underpins the delivery of care. • To meet legal requirements, including requests from patients under

subject access provisions of the current Data Protection Act legislation or the Freedom of Information Act 2000.

• To assist clinical and other types of audits.

• Whenever and wherever there is a justified need for information and in whatever media it is required.

• To support patient choice and control over treatment and services designed around patients.

3.0 LEGAL AND PROFESSIONAL OBLIGATIONS

3.1 All NHS records are public records which are detailed within the Public Records Act. The Trust will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular:

• The Public Records Act 1958 • The Data Protection legislation • The Freedom of Information Act 2000 • The Common Law Duty of Confidentiality; and • The NHS Confidentiality Code of Practice • Any new legislation affecting records management as it arises.

3.2 The National Archives is the body that is responsible for advising on the

management of all types of public records, including NHS records. The National Archives has general oversight of the arrangements for the permanent preservation of records in local records offices, which have been formally approved by them as places of deposit,

4.0 ROLES AND RESPONSIBILITIES

4.1 The Chief Executive has overall responsibility for records management in

the Trust. As accountable officer they are responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required.

4.2 The Caldicott Guardian is currently the Medical Director and has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.

4.3 Local Managers The responsibility for local records management is

devolved to the relevant directors, directorate heads and department managers. Heads of Departments, other areas and business functions within the Trust have overall responsibility for the management of records generated by their activities, i.e. for ensuring that records controlled within their area are managed in a way which meets the Trust’s records management policies.

4.4 All staff whether clinical or administrative, who create, receive and use

records have records management responsibilities. In particular all staff

must ensure that they keep appropriate records of their work in the Trust and manage those records in keeping with this policy and with any guidance subsequently produced. Failure to comply with the policy may result in the invocation of the performance management procedure or disciplinary action.

4.5 Other legal obligations exist in respect of particular classes of records, especially those containing personal information. (See appendix on page 14)

5.0 RISK & INCIDENT REPORTING

5.1 Risk management involves a two-stage approach to identifying both the points at which risk occurs in a system and solutions to reduce those risks. The first depends on reporting adverse incidents and near misses; the second depends on the systems, structures and processes linked to the incident.

5.2 Any incidents of non-compliance with this policy (e.g. lost records, breach of

confidentiality, incorrect destruction of records, failure in filing system etc.) must be reported via the Trust’s Incident Reporting System.

(Ref: Incident Reporting Policy & Guidance Policy No 5.1)

6.0 INFORMATION GOVERNANCE

Information Governance ensures that organisations and individuals guarantee that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care, it provides a consistent way for employees to deal with the many different information handling requirements, including:

• Information Quality Assurance • The NHS Confidentiality Code of Practice • Information Security Assurance • CurrentData Protection Legislation • Records Management • The Freedom of Information Act 2000

7.0 CONFIDENTIALITY AND DATA PROTECTION

7.1 All NHS bodies and those carrying out functions on behalf of the NHS, have a common law duty of confidentiality. Everyone working for or with the NHS who records, handles, stores or otherwise, comes across sensitive information has a personal common law duty of confidentiality to patients and to his or her employer. The duty of confidence continues even after death of the patient or after an employee or contractor has left the NHS. Trust employees (including temporary, agency, sub contractors

etc.) are advised of their responsibility to deal with any information in a confidential manner. This is a mandatory requirement and is detailed on all Trust Job Descriptions and contracts.

(Ref: Confidentiality of Patient & Employee Personal Information Policy No 7.01)

7.2 A breach in duty of confidentiality has the potential to give rise to an action for damages and could also constitute gross misconduct for the employee and result in further action and possible dismissal.

7.3 A duty of confidentiality arises when one person discloses to another

(e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held confidentially. It is:-

• A legal obligation that is derived from case law; • A requirement established within professional codes of conduct, and; • Must be included within NHS employment contracts as a specific

requirement linked to disciplinary procedures.

7.4 In general, any personal information given or received in confidence for one purpose may not be used for a different purpose or passed to anyone else without the consent of the provider of the information (given that there is no obvious therapeutic benefit an appropriate consent form must be used). This duty of confidentiality is long established in common law. However, it is not an absolute duty and can be subject to an overriding public interest. Medical, historical and epidemiological research is based on patient information; usually the information is anonymised so those individual patients cannot be identified. In these cases, the use of information is generally accepted as being not compatible with the duty of confidentiality. Where identifiable information is used, in the absence of consent (express or implied), it is necessary to consider whether any public interest in the research outweighs the duty of confidentiality, having regard to all the circumstances. The ethics committee must first approve any research using patient records.

7.5 The Caldicott Committee recommends that NHS organisations should be held accountable through Clinical Governance procedures, for continuously improving confidentiality and security procedures governing access to and storage of clinical information.

(Ref: Information Security & Data Protection policy No 7.03).

7.6 The implementation of the Data Protection Law applies to both, patient and employee information, covers all identifiable information including computerised and manual personal data, establishes a set of principles within which users of personal information must comply. The legislation imposes statutory restrictions on the use of personal information, including health information. All individual members of staff are responsible for ensuring that they comply with the Data Protection Law.

7.7 The NHS Confidentiality Code of Practice (COP) applies only to patient information. The COP incorporates the requirements of the Data Protection Law and other relevant legislation together with the findings of the Caldicott report, in some cases extending statutory requirements, and provides detailed specific guidance.

8.0 FREEDOM OF INFORMATION ACT 2000

The Freedom of Information Act 2000 (FOIA) is an Act which makes legal provision and creates a legal gateway and timetable for the disclosure, to the public, of certain corporate information held by this Trust. It gives the public:

• The right to be told whether information exists. • The right to receive the information.

It sets out exemptions from that right and places a series of obligations on Public Authorities. Any discussion concerning non-disclosure must be conveyed in writing; quoting the relevant exemption together with signposting to internal and external methods of complaint. The FOIA will lead to greater openness concerning NHS administrative records, but the disclosure of health records will continue to be dealt with along the lines of current common law and legislative provision in particular the Data Protection Act 1998. Local guidance on FOIA can be obtained from the Associate Director of Corporate Governance.

9.0 EQUALITY, DIVERSITY & HUMAN RIGHTS ACT 1998

The records management policies and strategies, within the Trust, will not infringe the convention rights of an individual under the articles of the Human Rights Act. An equality impact assessment has been undertaken for this policy with no potential or adverse impact identified.

10.0 GENERAL PRINCIPLES

10.1 Good record keeping ensures that:-

• Records are available when needed so work can be undertaken with maximum efficiency without having to waste time searching for information.

• There is an ‘audit trail’, which enables any record entry to be traced to

a named individual of a given date/time with a signature.

• All alterations must also be able to be traced in a similar way as the previous point.

• Those accessing the record can see what has been done, or not done

and why.

• Any decisions can be justified or reconsidered at a later date.

10.2 This is vitally important in cases such as:

• Providing patient care

• Clinical liability

• Parliamentary accountability

• Purchasing and contract or service agreement management

• Financial accountability

• Complaints & claims

10.3 It is therefore imperative that;

• Important, relevant, and complete information is recorded.

• Entries are legible in black ink, so that they can easily be read and reproduced when required.

• Entries into clinical (and certain other) records are dated, timed and

signed.

• Where it is necessary to share information this should be done orally rather than by copying the records in order to reduce the risk of breach of confidentiality.

• Records are suitably disposed of (subject to national and local

retention periods). 11.0 RECORDS MANAGEMENT

11.1 The term Records Life Cycle describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation

11.2 In this policy, Records are defined as ‘recorded information, in any form, created or received and maintained by the Trust in the transaction of its business or conduct of affairs and kept as evidence of such activity’.

11.3 Clinical records, including electronic ones such as the Electronic Patient Record (EPR), are routinely created and logged in the Trust tracer system for each patient when they first visit a clinician. A unique identifier e.g. the NHS number, is normally allocated to patients with their name, address, date of birth, their general practitioner and other data used as additional cross checks. With the development of EPR there will be a need to identify every item which is patient related with the relevant NHS number to provide the necessary links through all electronic records.

(Ref: Policy on Health Records Management & Standards No 7.17)

11.4 Non clinical records, not every administrative record needs to be logged.

Logging will depend on the organisation’s business need to maintain accountable records of particular activities, its information needs, how many records there are on that particular topic or in that series and on any legal obligations for registration with third parties, such as the Data Protection Act.

11.5 The requirements for recording information are:

• Legibility; • Timeliness; • Accuracy; • Completeness; • Provision of an audit trail.

11.6 The requirement of logging is:

• The file title must be unique; • The reference identifier assigned to each file must be unique; • Both must be relevant to and easily understood by all users; • Details must be recorded both on the file cover and in the log; • Patient records must be logged on the Trust electronic tracer system.

11.7 As a minimum the file description must identify:

• Its title; • Its identifier (e.g. number or prefix used in register); • The date it was logged (opened or created); • The date it is due to be closed and reviewed, destroyed or archived.

12.0 PROCESS FOR EFFICIENT STORAGE

12.1 Records must be accessible and retrievable when and where required. When a paper record is in constant or regular use, or is likely to be needed quickly, it makes sense to keep it within the department responsible for the related work. This enables information to be speedily and appropriately filed, so that it can be retrieved when it is next required.

12.2 Electronic records must be maintained in a system that ensures they are

properly stored and protected throughout their life cycle, including migration across systems.

12.3 The movement and location of records must be controlled to ensure that a

record can be easily retrieved at any time, that any outstanding issues can be dealt with, and that there is an auditable trail of record transactions.

12.4 Records must always be kept securely and when a room containing records

is left unattended, it should be locked. A sensible balance should be achieved between the needs for security and accessibility.

12.5 Storage accommodation for current records must be clean and tidy, prevent

damage to the records and provide a safe working environment for staff.

12.6 Electronic records have been used for many years and courts will accept these as evidence (we must not forget the “best evidence” rule which is that where a paper record exists, it will be expected to be produced. If it does not exist then the electronic form becomes the best evidence). With the advancement of new technology transfer of information to electronic format has become much easier. Maintenance in terms of back-up and planned migration to new platforms must be designed and scheduled to ensure continuing access to readable information.

Electronic processing of information is a cost effective way to capture and store images of otherwise bulky or deteriorating archival material to:

• Minimise storage costs of materials, which would otherwise face

destruction.

• Make copies available for other users (such as for release to Solicitors, Patient’s, other Trusts, Prison Service etc.) whilst safeguarding the original.

• Reduce the storage space occupied by low activity paper records.

12.7 Increasingly, information technology is being introduced into the workplace.

For instance, if an electronic document is to be produced as evidence in court cases, it will only be accepted if assurances can be given that the computer was not misused and was operating properly at the time the record was produced.

12.8 The principles of good record management practice apply equally to

records created manually and electronically.

12.9 The Trust uses all of these methods of storage and needs to ensure that robust procedures are in place to ensure the appropriate levels of security and accessibility.

13.0 RETENTION and DISPOSAL SCHEDULES

13.1 It is a fundamental requirement that all of the Trust’s records are retained

for a minimum period of time for legal, operational, research and safety reasons. The length of time for retaining records will depend on the type of record and its importance to the Trust’s business functions.

13.2 Records, both paper and electronic, should not be kept for longer than

necessary. 13.3 The Trust has adopted the retention periods set out in the Records

Management: NHS Code or Practice for Health and Social Care 2016. (A retention table is available as appendix A)

To see the full Records Management: NHS Code of Practice for Health and Social Care 2016, please click on this link hhttps://digital.nhs.uk/information-governance-alliance

14.0 TRANSPORTATION OF RECORDS

Patient records and confidential documentation when transported between hospitals, wards, departments etc. via internal post will be transported in the purpose made document bags with seals (Ref: Trust Guidance on Transport of Medical Documentation). If you are transporting records in person you are reminded of your duty of confidence and it is your responsibility to ensure that the records are kept securely.

15.0 RECORDS MANAGEMENT AUDIT 15.1 The Trust will regularly audit compliance with the Records Management

Policy and Supporting Guidance. This process will take place at least annually.

15.2 The audit will:

http://systems.digital.nhs.uk/infogov/iga/rmcop16718.pdf

• Assess compliance with the Records Management Policy and Supporting

Guidance; • Include spot checks in a selection of departments to ensure that records

are created, filed, stored, retrieved, scanned and disposed of in line with the policy;

• Highlight where non-conformance to the procedures is occurring and recommend a tightening of controls as required ensuring sound records management.

15.3 The results of audits and any recommendations arising from them will be

reported to the Trust Board or delegated sub group.

15.4 An example of corporate audit records tool is included in Appendix 2.

16.0 TRAINING

16.1 All Trust staff will be made aware of their responsibilities for record- keeping and record management through this policy and the Information Governance Training Tool.

17.0 STRATEGIC OBJECTIVES

• To raise the profile of records management

• To assess the current position of record keeping within the Trust and develop

a records management programme.

• To develop professional and generic standards and ensure best practice in record management throughout the Trust.

• To ensure maintenance of record keeping and management, in line with legal

requirements.

• To include records management in Trust business objectives and plans, to ensure appropriate resource allocation.

• To promote, both internally and externally, an awareness of the current rules

on records management related issues, such as data protection and access to patient information by staff and/or third parties.

• To ensure that consistent and appropriate policies and procedures are in

place and adhered to in order to meet legal and moral obligations in respect of records.

• To ensure that any individual/specific record management policies and

strategies are developed within the Trust, and are cohesive with and incorporated into the records management strategy.

• To continue to support electronic record keeping options, as a means of improving records management and of achieving the intrinsic legibility, timeliness, accuracy, completeness, accessibility and storage benefits.

18.0 REFERENCES & OTHER SOURCES OF INFORMATION

• Nursing & Midwifery Guidelines for Records & Records Keeping www.nmc-

uk.org

• British Medical Association Guidelines www.bma.org.uk

• Listening Responding and Improving – PALS and Complaints Policy No. 4.26

• Risk Management Policy No. 4.18

• Incident Reporting Policy No. 5.01

• Confidentiality of Patient & Employee Records Personal Information Policy No. 7.01

• Access to Health & Employee Records Policy No. 7.02

• Information Governance Policy No. 7.08

• Information Security and Data Protection Policy No. 7.03

• Policy on Health Records Management & Standards No. 7.17

• North Staffordshire Combined Healthcare NHS Trust, Corporate Standards

• GENESYS manual

• HSC1999/012: Caldicott Guardians ‘Protecting and Using Patient Information’

• Information Commissioner (Data Protection & Freedom of Information

Acts) https://ico.org.uk/

• Caldicott Guardian https://www.gov.uk/

• Public Record Office (PRO) www.nationalarchives.gov.uk

• NHS Confidentiality Code of Practice https://www.gov.uk/

• The Records Management: NHS Code of Practice for Health and Social Care 2016 https://digital.nhs.uk/information-governance-alliance

• The Care Record Guarantee https://www.gov.uk/

• Research Policy No. 1.52a

http://www.bma.org.uk/

http://www.nationalarchives.gov.uk/

https://www.gov.uk/

RECORD TYPE Retention Start Retention

period DISPOSAL METHOD

NOTES

1. Care Records with standard retention periods

Electronic Patient Records System (EPR)

See notes See notes Destroy Where the electronic system has the capacity to destroy records in line with the retention schedule and where a metadata stub can remain demonstrating that a record has been destroyed, then the Code should be followed in the same way for electronic records as for paper records with a log being kept of the records destroyed. If the system does not have the capacity, then once the records have reached the end of their retention periods they should be inaccessible to users of the system and upon decommissioning, the system (along with audit trails) should be retained for the retention period of the last entry related to the schedule.

Mental Health records

Discharge or patient last seen

20 years or 8 years after the patient has died

Review and if no longer needed confidentially destroy

Covers records made where the person has been cared for under the Mental Health Act 1983 as amended by the Mental Health Act 2007. This included psychology records. Retention solely for any persons who have been sectioned under the Mental Health Act 1983 must be considerably longer than 20 years where the case may be ongoing. Very mild forms of adult mental health treated in a community setting where a full recovery is made may consider treating as an adult records and keep for 8 years after discharge. All must be reviewed prior to destruction taking into account any serious incident retentions.



NOTES

2. Care Records with Non-Standard Retention Periods

Medical record of a patient with Creutzfeldt-Jakob Disease (CJD)

Diagnosis 30 years or 8 years after the patient has died

Review and consider transfer to a place of deposit

For the purposes of clinical care the diagnosis records of CJD must be retained. Where the CJD records are in a main patient file the entire file must be retained. All must be reviewed prior to destruction taking into account any serious incident retentions.

Record of long term illness or an illness that may reoccur

Discharge or patient last seen

30 years or 8 years after the patient has died

Review and confidentially destroy

Necessary for continuity of clinical care. The primary record of the illness and course of treatment must be kept of a patient where the illness may reoccur or is a life long illness.

3. Pharmacy

The IGA is currently reviewing this section. As an interim measure you can view a list of Pharmacy records and their associated retention periods and actions by clicking on the links. Information relating to controlled drugs

Creation See notes Review and if no longer needed confidentially destroy

NHS England and NHS BSA guidance for controlled drugs can be found at: http://www.nhsbsa.nhs.uk/PrescriptionServices/1120.aspx https://www.england.nhs.uk/wp-content/uploads/2013/11/som-cont-drugs.pdf The Medicines, Ethics and Practice (MEP) guidance can be found at the link (subscription required): http//www.rpharms.com/support/mep.asp Guidance from NHS England is that locally held controlled drugs information should be retained for 7 years. NHS BSA will hold primary data for 20 years and then review. NHS East and South East Specialist Pharmacy Services have prepared pharmacy records guidance including a specialised retention schedule for pharmacy. Please see:

http://www.nhsbsa.nhs.uk/PrescriptionServices/1120.aspx

https://www.england.nhs.uk/wp-content/uploads/2013/11/som-cont-drugs.pdf

https://www.england.nhs.uk/wp-content/uploads/2013/11/som-cont-drugs.pdf

http://www.medicinesresources.nhs.uk/en/NICE-Profile/Login/

RECORD

TYPE Retention Start Retention


NOTES

4. Event & Transaction Records

Clinical Audit Creation 5 Years Confidentially destroy

Chaplaincy Records

Creation 2 years Review & consider transfer to a place of deposit

See also Corporate Governance Records

Clinical Diaries End of the year to which they relate

2 years Confidentially destroy

Diaries of clinical activity & visits must be written up and transferred to the main patient file. If the information is not transferred the diary must be kept for 8 years.

Clinical Protocols

Creation 25 years Review and consider transfer to a Place of Deposit

Clinical protocols may have archival value. They may also be routinely captured in clinical governance meetings which may form part of the permanent record (see Corporate Governance Records).

Datasets released by HSCIC under a data sharing agreement

Date specified in the data sharing agreement

Delete with immediate effect

Delete according to HSCIC instruction

http://www.hscic.gov.uk/media/15729/Dars-Data-Sharing-Agreement/pdf/Data_Sharing_Agreement_2015v2%28restricted_editing%29.pdf

Destruction Certificates or Electronic Metadata destruction stubs or records of clinical

Destruction of records or information

20 years Review and consider transfer to a Place of Deposit

Destruction certificates created by public bodies are not covered by an instrument of retention and if a Place of Deposit or the National Archives do not class them as records of archival importance they are to be destroyed after 20 years.

http://www.medicinesresources.nhs.uk/en/NICE-Profile/Login/



information held on destroyed physical media Equipment maintenance logs

Decommissioning of the equipment


Inspection of equipment records

Decommissioning of the equipment

11 years Review and if no longer needed destroy

Notifiable disease book

Creation 6 years Review and if no longer needed confidentially destroy

Patient Property Books

End of the year to which they relate

2 years Review and if no longer needed confidentially destroy

Referrals not accepted

Date of rejection 2 years as an ephemeral record

Review if no longer needed confidentially destroy

The rejected referral to the service should also be kept on the originating service life.

Requests for funding for care not accepted

Date of rejection 2 years as an ephemeral record


Smoking cessation

Closure of 12 week quit period

2 years Review and if no longer

needed confidentially destroy

Ward handover sheet

Date of handover 2 years Review and if no longer needed destroy confidentially destroy

This retention relates to the ward. The individual sheets held by staff must be destroyed confidentially at the end of the shift.



NOTES

5. Deaths Body release forms

Creation 2 years Review and consider transfer to a Place of Deposit

Death – cause of death certificate counterfoil

Creation 2 years Review and consider transfer to a place of Deposit

6. Clinical Trials & Research

Please refer to the Department of Health – Records Management: Code of Practice

Please refer to the Trust Policy Research Governance Policy No. 1.52a



NOTES

7 Corporate Governance Board Meetings Creation Before 20

years but as soon as practically possible

Transfer to a Place of Deposit

Board Meetings (Closed Boards)

Creation May retain for 20 years


Although they may contain confidential or sensitive material they are still a public record and must be transferred at 20 years with any FOI exemptions notes or duty of confidence indicated.

Chief Executive records Creation May retain for 20years


This may include emails and correspondence where they are not already included in the board papers and they are considered to be of archival interest.

Committees listed in the Scheme of Delegation or that report into the Board and major projects

Creation Before 20 years but as soon as practically possible


Committees/Groups/Sub-committees not listed in the scheme of delegation

Creation 6 years Review and if no longer needed confidentially destroy

Includes minor meetings / projects and departmental business meetings.

Destruction Certificates or Electronic Metadata destruction stub or record of information held on destroyed physical media

Destruction of record or information

20 years Consider Transfer to a Place of Deposit or if no longer needed to destroy

The Public Records Action 1958 limits the holding of records to 20 years unless there is an instrument issued by the Minister with responsibility for administering the Act. If records are not excluded by such an instrument they must either be transferred to a Place of Deposit as a public record or destroyed 20 years after the record has been closed.

Incidents (serious) Date of incident 20 years Review and consider transfer to a

Place of Deposit

Incidents (not serious) Date of incident 10 years Review and if no longer needed confidentially destroy

Non-Clinical Quality Assurance Records

End of year to which the assurance relates


Patient Advice and Liaison Service (PALS) records

Close of financial year


Policies, strategies and operating procedures including business plans

Creation Life of organisation plus 6 years

Review and consider transfer to a Place of Deposit



NOTES

7. Communications

Intranet site Creation 6 years Review and consider transfer to a place of Deposit

Patient information leaflets

End of use 6 years Review and consider transfer to a Place of Deposit

Press releases and important internal communications

Release Date 6 years Review and consider transfer to a Place of Deposit

Press releases may form a significant part of the public record or an organisation which may need to be retained.

Public consultations End of consultation 5 years Review and consider transfer to a Place of Deposit

Website Creation 6 years Review and consider transfer to a Place of Deposit



NOTES

8. Staff Records & Occupational Health Although pension information is routinely retained until 100th birthday by the NHS Pensions Agency employers must retain a portion of the staff record until the 75th birthday. All employee Records/documents are retained with the last employing team.

Duty Roster Close of financial year

6 years Review if no longer needed confidentially destroy

Occupational Health Reports

Staff member leaves

Keep until 75th birthday or 6 years after the staff member leaves whichever is sooner


Occupational Health report of staff member under health surveillance

Staff member leaves

Keep until 75th birthday


Staff Record Staff member leaves

Keep until 75th birthday (see notes)

Create staff record summary then review or confidentially destroy the main file

This includes (but is not limited to) evidence of right to work, security checks and recruitment documentation for the successful candidate include job adverts and application forms. May be destroyed 6 years after the staff member leaves or the 75th birthday, which is sooner, if a summary has been made.

Staff Record Summary 6 years after the staff member leaves

75th birthday Place of Deposit should be offered for

continues retention or confidentially destroy

Timesheets (original record)

Creation 2 years Review and if no longer required confidentially destroy

Staff Training Records Creation See notes Review and consider transfer to a Place of Deposit

Records of significant training must be kept until 75th birthday or 6 years after the staff member leaves. It can be difficult to categorise staff training records as significant as this can depend upon the staff member’s role. The IGA recommends:

• Clinical training records – to be retained until 75th birthday or six years after the staff member leaves, whichever is the longer

• Statutory and mandatory training records – to be kept for ten years after training completed

• Other training records – keep for six years after training completed.



NOTES

9. Procurement

Contracts sealed or unsealed

End of contract 6 years Review and if no longer needed confidentially destroy

Contracts – financial approval files

End of contract 15 years Review and if no longer needed confidentially destroy

Contracts - financial approved suppliers documentation

When supplier finishes work


Tenders (successful) End of contract 6 years Review and if no longer needed confidentially destroy

Tenders (unsuccessful) Award of tender 6 years Review and if no longer needed confidentially destroy



NOTES

10. Estates

Building plans and records of major building work

Completion of work Lifetime of the building or disposal of asset plus 6 years

Review and consider transfer to a Place of Deposit

Building plans and records of works are potentially of historical interest and where possible be kept and transferred to a Place of Deposit.

CCTV See ICO Code of Practice

Review and if no longer need confidentially destroy

ICO Code of Practice: https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf The length of retention must be determined by the purpose for which the CCTV has been deployed. The recorded images will only be retained long enough for any incident to come to light (e.g. for a theft to be noticed) and the incident to be investigated.

Equipment monitoring and testing and maintenance work where asbestos is a factor

Completion of monitoring or test


Equipment monitoring and testing and maintenance work

Completion of monitoring or test


Inspection reports End of lifetime of installation

Lifetime of installation

Review

Leases Termination of lease


Minor building works Completion of work Retain for 6 years

Review and if no longer needed destroy

Photographic collections Close of collection Retain for Consider The main reason for maintaining photographic collections is for

https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf

https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf

of service locations and events and activities

not more than 20 years

transfer to a Place of Deposit

historical legacy of the running and operation of an organisation. However, photographs may have subsidiary uses for legal enquiries.

Radioactive Waste Creation 30 years Review and if no longer needed destroy

Sterilix Endoscopic Disinfector Daily Water Cycle Test, Purge Test, Ninhydrin Test

Date of test 11 years Review and if no longer needed destroy

Surveys End of lifetime of installation or building

Lifetime of installation or building

Review and consider transfer to Place of Deposit



NOTES

11. Finance

Accounts Close of financial year


Includes all associated documentation and records for the purpose of audit as agreed by auditors

Benefactions End of financial year

8 years Review and consider transfer to Place of Deposit

These may already be in the financial accounts and may be captured in other records / reports or committee papers. For benefactions, endowment, Trust fund / legacies, offer to a Place of Deposit.

Debtor records cleared Close of financial year


Debtor records not cleared



Donations Close of financial year


Expenses Close of financial year


Final annual accounts report

Creation Before 20 years

Transfer to Place of Deposit if not

Should be transferred to a Place of Deposit as soon as practically possible.

transferred with the board papers.

Financial records of transactions

End of financial year


Petty cash End of financial year


Private Finance initiative (PFI) files

End of PFI Lifetime of PFI

Review and consider transfer to Place of Deposit

Salaries paid to staff Close of financial year


Superannuation records Close of financial year




NOTES

12. Legal, Complaints & Information Rights

Complaints case file Close of incident (see notes)


http://www.national archives.gov.uk/documents/information-management/sched_complaints.pdf The incident is not closed until all subsequent processes have ceased including litigation. The file must not be kept on the patient file. A separate file must always be maintained.

Fraud case files Case closure 6 years Review and if no longer needed confidentially destroy

Freedom of Information (FOI) requests and responses and any associated correspondence

Closure of FOI request


Where redactions have been made it is important to keep a copy of the redacted disclosed documents or if not practical to keep a summary of the redactions.

FOI requests where there has been a subsequent appeal

Closure of appeal 6 years Review and if no longer needed destroy

Industrial relations including tribunal case records.



Some organisations may record these as part of the staff record but in most cases they will form a distinct separate record either held by the staff member / manager or by the payroll team for processing.

Litigation records Closure of case 10 years Review and consider transfer to a Place of Deposit

Patents / trademarks / End of lifetime of Lifetime of Review and

copyright / intellectual property

patent or termination of licence / action

patient or 6 years from end of licence / action

consider transfer to Place of Deposit

Software licences End of lifetime of software

Lifetime of software

Review and if no longer needed destroy

Subject Access Request (SAR) and disclosure correspondence

Closure of SAR 3 years Review and if no longer needed confidentially destroy

Subject Access Request where there has been a subsequent appeal

Closure of appeal 6 years Review and if no longer needed confidentially destroy

Transfer to a Place of Deposit – The Public Records Act 1958 require organisations to select core records for permanent preservation at the relevant Place of Deposit to discuss and organise the transfer of records you must contact them; for North Staffordshire Combined Healthcare NHS Trust, the Place of Deposit is: The National Archives Staffordshire & Stoke-on-Trent Archive Service Staffordshire Record Office Eastgate Street Stafford ST16 1LZ Telephone: 01785 278379

Appendix 2 Corporate Audit Records Tool Name of Record Held Type of Records Location of records If electronic records, is

there a back up system? Why do you collect this record?

Where does the information come from?

Does the record include personal / confidential data?

Is the record shared outside the department?

If yes, where is the record shared?

Approximately how many of these records are held?

Is there a register of the records?

Is there a register of the records?

If yes, where is the register held?

If the register is held electronically, is there a back up system?

Are the records tracked if they leave the department?

Is there business continuity in place for this record?

Has a retention period been identified for this period?

If yes, how long is the record retained for?

How are retention period reviewed and maintained?

Following the agreed retention period, are the records archived or destroyed?

If records are archived, where is the archive held?

RECORDS MANAGEMENT POLICY · 2.0 BACKGROUND AND OTHER INFORMATION . The importance of sound records...

Documents

Transcript of RECORDS MANAGEMENT POLICY · 2.0 BACKGROUND AND OTHER INFORMATION . The importance of sound records...