« Previous | Contents | Next »
Listen
ANNEX E - NHSSCOTLAND PERSONAL HEALTH RECORDS MANAGEMENT POLICY FOR NHS BOARDS
Please note - this annex was developed by a subgroup of The Health Records Forum, and has been the subject of a recent consultation. It has been included in this overarching Code of Practice to provide further advice and support to NHS Boards in the development of local health record policies. It is recognised by the Scottish Government eHealth directorate as a useful tool for Boards in helping them meet their records management obligations.
1. HEALTH RECORDS MANAGEMENT POLICY
1.1 Introduction
(Insert name of NHS Board) takes its responsibility towards patient confidentiality seriously and patient records should always be held in a secure environment and accessed on a need to know basis.
Health records are a valuable resource because of the information they contain. They are essential to the delivery of high quality evidence based health care. Health records are contemporaneous and form the basis for the organisation's accountability for clinical care. They are evidential documents and as such must comply with legislative requirements, professional standards and guidelines. It is essential to the operation of the organisation to be able to identify and locate information that is critical for current decision making and to determine which policies and procedures are followed during the delivery of clinical care.
Health records management is the process of managing records throughout their life cycle, from their creation, usage, maintenance and storage to their ultimate destruction or permanent preservation.
Legislation has a significant effect on record keeping arrangements in NHS organisations. NHS Scotland must ensure that health records management policies and procedures are fully compliant with legislation and government policy on the management of information, namely:
- Public Records (Scotland) Act 1937;
- Medical Reports Act 1988;
- The Computer Misuse Act 1990;
- Access to Health Records Act 1990;
- Data Protection Act 1998;
- Human Rights Act 2000;
- Scottish Government Records Management NHS Code of Practice (Scotland);
- Quality Improvement Scotland - Standards for Record Keeping;
- Information Governance Standards;
- National eHealth Strategy
This policy should be read in conjunction with the organisation's Health Records Management Strategy, which sets out how the policy requirements will be delivered.
1.2. Scope of the Policy
This policy sets out best practice for in creating, using, retaining and disposing of health records. It applies to health records in all formats, of all types and in all locations used:
- to support patient care and the continuity of care;
- to support day to day corporate activities which underpin delivery of care;
- to support evidence based practice;
- to support epidemiology;
- to meet legal requirements and regulatory requirements;
- to assist medical and other audits;
- to support improvements in clinical effectiveness through research.
1.3. Definition of a Health Record
A health record is anything that contains information, which has been created or gathered as a result of any aspect of the delivery of patient care, including:
- personal health records (electronic, microfilm and paper based);
- radiology and imaging reports, photographs and other images;
- audio and video tapes, cassettes, CDROM etc;
- computer databases, output and disks etc and all other electronic records;
- material intended for short term or transitory use including notes and "spare copies of documents".
This list is not exhaustive.
The health record should be constructed to contain sufficient information to identify the patient, provide a clinical history, details of investigations, treatment and medication.
1.4. Aims of Health Records Management System
The aim of this health records policy is to ensure that procedures are in place to bring together the health professionals and accurate, relevant, reliable patient documentation at the correct time and place to support patient care. In achieving this aim, all NHS Scotland employees should fulfil statutory and other legal requirements, ensuring patient safety and safe custody and confidentiality of patient information at all times.
The aims of our health records management system are to ensure that:
- health records are available when needed - from which the Health Board is able to form a reconstruction of activities or events that have taken place;
- health records can be accessed - health records and the information within them can be located and displayed in a way consistent with the records' initial use and that the current version is identified where multiple versions exist;
- health records can be interpreted - the context of the record can be interpreted: who created or added to the health record and when, during which business process, and how the health record is related to other health records;
- health records can be trusted - the health record reliably represents the information that was actually used in or created by the business process, and the records integrity and authenticity can be demonstrated;
- health records can be maintained through time - the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the health record is needed, perhaps permanently despite changes of format;
- health records are secure - from unauthorised and inadvertent alteration and erasure. Access and disclosure are properly controlled and audit trails will track all use and changes to ensure that health records are held in a robust format which remains readable for as long as they are required;
- health records are retained and disposed of appropriately - using consistent documented retention and disposal procedures, which include provision of appraisal and permanent preservation for health records with archival value;
- staff are trained - all staff are made aware of their responsibilities for health record keeping and management.
1.5. Health Records Life Cycle Process
Health records are confidential documents and should be clearly identifiable, accessible and retrievable. They should be authentic, meaningful, authoritative, adequate for their purpose and correctly reflect what was communicated, decided or done. They should be unalterable and after an action has occurred nothing from the health record should be deleted or altered. Information added to an existing hard copy health record should be signed and dated. Health records systems should be secure and their creation, management, storage and disposal should comply with current legislation.
1.5.1. Creation
A comprehensive health record is created and maintained for every patient attending health services to provide an up to date and chronological account of the patient's care.
- patient demographic data for each registration should be recorded on the master patient index of the patient administration or departmental patient management system. The minimum patient demographic data should include surname, forename, sex, date of birth, home address, postcode, Community Health Index ( CHI) number and/or departmental number;
- the organisation should use the CHI number as the unique patient identifier;
- where there is more than one local identifier or case record per patient, a system should be in place to ensure that the existence of all other health records is known at all times;
- paper health records have a standard case record folder constructed of robust material to withstand handling and transport and with secure anchorage points to prevent loss or damage to documents. There should be no inside pockets or flaps as these can lead to misfiling or loss of documents;
- there is a method for indicating alert or risk factors which is used consistently in all personal health records, with a designated place for healthcare professionals to record actual or suspected clinical alerts and hazards which are signed and dated. There may be an indicator on the outside of the folder but the confidential detail should be placed inside the folder;
- there is a locally agreed format for filing of information within the health record which facilitates ease of access to all clinical information. Clear instructions regarding the order of filing should be contained within the folder or printed on the divider(s). Documents should be viewable in chronological order reflecting the continuum of patient care;
- machine generated reports and recordings, e.g.CTG, ECG and laboratory reports, are securely stored using a method that will minimise deterioration;
- there are dated documented procedures for the management of electronic health records;
- all electronic health record information systems are password protected and passwords are changed at regular intervals.
1.5.2. Storage
Health records storage areas should provide a safe working environment with secure storage that allows health records to be retrieved at all times. These areas should only be accessible to authorised staff.
- health records storage areas and office accommodation conform to all current legislation and guidance regarding health and safety;
- regular risk assessments are undertaken in line with the organisation's risk management strategy;
- racking for storage of health records is stable, of strong enough construction to support the weight of health records and complies with current health and safety regulations;
- there are safety step ladders and safety stools appropriate to the number of staff employed/size and use of the health records storage area;
- there is a documented protocol for safe manual and object handling practices. All staff are fully trained in related manual handling;
- there is a mechanism to ensure that all equipment used in the department conforms to appropriate legislation and a record of equipment checks is kept;
- access to health records storage areas is restricted to authorised personnel only. Health records should not be accessible to unauthorised persons nor left for any period where they might be accessed by unauthorised persons. The keys/access codes/access pass to storage areas that are locked are available to authorised staff at all times to facilitate retrieval of health records;
- health records storage areas must be able to accommodate current needs and annual growth of health records. The health records collection inventory demonstrates how this will be achieved;
- health records are stored securely when located in clinical areas or offices and arrangements are in place to facilitate retrieval of health records when required.
1.5.3. Management
Maintaining proper health records is vital to patient care. A comprehensive health record should be maintained for every patient. Each health records system should have well defined procedures for the ongoing management of the health record from initiation to final disposal in accordance with current legislation.
- whenever possible, separate areas are maintained for current and non current health records in use within the organisation;
- there are documented procedures for the safe storage and retrieval of health records, both manual and electronic;
- there are documented procedures for booking health records out from the normal filing system which enable rapid retrieval of health records and prevent misfiles;
- tracer and tracking systems facilitate timeous retrieval of health records;
- there is a documented procedure for splitting fat folders including cross-referencing of the volumes such that clinical staff may efficiently use them. Closed volumes are suitably labelled;
- there is a documented procedure relating to the return of patient held records to the health records department when the episode of care for an individual patient is complete;
- contents of the health record are filed in the correct order according to the design of the health record folder and dividers. Documents are securely fastened within the folder;
- the responsibility for filing of loose documentation is clearly defined;
- there is a system to ensure that staff routinely remove poorly filed and torn health records to reassemble or re-cover;
- there are documented procedures for the transportation of health records within and outwith health board boundaries;
- there are documented procedures for handling subject access and other legal requests with clear responsibility for responding by fully trained dedicated staff who process requests efficiently and in accordance with the law;
- there is a mechanism to help identify any misfiled health records, e.g. colour coding;
- there are documented procedures for the retention, archiving or destruction of health records in accordance with national guidelines. The method of destruction must ensure that confidentiality is maintained at all times;
- there is a set of performance indicators which demonstrate the efficiency of health records management. These should monitor such things as health record availability, use of temporary folders and timescales for receipt of health records at wards following emergency admission.
1.5.4. Archiving and Disposal of Health Records
There is a documented procedure for the retention, destruction or archiving of health records. See Annex D of the Scottish Government Records Management NHS Code of Practice (Scotland). The method of destruction must ensure that confidentiality is maintained at all times. The procedure specifies the timescale for retention for all types of health records and media and the procedure for transfer between media.
1.6. Legal and Professional Obligations
All NHS health records are public records under the Public Records (Scotland) Act. The Board will take actions as necessary to comply with legal and professional obligations such as:
- he Data Protection Act 1998;
- The Common Law Duty of Confidentiality; and
- The NHS Scotland Confidentiality Code of Practice;
- Access to Health Records Act 1990;
and any new legislation affecting health records management as it arises.
1.7. Roles and Responsibilities
1.7.1. Data Controller
The Chief Executive Officer has overall accountability for ensuring that health records management operates correctly/legally within the Board. The Chief Executive Officer may delegate responsibility for management and organisation of health records services to the Chief Operating Executive who is responsible for ensuring appropriate mechanisms are in place to support service delivery and continuity. Health records management is key to this, as it will ensure appropriate and accurate information is available as required.
1.7.2. Caldicott Guardian
The Boards' Caldicott Guardian has a particular responsibility for reflecting patients' interests regarding the use of patient identifiable information. The Caldicott Guardian has responsibility for:
- ensuring the Board is fulfilling all legal obligations in managing patients' health records;
- agreeing and reviewing internal protocols governing the protection and use of patient identifiable information by Board staff;
- agreeing and reviewing protocols governing the disclosure of patient information across organisational boundaries, e.g. with social services and other partner organisations, contributing to the local provision of care;
- developing the Board's security and confidentiality policies;
- representing confidentiality requirements and issues to the Board, advising on annual improvement plans and agreeing and presenting annual outcome reports.
1.7.3. Records Management/Information Governance Steering Group
The Boards' Health Records Management/Information Governance Steering Group/Committee is responsible for ensuring that the Health Records Management Policy is implemented through endorsement of the Health Records Management Strategy.
1.7.4. Designated Officer
The designated officer (Head of Health Records Services/Health Records Manager) holds a health records qualification or is suitably trained in health records practices. This officer has professional responsibility for the overall development and maintenance of health records management practices throughout the Board and for ensuring that related policies and procedures conform to the latest legislation and standards on data protection, patient confidentiality and health records practice. This officer is also accountable for the release of all patient clinical information for data subject access and medico-legal purposes.
1.7.5. Staff Responsibility for Record Keeping
All NHS employees are responsible for any health records which they create or use. This responsibility is established and defined by the law (Public Records (Scotland) Act 1937). Furthermore as an employee of the NHS, any health records created by an employee are public records.
All Board staff whether clinical or administrative, who create, receive and use health records have records management responsibilities. All staff must ensure that they keep appropriate records of their work and manage those health records in keeping with this policy and with any guidance subsequently produced.
Everyone working for or within the NHS who records, handles, stores or otherwise comes across patient information has a personal common law duty of confidence to patients and to his or her employer. The duty of confidence continues even after the death of the patient or after the employee or contractor has left the NHS.
Breach of this policy will mean the organisation is not safeguarding information entrusted to it, which in some circumstances may render the organisation liable to prosecution. It is therefore essential that staff within the organisation with responsibility for records management comply with the policy otherwise they may be subject to disciplinary procedures.
1.8. Retention and Disposal Schedules
It is a fundamental requirement that all of the Boards' health records are maintained for a minimum period of time for clinical, legal, operational, research and safety reasons. The length of time for retaining health records will depend on the record type.
The Health Board has adopted the minimum retention periods set out in Annex D of the overarching Code of Practice. The locally agreed retention schedule can be found at (A2). The local retention schedule will be reviewed every 3 years or earlier in the light of legislative or Scottish Government changes.
1.9. Health Records Inventory
The Health Board requires knowing what records are held, where they are kept and how the information contained within the records is being used. An up to date health records inventory will be maintained by the Head of Health Records Services/Health Records Manager. This will identify all record collections/information sets that exist within the organisation, the volume of records, the type of media on which they are held, their physical condition, their location, the physical and environmental conditions in which they are stored and the responsible manager. The Head of Health Records Services /Health Records Manager should be made aware when new collections of records or information sets are created or where management arrangements or physical locations change. A sample records inventory survey form can be found at (A3).
1.10. Health Records Management Systems Audit
The Health Board will regularly audit the records management practices for compliance with this policy. Auditing health records policies and procedures will be done on a systematic basis. The audit will compare current operational practice against defined procedures. The audit cycle will include self assessment against the Information Governance, Quality Improvement Scotland and Patient Records and Information Management Accreditation Programme Standards (if the organisation subscribes to the accreditation and development of health records programme). (A summary of these standards can be found at A4.)
Audit Cycle:
1.11. Health Records Management Improvement Plan
The Health Board has formulated an Improvement Plan identifying programmed activity for delivery of the Health Records Strategy. This identifies tasks related to each of the development areas with achievable milestones and timescales for implementation. Progress will be monitored through audit and compliance with the Information Governance and Patient Records and Information Management Accreditation Programme standards (if the organisation subscribes to the accreditation and development of health records programme). The Improvement Plan can be found at (A5).
1.12. Health Records Policies and Procedures
The Head of Health Records Services/Health Records Manager is responsible for planning and documenting Health Records departmental policies and procedures thus providing standardisation of work tasks throughout the department. In this context a procedure is a structured, action orientated list of sequential steps involved in carrying out a specific job. It is a series of related steps designed to accomplish a specific task. All Health Records Departments should have a policy and procedure manual to ensure that all staff members are undertaking their duties in a consistent way. Health records policies and procedures associated with this document can be found at A6.
1.13. Training
All staff employed by the Health Board including volunteers and contractors are given training on their personal responsibilities for health records keeping. This includes the creation, use, storage, security and confidentiality of health records. Appropriate training should be provided for all users of the health records systems to meet local and national standards. All new employees to the organisation will be given basic training as part of the organisation's induction process. Additional training in the specifics of health records management will be provided where appropriate. Training is tailored to specific staff groups and functions including the following:
- all current relevant legislation and NHS standards;
- all current relevant organisation policies and procedures;
- caldicott requirements;
- patient confidentiality and the security of records, whether paper or electronic;
- Data Protection Act 1998;
- Access to Health Records Act 1990;
- Scottish Government Records Management NHS Code of Practice (Scotland);
- secure destruction of confidential waste;
- individuals rights to access information (Data Protection Act 1998/ Mental Health (Scotland) Act 2003);
- NHS Scotland Code of Practice on Confidentiality;
- Patient Records and Information Management Accreditation Programme ( PRIMAP).
Health records practitioners and personnel are pivotal to the management of health records systems and should receive customised training in health records practice. The policy and procedure manual is a key management tool and should form the basis for all health record system specific training.
The Scottish Health Records Forum acknowledges the effort of the sub group in drafting this policy for use across NHS Scotland. It is hoped the document will provide a framework which can be customised for use at individual NHS Board level.
Mr Robert H Bryden, NHS Ayrshire & Arran (Chair)
Miss May McConnell, NHS Ayrshire & Arran
Mrs Marilyn Horne, NHS Glasgow & Clyde
Ms Debbie Baird, NHS Ayrshire & Arran
Mrs Anne Allison, NHS Ayrshire & Arran
Mrs Margaret Kerr, NHS Ayrshire & Arran
Ms Fiona Crawford, NHS Ayrshire & Arran
Ms Fiona Hutchison, NHS Forth Valley
2. DEFINITIONS & ACRONYMS
2.1. Definitions
Health Record | Also referred to as: - Medical record
- Case note
- Case record
- Patient record
|
Policy | Strategy / plan / guidance / principal / course of action. |
PRIMAP | The Healthcare Accreditation and Quality Unit ( CHKS Limited) administer a patient records and information management accreditation programme. This is a standards based programme of organisational development and support to health records departments in UK Acute Trusts and has recently extended its remit to cover primary care organisations. PRIMAP is a nationally recognised programme based on peer review methodology and has been mandated across Wales for Acute and Community Hospital Trusts. NHS Ayrshire & Arran, Lothian and Tayside currently subscribe to the programme. In addition PRIMAP has undertaken clinical coding audits. NHS organisations wishing to participate in the programme pay an annual subscription which entitles them to access the standards and to participate in development days. Typically the health records service will spend 6 - 18 months working with the standards before the survey by an external team of healthcare accreditation and quality unit surveyors takes place. CHKS Accreditation will be awarded to those organisations that have demonstrated compliance with the standards. |
Procedure | A structured, action orientated list of sequential steps involved in carrying out a specific job. It is a series of related steps designed to accomplish a specific task. |
2.2. Acronyms
CHI | Community Health Index |
CTG | |
ECG | Electrocardiogram |
HDL | Health Department Letter |
IG | Information Governance |
PRIMAP | Patient Records and Information Management Accreditation |
2.3. References
Access to Health Records Act 1990:
http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900023_en_1.htm
Data Protection Act 1998:
http://www.sehd.scot.nhs.uk/mels/2000_17.doc
The Management Retention and Disposal of Personal Health Records
Human Rights Act 2000
Information Governance Standards:
http://www.elib.scot.nhs.uk
Medical Reports Act 1988:
http://www.opsi.gov.uk/ACTS/acts1988/Ukpga_19880028_en_1.htm
National eHealth Strategy:
http://www.ehealth.scot.nhs.uk
PRIMAP (Patient Records and Information Management Accreditation Programme)
www.chks.co.uk
Public Records (Scotland) Act 1937:
http://www.nas.gov.uk/recordKeeping/publicRecordsScotlandAct1937.asp
Quality Improvement Scotland - Standards for Record Keeping:
http://www.nhshealthquality.org/nhsqis/files/CGRM_CSF_Oct05.pdf
The Computer Misuse Act 1990:
http://www.opsi.gov.uk/ACTS/acts1990/Ukpga_19900018_en_2.htm
A2 - LOCAL RETENTION SCHEDULE FOR HEALTH RECORDS AND DATASETS
If there are local retention schedules which accord to this Code of Practice, attach these to printed out versions of this document.
A3 - SAMPLE HEALTH RECORDS INVENTORY SURVEY FORM
A4 - INFORMATION GOVERNANCE STANDARDS 3E.2 : PATIENT RECORDS
IG Reference | Standard | Cross referred to PRIMAP Standard | Standard | Reference in this report |
|---|
5.001 | The Board has an approved patient records policy, which includes storage to accommodate casenotes etc. | Standard 1.1 Standard 1.2 | There is a dated, documented organisation-wide health records management strategy approved by the Board, or its delegated Committee. This has been written/reviewed within the last three years. The relevant staff are aware of the strategy and there is evidence of implementation. There is a dated, documented health records management programme or action plan that identifies prioritised activity to support the implementation of the records management strategy. This has been written/reviewed within the last three years. The relevant staff are aware of the programme action plan and there is evidence of implementation. | 5.2.8 5.2.9 5.3.1 |
5.002 | There is a clearly identified, suitably qualified and supported lead individual responsible for patient records. | Standard 1.5 Standard 1.6 Standard 1.8 | There is a manager with professional accountability for the health records service whose job description is consistent with the aims and objectives of the service. Board level responsibility for health records management is clearly defined and there are clear lines of professional accountability for health records management and systems throughout the organization. The health records service is managed by a qualified person. | 7.4 |
5.003 | The Board has a Patient Records Committee, which makes decisions on policy matters and which includes representation from clinical and non-clinical staff and is linked appropriately to other Information Governance groups. | Standard 8.1 Standard 8.2 | There is a designated body ( i.e. Health Records Committee or equivalent), with documented terms of reference. Minutes of meetings are kept. The designated body has multi disciplinary representation. This includes representatives from the various groups that make entries in the health records, ( e.g. clinical professionals), as well as representatives of the administrative staff that deal with records ( e.g. managers and operational staff) | 7.3 |
5.005 | The Board has mechanisms in place to ensure that all health records managers and staff receive training in health records. | Standard 7.1 | All personnel working within the Health Records service have an induction training programme provided on appointment to the organisation. | 13 |
5.006 | All scanned documents meet legal admissibility standards prior to the destruction of the paper record. | Standard 3.1.9 | There are dated, documented procedures for the management of electronic records and for safeguarding data held on computer systems by the organisation. These have been written/reviewed within the last 3 years. The relevant staff are aware of the procedures and there is evidence of implementation | 5.3.13 5.4 |
5.007 | The Board ensures that the Community Health Index ( CHI) number is used on all communications concerning individual patients, including requests, reports and letters. | Standard 3.2.1 | The organisation uses the NHS number as the patient identifier ( CHI in Scotland). | 5.1.2 |
A5 - HEALTH RECORDS MANAGEMENT IMPROVEMENT PLAN
Strategic Aim/ Improvement | Action | Reference to Relevant National Standards | Progress | Responsible Person | Timescale |
|---|
Records Management organisation/system | | | | | |
eHealth strategic aim /improvement (if applicable) | | | | | |
Record creation | | | | | |
Record keeping | | | | | |
Record storage and retention | | | | | |
Records management | | | | | |
Records inventory | | | | | |
Records audit | | | | | |
Training | | | | | |
Accountability | | | | | |
Monitoring and review | | | | | |
Sample Action from Health Records Management Improvement Plan
Strategic Aim/ Improvement | Action | Reference to Relevant National Standards | Progress | Responsible Person | Timescale |
|---|
Records Management |
|---|
Improve the availability of health records in clinics and ward areas | - Regular monitoring of case record availability
- Ensuring that standards for the safe transport of case records are adhered to
- Monitoring of tracering systems
- Resolving issues associated with lack of access to IT systems
- Addressing portering and transport problems across the Board
| | | Health Records Manager Health Records Supervisors Health Records Manager Head of Health Records Services /eHealth Services Manager Portering Services Manager | |
A6 - HEALTH RECORDS POLICIES & PROCEDURES POLICES & PROCEDURES
There is a policy for the retention, destruction or archiving of health records in accordance with national guidelines. The method of destruction must ensure that confidentiality is maintained at all times. | 001 | PRIMAP Standard 4 (Point 4.9) | |
There is a policy on confidentiality and the release and management of information that complies with the relevant legislation and national guidance. The policy sets out how the organisation ensures that information held about patients, their families and staff is managed confidentially. | 002 | PRIMAP Standard 4 (Point 4.17) | IG Standard 6.005 |
There is a policy for ensuring the physical security of areas where health records may be accessed e.g. locking doors; filing cabinets etc. | 003 | PRIMAP Standard 4 (Point 4.21) | |
There is a policy in respect of safe and secure transportation of health records within and without the organisation's boundaries. | 004 | PRIMAP Standard 4 (Point 4.28) | IG Standard 5.001 |
There is a policy in respect of receipt and transmission of faxes and electronic data flows containing confidential patient-identifiable information. | 005 | PRIMAP Standard 4 (Point 4.31) | |
There is a policy for the creation and subsequent incorporation of temporary records. | 006 | PRIMAP Standard 4 (Point 4.38) | |
There is a protocol for safe manual and object handling practices that all staff are fully aware of. | | PRIMAP Standard 2 (Point 2.11) | Refer to NHS Boards' Moving and Handling Procedures |
There is a mechanism to ensure that all equipment used in the department conforms to the appropriate legislation. | | PRIMAP Standard 2 (Point 2.14) | Refer to NHS Boards' Estates Procedure for Equipment checks |
There are procedures for the safe storage and retrieval of health records, both manual and electronic. | 007 | PRIMAP Standard 2 (Point 2.27) | |
There are procedures for booking records out from the normal filing system, which enables rapid retrieval of records and prevents misfiling. | 008 009 | PRIMAP Standard 2 (Point 2.28) | |
There is a method for indicating alert to risk factors, which is used consistently in all patient records, with the case note containing a designated place for healthcare professionals to record actual allergies/risks; to be signed and dated. | 010 | PRIMAP Standard 3 (Point 3.4) Please note policy 010 has not been drafted as it was felt this would be best developed at local hospital or NHS Board level. | |
There is a procedure for splitting fat folders, including cross-referencing of the volumes, such that clinical staff may efficiently use them. | 011 | PRIMAP Standard 3 (Point 3.10) | |
There is a procedure relating to the return of patient-held records to the health records department when the episode of care for an individual patient is complete. | 012 | PRIMAP Standard 3 (Point 3.11) Please note policy 010 has not been drafted as it was felt this would be best developed at local hospital or NHS Board level. | |
There is a procedure for issuing local patient identifiers. The relevant staff are aware of the procedure and there is evidence of implementation. | 013 | PRIMAP Standard 4 (Point 4.10) | |
There is a procedure for updating patient demographic details ( e.g. change of address) when these are notified to a member of the organisation's staff. | 013 | PRIMAP Standard 4 (Point 4.12 | |
There is a procedure for handling subject access requests, with clear responsibility for responding by fully trained and resourced staff who process such requests efficiently and in accordance with the law. | 014 | PRIMAP Standard 4 (Point 4.18) Please note policy 010 has not been drafted as it was felt this would be best developed at local hospital or NHS Board level. | |
There is a procedure in place which identifies the responsibility for filing of loose documentation within case records. This makes reference to the responsibility of all stakeholders. | 015 | PRIMAP Standard 3 (Point 3.15) | |
001. Retention, Destruction and Archiving Of Health Records
1. Opening Statement
The data protection act 1998 sets out a series of standards which NHS Boards and other NHS Bodies must meet in order to comply with the law. One of these is that they must comply with the Fifth Data Protection Principle which is that "Personal Data processed for any purposes shall not be kept for longer than is necessary for that purpose or those purposes".
2. Retention Periods
Legal requirement is (x) years but local policies may differ.
List local retention periods for deceased, current, non current health records etc.
3. Exceptions
List categories that must not be destroyed e.g. pre 1948 etc.
4. Process
List your local procedure for:
Identification of records suitable for destruction
Recording date of destruction
Confidential destruction/ disposal of health record
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
HDL(2006)28 : The Management, Retention and Disposal of Administrative Records
http://www.sehd.scot.nhs.uk/mels/HDL200628.pdf
NHSMEL (2000)17 : Data Protection Act 1998
www.sehd.scot.nhs.uk/mels/200017.doc
The Management Retention and Disposal of Personal Health Records (currently in draft)
Policy 007 : Medical Records Filing System
002. Confidentiality/Security and the Release and Management of Information
1. Opening Statement
Everyone working in the NHS has a legal obligation to keep all patient related information confidential.
Security and Confidentiality of data applies not only to manual health records but also computer systems both administrative and clinical, e.g.PAS, Laboratory, Radiology systems etc.
2. Your Responsibility
Staff should read and be aware of the content of the NHS Code of Practice on protecting patient confidentiality (yellow booklet). This should be provided with letter of appointment.
All staff must sign a confidentiality statement on commencement of duty.
Any breach of confidentiality will attract disciplinary action, which may lead to dismissal.
3. What Constitutes Confidential Data
All information held about a patient is regarded as confidential. This includes: demographic/administrative data as well as clinical data, e.g. name, address, postcode, telephone number, clinic attended, appointment details.
Give examples of what constitutes confidential data and how confidentiality may be breached.
4. Security
Describe physical controls e.g.
ID badges, restricted access, key pads etc
5. Security of Computerised Data
Describe system controls e.g.
Passwords/unique user name, level of access, private and unintelligible to others, audit trails ,follow up action, termination of employment, secure areas, logging off etc.
6. Staff Members with a Legitimate Right to Access Confidential Data
Medical, Nursing, Research, Health Records, Medico/legal, clinical effectiveness, Allied Health Care Professionals etc.
7. Data Protection Act/Access to Health Records Act
Refer to Data Protection Act 1998 and Access to Health Records Act 1990.
Describe on a step by step basis the process for receipt of data subject access requests, processing and release.
Timescale, Mandates.
List all forms of access.
8. Information Sharing
This process usually requires the consent of the patient. This may be implicit i.e. implied when the patient seeks medical care or explicit i.e. the patient makes an informed decision to consent to the release/sharing of their data.
Examples of information which may be divulged under statutory obligation include:
List :
Notification of Infectious Diseases
Notification under child protection arrangements, DSSBR409 etc.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Data Protection Act 1998 www.sehd.scot.nhs.uk/mels/2000_17.doc
Access to Health Records Act 1990
Caldicott Principles
www.confidentiality.scot.nhs.uk/caldicott.htm
www.elib.scot.nhs.uk
"Protecting Personal Health Information" - Information Guide for Patients (Produced by ISD)
"Confidentiality - It's Your Right" (Produced by NHS Scotland)
"Confidentiality - A guide for young people under 16" (Produced by NHS Scotland)
"How to see Your Health Records" (produced by NHS Scotland)
Policy: Local IT Security
Health Rights Information Scotland ( HRIS) http://www.hris.org.uk
003. Security of Health Records Storage Areas
1. Opening Statement
Storage has a huge impact on the effectiveness of the service we provide.
Areas must be secure to protect records against loss, damage or access by unauthorised persons.
2. Health Records Libraries
List local controls procedures i.e. security - key pad, swipe card etc.
3. Peripheral Office Accommodation and Storage Areas
List local physical controls and procedure for access (including out of hours access).
4. Off-site Storage
Include details: off-site storage location and supplier and out of hours access.
5. Electronic Storage
Levels of access e.g. electronic document management system.
6. Access
List staff groups who are allowed to access the various storage areas.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 002 : Confidentiality/Security and the Release and Management of Information
Local Moving and Handling, Health & Safety, Security and Lone Working policies
004. Transportation of Health Records Within and Outwith Organisation Boundaries
1. Opening Statement
Patients' Health Records contain personal and sensitive information and are highly confidential documents. Care must be taken when transporting them within or outwith the hospital.
2. Transportation of Health Records within Hospital
Local procedure for transporting to clinics/secretarial staff and wards. Use of trolleys. Local procedure for porter delivery.
3. Transportation of Health Records to other Hospitals within the Health Board Area
Physical controls e.g. Sealed boxes. Dedicated portering service if applicable.
4. Transportation of Original or Copy Health Records to Hospitals or Authorised Agencies outwith the Internal Mail Delivery Service
Physical controls e.g.
Recorded Delivery, Taxi, sealed boxes, double envelopes etc.
Photocopy sent to reduce risk of losing original etc.
5. Lifting and Handling of Health Records
Proper use of trolleys, keep bundles manageable, See manual handling policy
6. Staff Transportation of Health Records
Staff awareness of procedures for safe and confidential physical transportation of health records throughout the organisation.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 002 : Confidentiality/Security and the Release and Management of Information
Policy 008 : Case record Tracking / Tracering
005. Electronic Transmission of Patient Identifiable Data
1. Opening Statement
The protocol should conform with the guidance contained within NHSMEL (1997) 45 "Guidance on the use of facsimile transmissions for the transfer of personal health information" and local policy on e-mailing patient identifiable data.
For the safe transmission of electronic patient data no information identifying the patient should be faxed.
2. Safe Haven
Record location of safe haven fax.
3. Removal of Demographic Details
List steps followed before faxing information i.e. photocopy original, blank out patient identifiable information etc.
4. Receipt of faxes
Acknowledge receipt, date stamp etc.
5. Receipt of Electronic Referrals
Detail local procedure on receipt of electronic referrals etc.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
NHSMEL (1997)45 "Guidance on the use of facsimile transmissions for the transfer of personal health information"
Policy 002 : Confidentiality/Security and the Release and Management of Information
Policy 009 : Missing Case records
006. Temporary And Duplicate Case records
1. Opening Statement
A temporary case record folder may only be issued on the instruction of a member of the management team when she/he is satisfied that an exhaustive search has been carried out and original case record cannot be found.
When duplicate registrations are identified action must be taken to amalgamate both physical case record and computerised system.
2. Procedure for Issuing Temporary Case record Folder
List your local procedure which explains step by step guide i.e. inform clinician, obtain copies of documentation, creating a temporary folder etc.
3. Amalgamation of Documentation
Actions taken when original case record found i.e. shredding of copy documents etc.
4. Tracking of Temporary Case records
Local policy i.e. recording electronically and manually.
5. Amalgamation of Duplicate Registrations/Case records
Local procedure i.e. merge patient index record and contents of both case records physically amalgamated into correct folder etc.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 009: Missing Case records
007. Medical Records Filing Systems
1. Opening Statement
The prime purpose of a Health Records Department is to bring together 3 key players - the patient, the doctor / healthcare professional and the case record i.e. have the right case records in the right place at the right time.
Whichever filing system is used, it is imperative that case records are filed accurately as a great deal of time can be wasted searching for mis-filed records.
Failure to produce the case record can result in:
- past medical history being unavailable;
- refusal/delay by Consultant to see patient;
- cancellation of procedure;
- distress to patient/relative;
- increase in clinical risk.
2. Filing System
Describe local filing procedure for each records collection, e.g. terminal digit, alphabetical etc.
3. Case records Storage Systems
Describe the various storage systems in use throughout the Board including secondary storage/off-site storage and other media.
4. Electronic Patient Records
Describe local procedures for accessing /indexing documentation and retrieval of records.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 008: Case record Tracking / Tracering
Policy 002: Confidentiality/Security and the Release and Management of Information
Policy 001: Retention, Destruction and Archiving of Health Records
Local Moving & Handling policy
008. Case record Tracking / Tracering
1. Opening Statement
When case records are removed from the filing system or given from one person to another the chart tracking system is updated. Failure to update the chart tracking system as case records are removed from file or change location may result in case records not being available when required.
2. General Principle
Describe general principle for updating the chart tracking system including the accountability for each staff group in the patient process. E.g. Health records, ward clerks, medical secretaries etc.
3. Process for Confirming Case records Back into Current File
Local procedure i.e. medical records staff only re filing into current filing area
4. Computer System Downtime
Describe local procedures which are put into place i.e. manual tracers, registers etc
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 007 : Medical Records Filing Systems
Policy 004 : Transportation of Health Records within and outwith Organisation Boundaries
009. Missing Case records
1. Opening Statement
Health Records staff are responsible for ensuring that all patients' case records are available for any attendance or admission the patient may have at hospital. In addition to this, case records require to be obtained timeously for a number of administrative processes.
2. Chart Tracking History
Describe steps taken to obtain history, e.g. checking last and previous locations chart tracking system.
3. Procedure for Obtaining Missing Case records
List steps i.e. search shelves, clinic bundles (not tracked), secretaries offices etc.
4. Escalating Problem if Case records Cannot be Found
Local procedure e.g.. passed to Supervisor, Issue of Temporary Folder.
5. Case record Located
Local procedure i.e. original documentation amalgamated, copies shredded, update tracking system.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
POLICY 006: Temporary and Duplicate Case records
011. Splitting of Voluminous Case record Folders
1. Opening Statement
When the documentation relating to a patient can no longer be securely filed in one volume, a second volume is created to hold the overflow. Some patients may require a third or fourth volume in order to keep the notes manageable.
2. Numbering
Outline your local procedure for numbering each volume.
3. Procedure for Splitting Case records
List contents of each volume.
Culling and Retention Procedure.
Outline your local Tracking procedure.
Describe process for labelling closed records.
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
Policy 007 : Medical Records Filing Systems
Policy 008: Case record Tracking / Tracering
Policy 001: Retention, Destruction and archiving of Health Records
013. Searching and Updating Patient Demographic Data In The Master Patient Index
1. Opening Statement
The Master Patient Index is an alphabetical key to records which are filed numerically. It allows patient search, amendment to patient demographics and registration of new patients creating a departmental patient identification number which is linked to the Community Health Index number as the unique patient identifier. It can be kept on a computerised patient administration system or on a manual card system.
2. Information Held on Master Patient Index
List demographic data held on MPI, e.g. date of birth, name, post code, CHI number, GP etc.
3. Search and Registration Techniques
Describe local search procedures e.g.:
- full patient demographics, surname, forename, date of birth, name, sex, CHI etc;
- DOB only;
- homonyms / alias;
- combination of patient demographics, e.g. surname and postcode or name and CHI etc.
4. Maintenance of Master Patient Index
Describe procedures for updating the Master Patient Index, e.g. change of patient demographic details, recording deaths etc.
5. Unknown Patients
Describe procedures for registration of unknown patients.
6. Data Quality
List mandatory fields
Process for duplicate checking
Process for notification of duplicates
Accountable officer
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
015. Filing of Loose Documentation
1. Opening Statement
During the course of a patients' treatment within the hospital, many documents and reports are produced by the various clinical and laboratory departments concerned with the patients' care. These documents and reports arrive at a variety of destinations within the hospital. Health Records, ward clerks and medical secretarial staff are responsible for ensuring loose documentation is timeously and correctly filed within the Health Record folder.
2. Health Records Department
Describe procedures and accountability for loose documentation
3. Medical Secretarial Level
Describe procedures and accountability for loose documentation
4. Ward Level
Describe procedures and accountability for loose documentation
5. Accident and Emergency
Describe procedures and accountability for loose documentation
Definition of Terms & Acronyms
Reference (National/local guidelines, standards and legislation)
Links (related policies and guidance) can also include web links if applicable
« Previous | Contents | Next »