Scottish Government Records Management: NHS Code of Practice (Scotland) Version 2.0

SECTION 3 - NHS RECORDS MANAGEMENT AND INFORMATION LIFECYCLE

25. Records and information are considered to have a "lifecycle" from creation or receipt in the organisation, throughout the period of its 'active' use, then into the period of 'inactive' retention, (such as closed files which may still be required occasionally) and then finally to either confidential disposal or (for a very small proportion) permanent preservation in an archival facility.

26. A similar "information lifecycle" approach applies to managing the flow of an information system's data and associated metadata from creation and initial storage to the time when it becomes obsolete and is deleted.

Roles and Responsibilities for Records Management and Organisational Responsibility

27. The records management function should be recognised as a specific corporate responsibility within every NHS organisation. It should provide a managerial focus for records of all types in all formats, including electronic records, throughout their life cycle, from planning and creation through to ultimate disposal. It should have clearly defined responsibilities and objectives, and necessary resources to achieve them.

28. Designated members of staff of appropriate seniority ( i.e. Board level or reporting directly to a Board member) should have lead responsibility for corporate and health records management within the organisation. The model within each Health Board may differ dependent on local accountability. This lead role should be formally acknowledged and made widely known throughout the organisation.

29. The manager, or managers, responsible for the records management function should be directly accountable to, or work in close association with the manager or managers responsible for Freedom of Information, Data Protection and other information governance issues as well as the Medical Director who is operationally accountable for the quality of clinical information contained within personal health records in the organisation.

30.

Roles

The NHS Board: is responsible for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.

The Chief Executive: has overall responsibility for records management in the NHS Board. As accountable officer he /she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records Management is key to this as it will ensure appropriate, accurate information is available whenever required.

The Caldicott Guardian: has a particular responsibility for reflecting patients' interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.

The Health Records Manager: is responsible for the overall development and maintenance of health records management practices throughout the organisation. They have particular responsibility for drafting guidance to support good records management practice in relation to clinical records and for promoting compliance with this Records Management - Code of Practice, in such a way as to ensure the efficient, safe, appropriate and timely retrieval of patient information.

The Corporate Records Manager: is responsible for the overall development and maintenance of corporate and administrative records management practices throughout the organisation. They have particular responsibility for drafting guidance to support good records management practice (other than for clinical records) and for promoting compliance with this Records Management - Code of Practice.

Local Records Management Co-ordinators: The responsibility for records management at directorate or departmental level is devolved to the relevant directors, directorate and departmental managers. Senior managers of units and business functions within the NHS Board have overall responsibility for the management of records generated by their activities in compliance with the NHS Board's records management policy. Local Records Management Co-ordinators may be designated to support the Health and Corporate Records Manager(s) to oversee local implementation and compliance.

All Staff:

All NHS staff , whether clinical or administrative, who create, receive and use documents and records have records management responsibilities. All staff must ensure that they keep appropriate records of their work and manage those records in keeping with the Records Management -Code of Practice and the relevant policies and guidance within their Board.

Training

31. All staff, whether clinical or administrative, must be appropriately trained so that they are fully aware of their personal responsibilities as individuals with respect to record keeping and management, and that they are competent to carry out their designated duties. This should include training for staff in the use of electronic records systems. It should be done through both generic and specific training programmes, complemented by organisational policies and procedures and guidance documentation. For example, Health Records Managers who have lead responsibility for personal health records and the operational processes associated with the provision of a comprehensive health record service should have up-to-date knowledge of, or access to expert advice on, the laws, guidelines, standards and best practice relating to records management and informatics.

Policy and Strategy

32. Each NHS organisation should have in place an overall policy statement, endorsed by the Board and made readily available to staff at all levels of the organisation on induction and through regular update training, on how it manages all of its records, including electronic records

33. The policy statement should provide a mandate for the performance of all records and information management functions. In particular, it should set out an organisation's commitment to create, keep and manage records and document its principal activities in this respect.

34. The policy should also:

• outline the purpose of records management within the organisation, and its relationship to the organisation's overall strategy;
• define roles and responsibilities within the organisation including the responsibility of individual NHS staff to document their actions and decisions in the organisation's records, and to dispose of records appropriately when they are no longer required;
• define roles, responsibilities and procedure for safe transfer, storage or confidential disposal of records when staff leave an organisation, or when NHS Board premises are being decommissioned;
• define the process of managing records throughout their life cycle, from their creation, usage, maintenance and storage to their ultimate destruction or permanent preservation;
• provide a framework for supporting standards, procedures and guidelines; and
• indicate the way in which compliance with the policy and its supporting standards, procedures and guidelines will be monitored and maintained.

35. The policy statement should be reviewed at regular intervals (a minimum of once every 3 years or sooner if new legislation, codes of practice or national standards are introduced) and, if appropriate, it should be amended to maintain its currency and relevance.

Record Creation

36. Each operational unit (for example Finance, Estates and Facilities, eHealth, Human Resources, Direct Patient Care) of an NHS organisation should have in place procedures for documenting its activities. This process should take into account the legislative and regulatory environment in which the unit operates.

37. Records of operational activities should be complete and accurate in order to allow employees and their successors to undertake appropriate actions in the context of their responsibilities, to facilitate an audit or examination of the organisation by anyone so authorised, to protect the legal and other rights of the organisation, its patients, staff and any other people affected by its actions, and provide authenticity of the records so that the evidence derived from them is shown to be credible and authoritative. Appropriate version control arrangements that support the management of multiple revisions to the same document should be in place.

38. Records created by the organisation should be arranged in a record-keeping system that will enable the organisation to obtain the maximum benefit from the quick and easy retrieval of information while having regard to security.

39. Not all documents created or received by NHS employees in the course of their work need to be held in the record-keeping system. For example, most emails are of only passing value and can be deleted as soon as they have been read or actioned. (emails, which contain significant information or instructions, should be retained as appropriate within the record-keeping system.) Many circulars and routine correspondence can be destroyed once read.

Record Keeping

40. Implementing and maintaining an effective records management service depends on knowledge of what records are held, where they are stored, who manages them, in what form(s) they are made accessible, and their relationship to organisational functions ( e.g. Finance, Estates, IT, Direct Patient Care). An information survey or record audit is essential to meeting this requirement. The survey will provide a description of the record collection along with its location and details of the responsible manager. This helps to promote control over the records, and provides valuable data for developing records appraisal and disposal policies and procedures.

41. Paper and electronic record keeping systems should contain descriptive and technical documentation to enable the system to be operated efficiently and the records held in the system to be understood. The documentation should provide an administrative context for effective management of the records.

42. The record keeping system, whether paper or electronic, should include a documented set of rules for referencing, titling, indexing and, if appropriate, the protective marking of records. These should be easily understood to enable the efficient retrieval of information when it is needed and to maintain security and confidentiality.

43. Records should be structured within an organisation-wide corporate "Fileplan" which reflects the functions and activities of the organisations and facilitates the appropriate sharing and effective retrieval of information.

44. Where records are kept in electronic form, wherever possible they should be held within an Electronic Document and Records Management System ( EDRMS) which conforms to the standards of the European Union "Model Requirements" (MoReq). Find more details here

45. Where an EDRMS is not yet available, electronic documents should be stored on shared, network servers in a clear and meaningful folder structure. The folder structure should reflect the organisation's fileplan in the same way as paper files, which represent the functions and activities of the organisation or unit. The server should be subject to frequent back-up procedures in line with the NHS Information Security Policy. Users should apply the functionality of the relevant software to protect electronic documents against inappropriate amendment (for example, by password protecting documents.) Please note: It is almost impossible to fully protect documents in a non- EDRMS environment, or provide full audit and authenticity evidence.

Record Maintenance - Storage Archiving and Scanning

46. The NHS organisation should put in place robust procedures to manage control of access, retrieval and use of records to ensure continued integrity, reliability and authenticity of the records as well as their accessibility for the duration of their retention until the time of their ultimate disposal. The movement and location of records should be controlled to ensure that a record can be easily retrieved at any time, that any outstanding issues can be dealt with, and that there is an auditable trail of record transactions. The record-keeping system should also address the management of emails, including aspects such as the titling of emails and the handling of email attachments.

47. Storage accommodation for current paper records should be clean and tidy, allow adequate space for expansion, prevent damage to the records and provide a safe working environment for staff.

48. For records in digital format, maintenance in terms of back-up and planned migration to new platforms should be designed and scheduled to ensure continuing access to accurate, reliable and readable records.

49. Equipment used to store current records on all types of media should provide storage that is safe and secure from unauthorised access and meets health and safety and fire regulations, but which also allows maximum accessibility to the information commensurate with its frequency of use. Storage equipment should be as space-efficient as possible.

50. When paper records are no longer required for the conduct of current business, their placement in a designated secondary storage area may be a more economical and efficient way to store them. Procedures for handling records should take full account of the need to preserve important information and keep it confidential and secure. There should be policies and procedures in place for managing the lifecycles of both paper and electronic records.

51. A contingency or business continuity plan should be in place to provide protection for all types of records that are vital to the continued functioning of the organisation. Key expertise in relation to environmental hazards, assessment of risk, business continuity and other considerations is likely to rest with information security staff and their advice should be sought on these matters.

52.NHS organisations may consider the option of scanning into electronic format, records which exist in paper format, for reasons of business efficiency. Where this is proposed, the factors to be taken into account include:

• the costs of the initial and then any later media conversion to the required standard, bearing in mind the length of the retention period for which the records are required to be kept;
• the need to consult in advance with NHS archivists or the National Archives of Scotland with regard to records which may have archival value, as the value may include the form in which it was created; and
• the need to protect the evidential value of the record by copying and storing the record in accordance with British Standards, in particular the " Evidential Weight and Legal Admissibility of Information Stored Electronically" ( BIP 0008-1:2008) and the Document Scanning: Guide to Scanning Business Documents ( PD 0016:2001) which provides guidance to evaluate scanners to user requirements

53. The scanning process should be considered to have at least 4 stages to convert documents into ready to use electronic images. These are as follows:

Document preparation: Document preparation in advance of scanning is often needed, and should be taken into consideration as part of the whole process. It covers jobs such as removing staples, unfolding or unrolling, removing documents from binders and so on. There may also be a need to redo these jobs after scanning if the documents are to be retained.

Data capture: Data capture is the conversion of the document from readable format into electronic format. This is scanning but is only a part of the scanning process.

QA (Quality Assurance): At it's most basic level the QA process should check the quality of the image and verify that all documents have been scanned. Image quality is often checked on a sampling basis, perhaps checking the first and last image in a batch. The number of sheets can be compared to the number of image files produced to verify that all the documents have been scanned. Scanners with endorsing features can make this easier by marking the documents as they feed through the scanner. Test target can also be used to check that output quality of scan has been maintained by comparison with hard copy kept for this purpose.

Indexing: After the image is captured as a computer file, there needs to be a way to search for that scanned images from the computer system In effect the document needs to be filed or indexed in a database.

The way in which a document is to be retrieved in the future should be used to define the indexing data fields. Examples might be patient demographic data, an invoice or account number, or the name and address of someone who sent the letter.

The indexing of documents received from out side sources generally involves keyboard data entry. In house documents can be designed to benefit from forms processing, text recognition and bar code reading techniques to cut this indexing overhead.

54. In order to fully realise business efficiency, organisations should consider securely disposing of paper records that have been copied into electronic format and stored in accordance with appropriate standards and the need to dispose of records in accordance with the retention schedule. Advice should be sought from the organisation's Records Manager(s) or Information Governance Manager, NHS Scotland Archivists or the National Archives of Scotland. It is rarely cost-effective to retrospectively scan non-current paper records as an alternative to low-cost secondary storage.

Information Asset Register

55. Each NHS organisation should establish and maintain an Information Asset Register. Mechanisms should be established through which departments can register records and media containing business or personal identifiable information they are maintaining. The inventory should provide a description of the record collection along with its location and details of the responsible manager. The register should be reviewed annually. Further information can be found in Records Management Guidance Note 004 here.

Records Management Systems Audit

56. The NHS organisation will regularly audit its records management practices for compliance with this Records Management - Code of Practice. Results of audits will be reported to the NHS Board through the appropriate committee.

Information Quality Assurance

57. It is important that all NHS organisations train staff appropriately and provide regular update training. Training and guidance in record-keeping appropriate to the role should be an integral part of induction and training procedures. In the context of records management and information quality, organisations need to ensure that their staff are fully trained in record creation and maintenance, including having an understanding of:

• what they are recording and how it should be recorded;
• why they are recording it;
• how to validate information with the patient or carers or against other records - so staff are recording the correct data;
• how to identify and correct errors - so that staff know how to correct errors and how to report errors if they find them;
• and the use of information - so staff understand what the records are used for (and therefore why accuracy is so important);
• how to update information and add in information from other sources.

Disclosure and Transfer of Records

58. There are a range of statutory provisions that limit, prohibit or set conditions in respect of the disclosure of records to third parties, and similarly, a range of provisions that require or permit disclosure. The key statutory requirements can be found in Annex C.

59. In particular, information relating to living individuals is covered by the principles of Data Protection and include a statutory right for individuals to access their personal data and to have factual inaccuracies corrected. The Freedom of Information (Scotland) Act 2002 confers a statutory right of access to deceased person's health records only after a period of 100 years. Notwithstanding, it may be possible to put in place mechanisms that both safeguard patient confidentiality and enable controlled access to health records of the deceased within this 100- year time limit. In general confidentiality of records particularly relating to patients, staff or students should be maintained for 75 years (100 years for minors) from the beginning of the calendar year following the date of the last entry of the record.

60. In Health Boards the Caldicott Guardian, supported by the Health Records Manager(s) and Data Protection Officer should be involved in any proposed disclosure of confidential patient information, informed by the Scottish Government Health Directorates publication 'Code of Practice on Protecting Patient Confidentiality'. This can be downloaded here. In GP surgeries, the responsibility for making decisions about disclosure ultimately rests with the GP. For patients, a leaflet has been produced by Health Rights Information Scotland ( HRIS) called 'How to see your Health Records'. It provides patients with information on how to make a subject access request to view their health records. The leaflet can be downloaded here

61. The mechanisms for transferring records from one organisation to another should also be tailored to the sensitivity of the material contained within the records and the media on which they are held. Information Security staff should be able to advise on appropriate safeguards. The NHS Scotland Information Security policy and standards sets out the requirements for the storage and transmission of corporate and personal records. More information can be found here

62. To comply with the Data Protection Act 1998, the Human Rights Act 1998 and to conform with the Caldicott principles, it is necessary to ensure data which can be linked to an individual, (either patient, client or staff member) is transported in a secure manner. Transportation methods employed must be fit for purpose and in accordance with the procedures of each individual department. A number of methods may be employed for manual and electronic records:

Manual:

• Single record envopak carriers with seals
• Multiple record envopak carriers with seals
• Non-tearable textured envelopes
• Purpose designed plastic boxes with seals
• Lockable pilot bags

Electronic:

Refer to local NHS Board policy for secure electronic transfer of data and use of mobile devices. Further information can be found here.

Docman transfer enables GP Practices to transfer all relevant scanned patient documents to the next GP Practice electronically, when a patient transfers GP Practice, and also to receive electronic patient documents for importing in to Docman. Further information can be found here.

63. Privacy marking should always be used on packages, carriers and purpose designed boxes used to transport records, documents or media containing person, identifiable information.

• 'Confidential - Clinical Information' - for all patient identifiable information of a clinical nature.
• 'Confidential - Personal Information' - for person, identifiable information which should be opened by the addressee only.

64. There are also a range of guidance documents ( e.g. the UK Information Commissioner's Use and Disclosure of Health Information) that interpret statutory requirements and there may be staff within organisations that have special expertise in, or can advise on, particular types of disclosure. In particular, organisations should be aware of the Freedom of Information (Scotland) Act 2002 Code of Practice on Records Management November 2003 (laid before the Scottish Parliament on 10th November 2003 pursuant to Section 61(6) of the Freedom of Information (Scotland) Act 2002, and prepared in consultation with the Scottish Information Commissioner and the Keeper of the Records of Scotland). See Annex C

Retention and Disposal Arrangements

65. The term retention and disposal relates to the actual processes of retention and disposal of records throughout their lifecycle ( i.e. primary storage, secondary storage, microform, scanning, summarising, archiving and confidential destruction)

66. Detailed guidance for retention and disposal of personal health records can be found in Annex D.

67. Detailed guidance for retention and disposal of administrative records can be found in Annex E.

68. It is particularly important under Freedom of Information legislation that the disposal of records - which is defined as the point in their lifecycle when they are either transferred to an archive or destroyed - is undertaken in accordance with clearly established policies which have been formally adopted by the organisation and which are enforced by properly trained and authorised staff.

69. The design of databases and other structured information management systems must include the functionality to dispose of time-expired records. Databases should be subject to regular removal of non-current records in line with the organisation's retention schedule.

70. Each NHS organisation should have a dated documented policy which has been written/reviewed within the last three years, for the retention, archiving or destruction of the organisations records in accordance with this Records Management - Code of Practice. The policy should be ratified by the Board or by an appropriately delegated committee of the Board for example the Health Records, Information Governance or Clinical Governance Committee. The schedules should cover all series of records held, in any media, and should state the agreed retention period and disposal action, including, where appropriate, an indication of those records which should be considered for archival preservation.

71. The records policy document should contain detailed guidance of the process to be followed to ensure complete clearance and removal of business documents, health records or documents containing person identifiable information whenever NHS premises are being decommissioned. Further information can be found in Records Management Guidance Note Number 008.

Appraisal of Records

72. Appraisal refers to the process of determining whether records are worthy of permanent archival preservation. This should be undertaken in consultation with the organisations own Archivist, or with a local authority or university archive where there is an existing relationship. Three NHS Boards in Scotland employ archivists: Grampian (which also provides a service to NHS Highland), Lothian and Glasgow. Each collects, lists and preserves corporate and health records of and relating to NHS organisations and predecessor bodies and institutions in their local area. Some Boards, including Tayside and Ayrshire and Arran, have made arrangements with their local archives for the storage and management of records. Alternatively advice can be sought from the National Archives of Scotland ( NAS), particularly in the case of Special Boards who should deposit archives of permanent value with the NAS as they advise.

73. Procedures should be put in place in all NHS organisations to ensure that appropriately trained personnel appraise records at the appropriate time. The purpose of this appraisal process is to ensure that the records are examined at the appropriate time to determine whether or not they are worthy of archival preservation, whether they need to be retained for a longer period as they are still in use, or whether they should be destroyed. In the majority of cases, appraisal will apply to the entire series of records and can be included in the records retention policy, rather than being conducted on individual records.

74. It is important when reviewing records that their long term historical and research value is taken in to account. Records which document the history and development of the organisation and important policy decisions, such as board or committee minutes, annual reports, policy and strategy documents and major departmental reports and investigations should be considered. In addition sample of patient files and older registers and ward journals are valuable for historical medical and social research. Note that no surviving personal health or administrative record dated 1948 or earlier should be destroyed.

75. Where there are records that have been omitted from the retention schedules, or when new types of records emerge, the Scottish Government eHealth Directorate and/or an NHS archivist should be consulted. The National Archives of Scotland can also provide advice about records requiring permanent preservation.

76. All NHS organisations must have procedures in place for recording the disposal decisions made following appraisal. An assessment of the volume and nature of records due for appraisal, the time taken to appraise records, and the risks associated with destruction or delay in appraisal will provide information to support an organisation's resource planning and workflow. The Records Manager in the NHS organisation should determine the most appropriate person(s) to carry out the appraisal in accordance with the retention schedule. This should be a Manager with appropriate seniority, training and experience who has an understanding of the subject area to which the record relates.

Record Closure

77. Records should be closed ( i.e. made inactive and transferred to secondary storage) as soon as they have ceased to be in active use other than for reference purposes. An indication that a file of paper records or folder of electronic records has been closed together with the date of closure, should be shown on the record itself as well as noted in the index or database of the files/folders. Where possible, information on the intended disposal of electronic records should be included in the metadata when the record is created.

78. The storage of closed records should follow accepted standards relating to environment, security and physical organisation of the files.

Record Disposal

79. Each organisation must have a retention/disposal policy that is based on the retention schedules referred to in paragraphs 66 and 67 of this Code of Practice. The policy should be supported by, or linked to the retention schedules, which should cover all records created, including electronic records. Schedules should be arranged based on series or collection of records and should indicate the appropriate disposal action for all records. Schedules should clearly specify the agreed retention periods, which must be based on the retention schedules referred to in paragraphs 66 and 67 of this Code of Practice, for the organisation.

80. Records selected for archival preservation and no longer in regular use by the organisation should be transferred as soon as possible to an archive. No surviving personal health or administrative record dated 1948 or earlier should be destroyed.

81. Good practice suggests that non-active records should be transferred no later than 30 years from creation of the record, with electronic records being transferred within a shorter period.

82. Records (including copies) not selected for archival preservation and which have reached the end of their administrative life should be destroyed in as secure a manner as is appropriate for the level of confidentiality or protective markings they bear. This can be undertaken on site or via an approved contractor. Confidential records should be destroyed in accordance with BSEN 15713:2009 - Secure Destruction of Confidential Material - Code of Practice. It is the responsibility of the NHS organisation to ensure that the methods used throughout the destruction process provide appropriate safeguards against the accidental loss or disclosure of the contents of the records at every stage. Accordingly, contractors should be required to sign confidentiality undertakings and to produce written certification as proof of destruction. There is a common law duty of confidence to patients and employees as well as a duty to maintain professional ethical standards of confidentiality. This duty of confidence continues even after the death of the patient or an employee or contractor has left the NHS.

83. Many NHS records, including corporate ones, contain sensitive or confidential information. It is therefore vital that confidentiality is safeguarded at every stage of the lifecycle of the record, including destruction. The methods used to destroy records must be fully effective and secure their complete illegibility. Destruction by shredding or pulping is preferable. If the hospital or NHS organisation has no immediate access to an industrial shredder there are numerous firms that can provide this service. Recycling is an alternative option but this should only be considered for non-person identifiable or non sensitive business documents, otherwise the records should be shredded before being sent for recycling. This can be done on site or via an approved contractor.

84. It is important to have destruction as well as preservation policies for electronic records. It is often helpful that an expert can retrieve deleted files in an emergency, but this ability to retrieve deleted electronic data has inherent dangers for confidential information when hardware and software is discarded. It may also jeopardise the viability of a records management programme if records that are supposedly 'destroyed' can be retrieved from the system. If hardware or software is to be discarded advice must be sought from the relevant IT Security Officer.

85. It is essential that the destruction process is documented. The following information should be recorded and preserved by the Records Manager, so that the organisation is aware of those records that have been destroyed and are therefore no longer available. Disposal schedules would constitute the basis of such a record.

• Description of record
• Reference number if applicable
• Number of records destroyed
• Date of destruction
• Who authorised destruction
• Who carried out the process
• Reason for destruction (this should refer to the retention/disposal policy)

86. Whenever patient/client records are being destroyed the relevant Master Patient Index should be updated with the date of destruction so that this is immediately known should the patient/client represent to the service or make an enquiry for access to their health records.

87. Records should not be destroyed before the end of the period stated in the Records Management - Code of Practice Annex D and E. These periods reflect the statutory time limits for legal action to be taken. Any NHS Board which ignores these minimum periods would be in breach of guidelines laid down by Scottish Government, and would run the risk of being unable to defend itself against claims for alleged medical negligence.

88. If a record due for destruction is known to be the subject of a request for information, or potential legal action, destruction should be delayed until disclosure has taken place or, if the authority has decided not to disclose the information, until the complaint and appeal provisions of the Freedom of Information (Scotland) Act have been exhausted or the legal process completed.