1. Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24. Further Guidance and useful links DH: Confidentiality NHS Code of Practice DH: Records Management NHS Code of Practice The Data Protection Act 1998 The Freedom of Information Act 2000 The IG Policy Team Website Records Management Roadmap The Department of Health website Information Commissioners Office website (more information and guidance on FOI and DPA)
Editor's Notes
Welcome to the Introduction to the ‘Records Management and the NHS Code of Practice’ training module produced by the Information Governance Policy Team of NHS Connecting for Health. This module is intended for any member of staff who is required to handle information of any form and in any way. It will highlight good practice defined in the Records Management NHS Code of Practice and raise awareness of your responsibilities, as NHS staff, regarding records management.
The Key Learning points for this module are: What is Records Management? What is a Record? Who is responsible for records? The Records Management NHS Code of Practice Benefits of records and records management The Records Lifecycle
What is Records Management? Records management is a process for the systematic management of all records and the information or data that they contain Traditionally records were held in paper format but are now held increasingly within electronic systems. Consideration is needed to the management of both paper and electronic records
Records are the outputs that document each and every organisation's activity and note details about its patients, members of staff and all its external contacts. They are the organisation’s memory which provide evidence of all transactions, decisions and events which may be needed to be proven or recalled in the future.
Examples of Records include: Health records (whether electronic or paper based) X-ray and imaging reports, output and images Administrative records (for example: HR, estates, financial, complaints records) Photographs, slides, and other images Microfilm Audio and video tapes, cassettes, CD-ROM Diaries E-mails, text messages
All individuals who work for an NHS organisation are responsible for any records which they create or use in the performance of their duties. Furthermore, any record that an individual creates is a public record.
In order to assist organisations in keeping high standards across England the Department of Health produced the Records Management: NHS Code of Practice guidance. This was published in April 2006, as a guide to the required standards of practice in the management of records and is based on current legal requirements and professional best practice. A full copy of the Code can be found on the Department of Health website.
The Code of Practice draws on advice and guidance from the Department for Constitutional Affairs and The National Archives. It replaces previous Health Services Circular guidance contained in: For the Record; Preservation, Retention and Destruction of GP Records; and Using Electronic Patients Records in Hospitals
The guidance aims to : Establish a Records Management framework for the creation, use, storage, management and disposal of all NHS records To clarify the legal obligations that apply to NHS records T o detail the actions required to fulfil these obligations To explain the requirement to select records for permanent preservation T o set out recommended minimum periods for retention of all types of NHS records, regardless of the media on which they are held T o indicate where further information on records management may be found
Records are a valuable resource because – not only do they support: Patient care & evidence-based clinical practice Administrative & managerial decision making The meeting of legal requirements eg Data Protection and Freedom of Information Acts Clinical and other types of audits Patient choice and control over treatment
Records Management: Makes better use of physical and electronic space Better use of staff time when requesting and retrieving records Improves control of valuable information resources Ensures compliance with legislation and standards And all this can reduce costs
Any record created by an individual, up to its disposal, is a public record and subject to Information requests under the Freedom of Information and Data Protection Acts. It is, therefore, imperative that records are closely monitored and managed throughout their Life Cycle: Creation - Create and record accurate, complete information Use - Handle in accordance with the Data Protection Act Retention – After closure, keep and maintain in line with recommended Retention periods Appraisal - Determine whether records are worthy of permanent archival preservation (eg Hospital and University libraries, The National Archives etc) Disposal - Dispose of securely in line with national guidelines.
All departments of the organisation must document all activities and ensure records are accurate, complete and easy to locate and retrieve Records must be both Credible and Authoritative
The Code advises that Managers must ensure that their staff are adequately trained in Records Management and be fully aware of their responsibilities regarding: What to record How to record Why to record … and importantly, how to validate & update records
Like most large organisations, the NHS collects, stores and uses a vast amount of information, both health and non - health related. The need to know what information is being produced, where this is kept and how this is being used is a crucial component of information governance. Establishing an organisational records inventory is a good way to proactively and consistently manage information; it will ensure that information is available at the point of need and will help organisations meet their legal and statutory obligations. It will also make it easier for organisations to: Comply with the NHS Codes of Practice for Records, Data Protection and Confidentiality requirements Respond to Freedom of Information or legal requests for information. Locate and collate evidence for audit and assessment purposes, e.g. CNST (Clinical Negligence Scheme for Trusts) and RPST (Risk Pooling Schemes for Trusts) of the NHS Litigation Authority, the Information Governance Toolkit of NHS Connecting for Health and Department of Health, and Standards for Better Health required by the Healthcare Commission. Model survey forms are available on the Records Management Roadmap webpage on the Information Governance Policy Team website.
It is recognised that compiling a complete information inventory for organisations, even small organisations, is not an easy task, given the range, volume, multiplicity of locations, people and media involved in creating, reproducing, using and storing records, it may even seem to be impossible. What is certain is that, for most organisations, this will be a gradual process and one that, to succeed, will depend upon good organisation at the onset and the ongoing commitment and support of all staff. One way of compiling the inventory is to do this in easy steps or stages. This will allow the organisation to target specific types of records over a period of time until all records have been targeted. The stepped approach on this slide is further explained in the Record Management Roadmap
The movement and location of records should be controlled to ensure that a record can be easily retrieved at any time and maintain an auditable trail of record transactions Storage accommodation for current records should be clean and tidy, should prevent damage to records and provide a safe working environment for staff. Stores should be secure from unauthorised access, fire, flood etc and allow accessibility commensurate with the frequency of use. When paper records are no longer required for the conduct of current business, their placement in a designated secondary storage area may be a more economical and efficient way to store them. And finally, a contingency or business continuity plan should be in place to provide protection for all types of records that are vital to the continued function of the organisation.
For reasons of business efficiency or to address shortages of storage space, organisations should consider the option of electronically scanning non-current paper records.
However, there are several factors to bear in mind when considering scanning paper records. These include The costs of initial and later media conversion (remember the floppy disk! – can your PC access them?) Consult with The National Archives or local Place of Deposit to ascertain whether any paper records have an archival value in their current format Protect the evidential value by following BIP 0008 which provides standards governing the legal admissibility of electronically stored records.
There are a range of statutory provisions that limit the disclosure of certain records, even to the police, fellow NHS staff, relatives etc. These include: Freedom of Information Act 2000 Data Protection Act 1998 The Abortion Regulations 1991 Crime and Disorder Act 1998 Public Records Act 1958
If you have any concerns regarding the disclosure or transfer of records to patients, staff or outside agencies, contact your representatives, as appropriate: This could be your: Caldicott Guardian; Information Security Officer; Data Protection Officer; Health Records Manager; or Records Manager. Some of these roles may not necessarily be referred to in these terms, but the responsibilities would have been delegated, so it is just a matter of finding out who you need to contact.
All organisations should have Record Retention and Disposal policies to ensure records are annually selected for: Secondary storage (for example, off-site or scanned) Permanent archival preservation Destruction Retentions periods can be as little as several months or for up to 30 years Detailed guidance on retention periods for a full range of NHS records, both health and different types of business and corporate records, can be found in part 2 of the Records Management NHS Code of Practice.
Finally, if the records are not required for preservation then the: Records must be destroyed in a secure environment to ensure against accidental loss or disclosure If external contractors are used they must abide by Confidentiality Agreements and provide proof of destruction The organisation must maintain a register of the destruction of records