Records Management and

Life CyclePolicy

Recommended by / Information Governance Management Group
Approved by / Trust Board
Approval Date / 12.01.2015
Version Number / 1.5
Review Date / January 2017
Responsible Executive Director / Director of Quality
Responsible Manager / Head of Informatics
For use by / All Trust Employees

Change Control Form

Version / Date of Change / Date of release / Changed by / Reason for change
1.0 / 24.03.2009 / 26.03.2009 / Maria Kane / Creation of Document
1.1 / 29.03.2010 / 30.03.2010 / Maria Kane / Trust Board Approval
1.2 / 28.11.2011 / 30.06.2012 / Kehinde Okesola / Trust Board Approval
1.3 / 19.03.2012 / 10.07.2012 / Chris Gresty / Reapproval
1.4 / 06.06.13 / 16/01/2014 / Joanne Moran / Pg.10 section 5.5 Records Manger has been amended to IG Manager. Section 5.6 Health Records Manager has been amended to Clinical Records Manager.
Appendix A D094 Records Retention schedule has been added.
1.5 / Nov 2014 / 12/01/2015 / Amended and updated to replace the Responsible Director from Director of IM&T to Director of Quality also the removal of Assistant Director of Health Informatics and replaced with Head of Informatics

RECORDS MANAGEMENT AND LIFECYCLE POLICY

Contents

1.Introduction

2.Scope and Definitions

3.Five steps to Records and Document Management

4.Aims of our Records Management System

5.Roles and Responsibilities

6.Legal and Professional Obligations

7.Security & Confidentiality

8.Registration of Record Collections

10. Storage and Archiving

11.Scanning

12.Retention and Disposal Schedules

13. Method of Destruction

14.Records Management Systems Audit

15.Training

16.Review

Appendix A – Examples of Records Retention Schedule

NWAS Records Management and Lifecycle Policy / Page: / Page 1 of 25
Author: / Head of Informatics / Version: / 1.5
Date of Approval: / 12.01.2015 / Status: / Final
Date of Issue: / 12.01.2015 / Date of Review / January 2017

1.Introduction

1.1Records Management is the process by which the organisation manages all the aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through their lifecycle to their eventual disposal.

1.2The Records Management: NHS Code of Practice has been published by the Department of Health as a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.

1.3The Trust’s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision-making, protect the interests of the Trust and the rights of patients, staff and members of the public. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways.

1.4The Trust Board has adopted this Records Management and Life Cycle Policy and is committed to ongoing improvement of its records management functions as it believes that it will gain a number of organisational benefits from so doing. These include:

  • better use of physical and server space
  • better use of staff time
  • improved control of valuable information resources
  • compliance with legislation and standards
  • reduced costs

1.5The Trust also believes that its internal management processes will be improved by the greater availability of information that will accrue by the recognition of records management as a distinct corporate function.

1.6This document sets out a framework within which staff responsible for managing the Trust’s records can develop specific procedures to ensure that records are managed and controlled effectively, and at best value, commensurate with legal, operational and information needs.

1.7This policy document should be read in conjunction with the Trust’s Records Management Strategy which sets out how the policy requirements will be delivered and the Trust’s Health and Corporate Records Retention Procedure which provides guidance on the retention period of records as set out by the NHS Code of Practice: Records Management.

2.Scope and Definitions

2.1This policy relates to all clinical and non-clinical operational records held in any format by the Trust. These include:

  • all administrative records (e.g. personnel, estates, financial and accounting records, notes associated with complaints,meeting papers,computerised and scanned records, text messages and emails)
  • all patient health records (e.g. patient report forms, capacity to consent forms, diagnosis of death forms, vulnerable child forms, ATF forms)

2.2‘Records Management’ is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are:

  • record creation
  • record keeping
  • record maintenance (including tracking of record movements)
  • access and disclosure
  • closure and transfer
  • appraisal
  • archiving
  • disposal

2.3The term ‘record life cycle’ describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation.

2.4In this policy, ‘records’ are defined as ‘recorded information, in any form, created or received and maintained by the Trust in the transaction of its business or conduct of affairs and kept as evidence of such activity’.

2.5‘Information’ is a corporate asset. The Trust’s records are important sources of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.

3.Five steps to Records and Document Management

3.1The effective management of records and documents can be broken down into five stages, as provided below and which are discussed in more detail later in this section:

  1. Create a document/record
  2. Name the document/record
  3. Save in an appropriate location
  4. Decide on document/record properties
  5. Decide how long to keep the document/record.

3.2Creating a document

3.2.1Each department should have in place an adequate system for documenting its activities. Records of business activity should be complete enough to:

  • Facilitate an audit or examination of the business by anyone so authorised, for example external auditors.
  • Protect the legal and other rights of the Trust, its patients, staff and any other person affected by its actions.
  • Provide authenticity of the records so that the evidence derived from them is shown to be credible and authoritative.

3.2.2 All records must be:

  • factual, consistent and accurate
  • written clearly with version control
  • be objective and polite
  • Created to comply with the Trust style guide which is available on the staff intranet and where available, staff should make use of standard templates.

3.2.3In addition, records should not include abbreviations (unless officially accepted), jargon, meaningless phrases, irrelevant speculation oroffensive, subjective statements.

3.3Naming a document

3.3.1Naming conventions are standard rules to be used for naming both documents andelectronic folders and are used primarily to make them easier to find. Files should benamed using the following basic convention:

  • The file name of an electronic document should facilitate simple location of the document; both using manual and automated search processes
  • The status of the document should be clearly stated within the file name, with draft versions being acknowledged with the use of the prefix ‘X’ (e.g. X.1, X.2 etc). Further information on the allocation of version numbers can be found in the Trust’s Policy for the Development and Management of Strategy, Policy and Procedural Documents
  • If the document was submitted to a Committee etc, the name of the body should be included, where appropriate, within the file name
  • the footer sections of reports should be completed fully
  • final versions of documents should be saved as ‘read only’ or consideration given to converting the final document to .pdf format
  • manual filing systems should comply, as far as is practicable, with the naming conventions provided above

4.Aims of our Records Management System

4.1The aims of our Records Management System are to ensure that:

  • records are available when needed - from which the Trust is able to form a reconstruction of activities or events that have taken place;
  • records can be accessed - records and the information within them can be located and displayed in a way consistent with its initial use, and that the current version is identified where multiple versions exist;
  • records can be interpreted - the context of the record can be interpreted: who created or added to the record and when, during which business process, and how the record is related to other records;
  • records can be trusted – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated;
  • records can be maintained through time – the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format;
  • records are secure - from unauthorised or inadvertent alteration or erasure, that access and disclosure are properly controlled and audit trails will track all use and changes. To ensure that records are held in a robust format which remains readable for as long as records are required;
  • records are retained and disposed of appropriately - using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value; and
  • staff are trained - so that all staff are made aware of their responsibilities for record-keeping and record management.

5.Roles and Responsibilities

Chief Executive

5.1The Chief Executive has overall responsibility for records management in the Trust. As the accountable officer,he is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required.

5.2The Trust has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.

Caldicott Guardian

5.3The Trust’s Caldicott Guardian has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner ensuring the following 7 Caldicott principles are followed:

  • The purpose of using confidential information must be justified.
  • Confidential information must only be used when absolutely necessary.
  • Only the minimum information necessary to achieve the purpose should be used.
  • Access to confidential information must be on a strict need-to-know basis.
  • Everyone accessing confidential information must understand his or her responsibilities.
  • Everyone accessing confidential information must comply with the law.
  • The duty to share information can be as important as the duty to protect patient confidentiality. Health and Social Care professionals should have the confidence to share information in the best interest of their patients within the framework set out by these principles.

5.4This includes agreeing, monitoring and reviewing the protocols governing the use of personal identifiable information across organisational boundaries and if applicable research purposes.

All Staff should also refer to the Trust’s Information Security Policy.

Records Manager

5.5The Information Governance Manager is responsible for ensuring that this policy is implemented, through the Records Management Strategy, and that the records management system and processes are developed, co-ordinated and monitored.

Clinical Records Manager

5.6The Clinical Records Manger is responsible for the overall development and maintenance of health records management practices throughout the Trust, in particular for drawing up guidance for good records management practice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of patient information.

Local record managers

5.7The responsibility for local records management is devolved to the relevant directors, directorate managers and department managers. Heads of Departments, other units and business functions within the Trust have overall responsibility for the management of records generated by their activities, i.e. for ensuring that records controlled within their unit are managed in a way which meets the aims of the Trust’s records management policies.

All Staff

5.8All Trust staff, whether clinical or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work in the Trust and manage those records in keeping with this policy and with any guidance subsequently produced.

6.Legal and Professional Obligations

6.1All NHS records are public records under the Public Records Act. The Trust will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular:

  • The Public Records Act 1958;
  • The Data Protection Act 1998;
  • The Freedom of Information Act 2000;
  • The Common Law Duty of Confidentiality; and
  • The NHS Confidentiality Code of Practice
  • Information Security Management: NHS Code of Practice

And any new legislation affecting records management as it arises. Including Trust Policies and Procedures;

  • Policy on the Security Classification of Documents
  • Destruction of Confidential Information

7.Security & Confidentiality

7.1The Trust will comply with the six Caldicott principles, which govern the access and use of confidential information; the NHS ConfidentialityCode of Practice; the requirements of the Data Protection Act 1998; and Trust’s Data Protection, Caldicott & Confidentiality Policy and Procedures and Information Sharing Agreement Procedures

8.Registration of Record Collections

8.1The Trust will establish and maintain mechanisms through which departments and other units can register the records they are maintaining. The inventory of record collections will facilitate:

  • The classification of records into series; and
  • The recording of the responsibility of individuals creating records.
  • The register will be reviewed annually.

9. Deciding how long to keep the document

9.1Information should only be kept as long as absolutely necessary. This

includesdeleting:

  • Unnecessary duplicates of final documents.
  • Working copies which are no longer required.
  • Documents which have no continuing value
  • Information includes email which should be deleted on a regular basis.

9.2In all cases, good housekeeping of both shared and personal drives is essential to maintaining long-term viability. The Trust is only responsible for the retention of its own original documents.

9.3Key questions to consider when considering destroying a document:

  • Is this the one and only paper document, who was the author and is there an electronic copy?
  • Are we obliged to keep under the Record Management NHS Code of Practice2006?

10. Storage and Archiving

10.1For legal and practical reasons records should be stored securely until minimum retention periods have expired, but no longer than required to support the business needs of the Trust

10.2New records are being created all the time, but suitable and secure storage and archiving is resource limited and therefore must be properly managed. Access to records, in any format, should be restricted to designated staff only.

10.3All Confidential paper records should be kept in a locked cupboard or locked filing cabinet, and the room should be locked when not in use.

10.4Records should be indexed to facilitate record location.

10.5All archived records must be if in paper format sorted, weeded and placed in archive boxes marked with the contents, department and review date. And transferred to an appropriate and Trust approved storage company/site.

10.6Any records in electronic format must either be placed onto a server or archived to disc and placed in a secure box marked with contents, department, and review date. And either stored in a lockable room with access restrictions to staff or transferred to an appropriate and Trust approved storage company/site.

10.7All movements of paper records should be tracked, preferably electronically. Tracking Information should include reference details of the document i.e.

  • the title of the document,
  • current date,
  • the name of person who has withdrawn the record
  • Contact details of the person/department to which the record has been sent.

10.8If a record cannot be located at its tracked location, form F089 – IT Security Notification form must be completed. This form can be found on the Trust intranet/IT Support Request Forms.

10.9This will then be investigated and logged on the Trust Datix system for reporting to the Information Governance Management Groupand for future audit purposes.

10.10 A serious breach of security e.g. major theft or fire must be managed in accordance with the same form in relation to it being a Serious Untoward Incident.

10.11Records no longer required for active use must be returned to the storage area in a timely and secure fashion. Record storage areas and all areas where records are used (e.g. administrative areas, ambulance stations, stores, fleet care etc) should be compliant with Health & Safety and Fire Safety regulations and be kept clean and tidy. Reasonable measures must be taken to prevent flood or other damage.

10.12Designated record storage areas should be restricted and not be used for the storage of any other items other than records being stored or awaiting to be sent off site for storage.

For records stored on-site, they must be kept in a lockable cabinet or secure storage area again with restricted access.

10.13Original paper health records will not be sent to individuals outside the Trust without the permission of the Caldicott Guardian, Head of Informatics and Information Governance Manager.

11.Scanning

11.1For reasons of business efficiency, or in order to address

problems with storage, consideration should be given of the option of scanning into electronic format, records which currently exist in paper format.