03 IG/18/10 (IG38/09)
Records Management Policy
Committee Approved by: Information Governance Group Date Approved
18th March 2010
Director of Corporate Services
Responsible Directorate: Corporate Services Date issued:
Version Control Sheet
Current versions of all policies can be found on NHS Kirklees internet and intranet. If printing a document, please check internet/intranet for most up-to-date version. Document Title: Document number: Author: Contributors: Version: Date of Production: Review date: Post holder responsible for revision: Primary Circulation List: Web address: Restrictions:
Records Management Policy 1 Helena Corder Terry Service, Stephen Rose 2 18 March 2010 2013 Helena Corder Appendix G None
Aims and Objectives
Scope of the Policy
Equality Impact Assessment
Implementation and Dissemination
Education and Training
Legal Framework and Evidence Base
Legislation and National Policy
Guidelines for the Management of Non-Clinical Records
Guidelines for Clinical Records and Record Keeping
NHS Kirklees retention and destruction schedule
Equality Impact Assessment tool
KCHS Records Management Group Terms of Reference
Dissemination sign off sheet and stakeholder consultation
Introduction This policy refers to the required practice in the management of records for those who create and maintain all records in the course of their work within NHS Kirklees. This policy also refers to the storage and disposal arrangements for all records held by the PCT. This version is based on current legislation and professional best practice, as standards and practice will continue to change, therefore the policy may need to be updated on a regular basis. This policy provides a framework for consistent and effective records management, for all forms of records that is based on standards and fully integrated with other key information governance work areas. NHS records are public records and under the Public Records Act 1958, Chief Executives, Directors and Senior Managers are personally accountable for Records Management. NHS Kirklees acknowledges its responsibilities under statutory legislation and guidance and is committed to fulfilling its obligations and commitments for the management of all its records. Information Governance performance assessment and management arrangements are in place to facilitate and drive forward all changes.
Aims and Objectives To continuously improve the management of records across the organisation to:
Better use physical and server space Better use of staff time Improved control of valuable information resources Compliance with legislation and standards, and Reduced costs To meet legislative requirements such as data protection, Freedom of Information.
Managers need to be able to demonstrate active progress in enabling staff to conform to the standards, identifying resource requirements and any related areas where organisational or systems changes are required. The aims of our Records Management system are to ensure that: Records are available when needed – from which the PCT is able to form a reconstruction of activities or events that have taken place. Records can be accessed – records and the information within them can be located and displayed in a way consistent with its initial use, and that the current version is identified where multiple versions exist. 1
Records can be interpreted – the context of the record can be interpreted: who created or added to the record and when, during which business process, and how the record is related to other records. Records are consistent – the format and content of any specific type of record for example agendas, terms of reference or a clinical record is consistent in terms of format and content. Records relate to the PCT conduct of business – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated. Records can be maintained through time – the qualities of availability, accessibility, interpretation and PCTworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format. Records are secure – from unauthorised or inadvertent alteration or erasure, that access and disclosure are properly controlled and audit trails will track all use and changes. To ensure that records are held in a robust format which remains readable for as long as records are required. Records are retained and disposed of appropriately – using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value; and Staff are trained – so that all staff are made aware of their responsibilities for record keeping and record management. 3
Scope of the Policy It is the responsibility of all staff including those on temporary or honorary contracts, pool staff and students to comply with this policy. The policy relates to all clinical and non-clinical operational records held in any format by the PCT. These include: All administrative records (e.g. personnel, estates, financial and accounting records, notes associated with complaints and investigations, formal meetings (Board and Board sub committees) that lead to decision making or procurement processes which could result in formal challenge All patient health records (for all specialities and including private patients, including x-ray and imaging reports, registers, etc). To maintain the integrity of patient data and comply with the Data Protection Act 1998. Records management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, 2
filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the PCT and preserving an appropriate historical record. The key components of records management are:
Record creation Record keeping Record maintenance (including tracking of record movements) Access and disclosure Closure and transfer Appraisal Archiving, and Disposal
The term „Records Life Cycle’ describes the life of a record from its creation/receipt through the period of its „active‟ use, then into a period of „inactive‟ retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation. In this policy, records are defined as „recorded information, in any form, created or received and maintained by the PCT in the transaction of its business or conduct of affairs and kept as evidence of such activity’. Information is a corporate asset. The PCT‟s records are important sources of administrative, evidential and historical information. They are vital to the PCT to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures. 4 Accountability 4.1 Management and Organisational Responsibility The records management function is part of the corporate services directorate within NHS Kirklees and the governance team within KCHS and provides a managerial focus for records of all types in all formats, including electronic records, throughout their life cycle, from planning and creation through to ultimate disposal. Designated members of staff of appropriate seniority have lead responsibility for records management within their area of work although every staff member also have an intrinsic responsibility for records organisation. It is essential that all health care professionals who make entries into clinical/care records do so inline with PCT policy and the professional code of practice issued by their professional body.
Governance Committee The Governance Committee is the Board sub committee with responsibility for providing assurance to the Board that the PCT has in place sound systems and processes for the management of records and compliance with legislation and that any associated risks are being effectively managed.
Information Governance Group will take the lead on development, implementation and monitoring of records management policy and operational risk management providing regular reports to the governance committee that enable them to provide assurance to the Board. 4.2.1 Information Governance Group Information governance management across the organisation will be co-ordinated by the Information Governance Group. The responsibilities of the Information Governance subgroup include (but are not limited to): ď‚§ Recommending for approval by the PCT Board and/or delegated related policies and procedures. ď‚§ Recommending for approval to the Governance Committee the annual submission of compliance with requirements in the Information Governance Toolkit and related work programme. ď‚§ To co-ordinate and monitor the Information Governance Strategy across the organisation.
Managerial Accountability and Responsibility
4.3.1 Chief Executive The Chief Executive has overall accountability for records management in the PCT. As the accountable officer the CE is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required. The PCT has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.
4.3.2 Director of Corporate Services
The Director of Corporate Services has organisational responsibility for all aspects of Information Governance, including the responsibility for ensuring the PCT has appropriate systems and policies in place to maintain the effectiveness of the records management system within the organisation. 4.3.3 Senior Information Risk Officer (SIRO) The SIRO has organisational responsibility for Information Risk within the organisation. The Director of Corporate Services is nominated as the SIRO for the PCT. 4.3.4
Information Asset Owners (IAO’s) The IAO are senior managers of Assistant Director level or above with responsibility for Information Assets within the organisation.
4.3.5 Senior managers Senior managers are responsible for ensuring that they and their staff are adequately trained, and are familiar with the content of the Records Management Policy. 4.3.6 Caldicott Guardian The PCT‟s Caldicott Guardian has a particular responsibility for reflecting patients‟ interests regarding the use of patient identifiable information is shared in an appropriate and secure manner. The PCT’s Caldicott Guardian is the Director of Patient Care and Professions. 4.3.7 Individual Service Managers/Coordinators Individual service managers/co-ordinators are responsible for: Reviewing/adopting tracking and registration systems for appropriate records Ensuring that clinical records are bound and stored so that loss of documents is minimised Ensuring semi-current records are archived in appropriate, secure areas Ensuring that there is a mechanism for identifying records which must be kept for permanent preservation Ensuring all staff who create and maintain records meet the minimum training requirements for Records Management, Data Protection, Freedom of Information Act Ensuring that all records are stored securely in accordance with this policy Ensure all staff attend records management training 4.3.8 Individual Responsibility Under the Public Record Act all NHS employees have a degree of responsibility for any records that they create or maintain. This responsibility is established at, and defined by, the law. Individuals are also bound by their own professional Codes of Conduct. 5
Everyone working for or with the NHS, who records, handles, stores or otherwise comes across information, has a personal common law duty of confidence. The Data Protection Act 1998 now places statutory restrictions on the use of personal information, including health information. Person identifiable information relating to a patient should not be kept longer than is necessary for that purpose. Person identifiable information may not be passed on to others without the individual patient‟s consent except as permitted, or if required by law. 4.3.9 KCHS Records Management Group The KCHS Records Management Group is responsible for ensuring that this policy is implemented, and that the records management system and processes are developed, co-ordinated and monitored. The Terms of Reference for this group can be found in Appendix E. The group assure quality and all activity codes in SystmOne and approve changes to code lists; to quality assure all clinical templates and approve changes to templates and new templates; to approve the use of Read codes. 4.3.10 The Assistant Director of Corporate Services and Risk, NHS Kirklees and the Head of Governance - KCHS The Head of Corporate Services and Risk, NHS Kirklees and the Head of Governance KCHS have overall responsibility for the development and maintenance of records management practices throughout the PCT, in particular for drawing up guidance for good records management practice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of patient information. 4.3.11 Local record management leads The responsibility for day to day records management is devolved to the relevant directors, directorate managers and department managers. Each directorate within the PCT has overall responsibility for the management of records generated by their activities, ie for ensuring that records controlled within their unit are managed in a way which meets the requirements of the PCT‟s records management policies and legislative framework.
Legal and Professional Obligations All NHS records are Public Records under the Public Records Act. The PCT will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular:
The Public Records Act 1958 The Data Protection Act 1998 The Freedom of Information Act 2000 The Common Law Duty of Confidentiality; and 6
The NHS Confidentiality Code of Practice The Information Security Code of Practice And any new legislation affecting records management as it arises.
4.5 Best Practices in Records Management The Public Record Office has published a Records Management Standard which states that: „A systematic and planned approach to the management of records within an organisation, from the moment they are created to their ultimate disposal, ensures that the organisation can control both the quality and the quantity of the information that it generates, it can maintain the information in a manner that effectively serves its needs, those of government and of the citizen, and it can dispose of the information efficiently when it is no longer required‟ (Public Records Office Records Management Standards, 1998)
4.6 Record Creation/Registration In order to ensure records can be identified and retrieved when needed it is necessary to have a system in place that identifies the type of record, who is responsible for them and where they are held or archived. The system will depend on the PCT‟s business need to maintain accountable records of particular activities, its information needs, how many records there are on that particular topic or in that series. The development of electronic patient records, will require identification of every item that is patient/client related with the relevant NHS number to provide the necessary links through all electronic records. Systems should be monitored regularly and reviewed at least once every two years to ensure that they continue to operate efficiently and meet the needs of users.
Records Management Audit The PCT will audit its records management practices for compliance with this policy and associated policies and guidance Records management audit will be part of the PCT‟s internal audit programme. The audit will focus on areas of risk that are identified by the information governance group or governance committee or senior mangers responsible for records management.
Audit of clinical records will take place annually and cover security, content and compliance with PCT and professional codes of practice for clinical records management.
The results of audits will be reported to the Governance Committees of both NHS Kirklees and KCHS via the Information Governance Group who will ensure that recommendations and actions identified following audits are carried out and implemented.
Archiving and destruction of records When records are no longer in constant use they may be archived. Where the archiving is of paper records the PCT will contract for additional archiving facilities off site in secured storage. Responsibility for these arrangements will lie with the individual services/teams. Information on the PCT‟s storage facilities can be obtained from the Head of Corporate Services. The cost of storage is the responsibility of individual directorates. On site records and archived records should be reviewed annually to ensure compliance with retention and destruction schedules. NHS Kirklees retention and destruction schedule can be found in Appendix D. If the record cannot be identified in this schedule you should follow the Records Management: NHS Code of Practice Part 2.
Equality Impact Assessment The impact assessment policy screening tool does not identify any adverse impact on any group from the implementation of this policy. The equality impact screening assessment can be found in Appendix F.
Implementation and Dissemination This policy will, following approval by the Information Governance Group and ratification by the Governance Committee, be disseminated to staff via the PCT‟s intranet. Awareness will also be raised through the staff newsletter, line managers and training. 7 Education and Training Information Governance Training is part of the PCT‟s mandatory training for all staff. There is also more specialist training required for staff who have specific responsibilities for information governance and records management such as the SIRO and IAO‟s which will managed via the individual appraisal process. It is the responsibility of all Senior Managers and Line Managers to ensure that all staff are kept up to date with new record processes and procedures to ensure Trust wide compliance. They need to be familiar 8
with the mandatory training requirements making sure that they identify training needs and make sure that staff attend mandatory and agreed training. All staff will be made aware of their responsibilities for record keeping and record management through generic and specific training programmes and guidance. In order to ensure that all employees of the PCT who are involved in creating and maintaining records are competent they must comply with the minimum training requirements set out below: Attendance at any of the following: 1. An Introduction to Information Governance as part of the PCT induction process 2. PCT Information Governance training 3. Facilitated training workshops with specific staff groups 4. Completion of relevant modules of the Connecting for Health Information Governance training tool Following initial training it is the responsibility of each staff member to ensure that they remain competent in the creation and maintenance of records.
References Department of Health, (2003) Essence of Care:- Record Keeping. NHS Litigation Authority Risk Management Standards for PCT‟s Health Records Information Governance Toolkit Clinical Information Assurance NHS Code of Practice, Record Management Parts 1 and 2
Associated Documentation This policy provides a robust Records Management framework for the current and future management of information, whilst raising the profile of, and supporting improvement in the standards or records management in NHS Kirklees. The policy is to be read in conjunction with:
Access to Health Records Policy Confidentiality Policy Incident Reporting Procedure Information to Support Recording Ethnicity Data Quality Policy Pre-adoption guidelines
Legal Framework Data Protection Act (1998) 9
Human Rights Act (1998) Freedom of Information Act (2000) Caldicott Report Records Management Code of Practice Confidentiality Code of Practice Public Records Act 1958 Standards for Better Health C9 (Records Management) Information Security Code of Practice
Nursing & Midwifery Council (2009) Record Keeping: Guidance for nurses and midwives, Available from http://www.nmc.org.uk 10.1
Evidence Base Department of Health, (2003) Essence of Care: - Record Keeping NHS Litigation Risk Management Standards for PCT‟s Health Records Information Governance Toolkit Clinical Information Assurance NHS Code of Practice, Records Management Parts 1 and 2
Appendix A LEGISLATION AND NATIONAL POLICY NHS Code of Practice The Records Management: NHS Code of Practice has been published by the Department of Health as a guide to the required standards of practice in the management of records for those who work within the NHS. It is based on the current legal requirements and professional best standards
Information Governance Toolkit As a key part of the Information Governance agenda, the Department of Health and the NHS Connecting for Health jointly produced an Information Governance Toolkit. With regards to records management the toolkit requires a systematic and planned approach to the management of records to be in place so that the organisation can ensure, from the moment a record is created until its ultimate disposal, it can control both the quality and quantity of information it generates; can maintain that information in a manner that effectively services its needs and those of its stakeholders; and it can dispose of the information appropriately when it is no longer required.
Freedom of Information Act 2000 The Freedom of Information Act 2000 is designed to promote a culture of openness and accountability within public authorities by making â€œeverything public unless it falls into specified excepted cases.â€? The act has 2 key features: It establishes the right of access to information held by public authorities by any person requesting that information, subject to certain exemptions, ie no patient identifiable information or business sensitive information will be released. The individual right of access applies no matter who the person is or where they are from. It imposes a requirement on public authorities to proactively disclose the information they hold, subject to certain exemptions. This will be achieved by public authorities establishing and maintaining a Publication Scheme. Section 46 Code of Practice This code of practice, issued under section 46 of the Freedom of Information Act, gives guidance on good practice in records management. It applies to all authorities subject to the Act, to the Public Records Act 1958 or to the Public Records Act (Northern Ireland) 1923. It also contains guidance on the review and transfer of public records to an archives office for permanent preservation. The section 46 code of practice was revised and re-issued on 16 July 2009.
The Data Protection Act 1998 Since March 2000 the key legislation governing the protection and use of identifiable person based information has been the Data Protection Act. The Act does not apply to information relating to the deceased. The Act gives seven rights to individuals in respect of their own personal data held by others, they are: Right of subject access Right to prevent processing likely to cause damage or distress Right to prevent processing for the purpose of direct marketing Rights in relation to automated decision taking Right to take action for compensation if the individual suffers damage Right to take action to rectify, block, erase or destroy inaccurate data Right to make a request to the Commissioner for an assessment to be made as to whether any provision of the Act has been contravened. The Data Protection Act applies to „personal data‟, that is, data about identifiable living individuals. Those who decide how and why personal data are processed (data controllers), must comply with the rules of good information handling, known as the data protection principles, and the other requirements of the Data Protection Act. The Caldicott Review In March 1996, guidance on The Protection and Use of Patient Information was published by the Department of Health. This guidance required that when the use of patient information was justified, only the minimum necessary information should be used and it should be anonymised wherever possible. In the light of that requirement the Chief Medical Officer established the Caldicott Committee to review the transfer of all patient-identifiable information from NHS organisations to other NHS or non-NHS bodies for purposes other than direct care, medical research or where there is a statutory requirement, to ensure that current practice complies with the Departmental guidance. On completion of the work, the committee concluded that, whilst there was no significant evidence of unjustified use of patient-identifiable information, there was a general lack of awareness throughout the NHS of existing guidance on confidentiality and security, increasing the risk of error or misuse. The Caldicott committee‟s report, published in December 1997, included 16 recommendations, which related to ensuring best practice in the use of information flows between organisations.
Standards for Better Health Standards for Better Health were launched in July 2004 and puts quality at the forefront of the agenda for the NHS. The core standards within the seven domains describe the level of quality that all health care organisations are expected to meet.
Third Domain â€“ Governance Managerial and clinical leadership and accountability, as well as the organisations culture, systems and working practices ensure that probity, quality assurance, quality improvement and patient safety are central components of all the activities of the health care organisation.
Standard C9 Health care organisations have a systematic and planned approach to the management of records to ensure that, from the moment a record is created until its ultimate disposal, the organisation maintains information so that it serves the purpose it was collected for and disposes of the information appropriately when no longer required. NHSLA Risk Management Standard for PCTs â€“ Standard 1: Governance and Standard 4: Clinical Care The NHSLA was established in 1994, to provide a means for NHS PCTs to fund the cost of clinical negligence litigation and to encourage and support effective management of claims and risk. The scheme covers claims arising from incidents on or after 1 April 1995. If PCTs comply with the standards, they should benefit from the investment in risk management by having fewer claims and paying lower scheme contributions.
Information for Health Information for Health, an information strategy for the Modern NHS 1998-2005 (HSC 1998/168) sets out an information strategy for the introduction of Electronic Patient Records (EPR) to eventually replace paper records, which means that the NHS will require effective Records Management policies to cover electronic as well as paper records.
NHS Connecting for Health The impact of the Governmentâ€&#x;s reform agenda will fundamentally affect the way the NHS approaches the management of electronic records. The NHS Care Records Service (NHS CRS) is central to these reforms and will transform the way both health and social care information is managed. In the mixed economy of paper and electronic records which will exist as the NHS Care Records Service is developed it is essential that paper and electronic records are consistently managed to ensure that a complete health record is available at the point of care. This transitional period will generate significant challenges eg before patient data is migrated to the national data spine, to enable these processes it will need to be validated to ensure that duplicate registrations are eliminated and steps taken in the local feeder systems to the data spine to ensure that duplicate registrations do not occur in the future.
GUIDELINES FOR THE MANAGEMENT OF NON-CLINICAL RECORDS
What is a Corporate Record?
Content and Style
4 4.1 4.11 4.12 4.2 4.3 4.4
Electronic Records E-mails Non-record e-mails Record e-mails Storing Records on the Shared Network Drive Structure and Directorate Drives Naming Conventions
2 3 3 3 3 4 4
5 5.1 5.2 5.3 5.4 5.5 5.6 6 7 8 9
Using Records Record Tracking Systems Record in Transit and Labelling and Packing Handling and Transporting Records Taking Records off Site Breaches in Security Lost Records Storing Current Paper Records Storage of Archived Records Confidentiality of Records Audit
5 5 5 5 6 6 6 7 7 7 7
Introduction These guidelines refer to the required practice in records management for staff who create and maintain non-clinical or corporate records in the course of their work within NHS Kirklees. This is an evolving document, based on current legislation as standards and practice will continue to change, therefore the guidelines may need updating on a regular basis. Records management through the proper control of the content, storage and volume of records can reduce the vulnerability to legal challenge or financial loss and promotes best value in terms of human and spatial resources through greater co-ordination of information and storage systems. Our organisation's records are our corporate memory, providing evidence of actions and decisions and representing a vital asset to support our daily functions and operations. They support policy formation and managerial decision-making, protect the interests of the PCT and the rights of patients, staff and members of the public who have dealings with the PCT. They support consistency, continuity, efficiency and productivity, and help us deliver our services in consistent and equitable ways.
What is a Corporate Record? The International Records Management Standard ISO 15489 defines records as â€œinformation created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of businessâ€?. As the definition suggests, records are not determined by their format. Records can exist on paper or on electronic media. They can be visual or sound recordings. Records can be originals, or they can be annotated copies of originals that contribute to a transaction or decision. Examples include: Letters Faxes E-mails Memos Policies Reports Personnel records (staff file, absence, holidays etc) Electronic documents Plans Photographs Drawings Films etc Appendix D contains a list of NHS Kirklees corporate records identifying responsibility for the record, where they are stored and retention and destruction information this can be added to via a request to the Information Governance Group. 1
Content and style All staff should abide by the following guidance when keeping records: Records should be adequate to document essential activities such as service planning, development and management, staffing management (including recruitment) and financial management. Records should be structured according to templates where available. Where not available they should be clear and able to fulfill their functional requirements in terms of content and recording processes All records should clearly state the author(s), date of creation, version number, dates of review and number of pages. Each page should be clearly numbered. All records created for viewing by external organisations or individuals should include the PCT logo on the cover or first page (It is good practice to include the logo on all formal records). Whilst it is everyone‟s responsibility to maintain the records they create, responsibilities to protect records from loss or damage over time should be delegated to a person in each department or team
Electronic Records The principles of good records management practice described within these guidelines apply equally to any records which may be created electronically. All information created as part of your job role constitutes a PCT record. When using electronic records: Terminals should not be able to be overlooked by members of the public or unauthorised personnel Avoid duplicating information that is held elsewhere (eg intranet) Do not store corporate records on the local (C:\) drive or portable media (floppy disks, memory sticks, CDROMS etc). Records should be stored as identified within Appendix B. Do not use your e-mail folder as a personal filing system. E-mails that constitute a record should be either saved in the appropriate shared directory or printed off and stored in a manual filing system. Passwords must be at least 6 characters with at least one non letter character Passwords should be changed at least every 90 days Levels of access must be controlled and authorized. Staff should be given guidance on choosing passwords (these should not be obvious or guessable passwords) Passwords should never be written down. Staff should log off or „lock‟ their PC‟s whilst they are away from their desk.
Non-record e-mails A „non-record e-mail‟ is an e-mail that does not constitute a Corporate Record. The following are examples of non-record e-mails: a) An e-mail that documents something you would have normally discussed over the phone – for example: confirmation of a meeting date or place; advice that someone is or will be absent from the office etc b) An e-mail that does not contain any information that is relevant to the business of the PCT (eg unsolicited advert from an outside agency) c) Any e-mail on which the recipient was copied or blind copied (originator and direct recipient are responsible for ensuring retention). d) Duplicate copies of records used for information.
Record e-mails A „record e-mail‟ is an e-mail which constitutes a Corporate Record. The following are examples of Record E-mails: a) An e-mail that responds to a business related question or series of questions. b) Any business related e-mail is a Record E-mail for the person who created it, and for any person who directly received it, but not for those who are copied in or blind copied in.
Storing records on the shared network drive Records created as part of your work which provides evidence of the PCT‟s activity should be saved on the Directorate shared drive (or paper file) as a PCT record for the following reasons. The information created may be needed for reference by others in future. Easier to share information with other colleagues All records have a set retention period, similar files kept together are easier to retain for appropriate timescales Avoids duplication in storage of information Reduce confusion, easier to locate the master/original document Reduce the need to email documents to colleagues in the same directorate Information must be accessible if an individual leaves the PCT or is unexpectedly absent Able to locate information to comply with requests for information under the Freedom of Information Act.
Structure of Directorate drives Directorate shared drives are a shared filing structure which need to be organised according to the functions/activities of the Directorate 3
Each Directorate must have an administrator who is responsible for the administration of its shared drive Permissions and security on these folders are handled by the Health Informatics IT Service Desk. Folders can be accessible to everyone in the Directorate - e.g. Directorate meetings, directorate protocols/procedures, Or, access to folders can be restricted to a set individuals e.g. groups of people or teams Sub-folders can exist in each folder, further categorising work activities undertaken by a team/department 4.4
Naming conventions Keep file names short but meaningful Avoid duplicating words already used in the folder title (eg F:\Corporate\Records\procedures\procedure for archiving) Do not use words such as „spreadsheet‟, „e-mail‟, „presentation‟ and „letter‟ in titles as this is obvious from the format of the document. Do not use abbreviations in folder titles as they are not always understood and can lose their meaning over time. When using numbers in a file name use two digits unless it is a year or another number with more than two digits. This will ensure that files are automatically maintained in numeric order. Dates should always be presented „back to front‟, that is with the year first (always given as a four digit number), followed by the month (always given as a two digit number), and the day (always given as a two digit number). Giving the dates back to front means that the chronological order of the records is maintained when the file names are listed in the file directory. This helps when trying to retrieve the latest dated record. Do not name records after yourself or create folders with personal names. Instead, create folders according to the functions and activities of your job role or team (exception: HR information relevant to the individual person as opposed to their job role, e.g. if line management records). PCT information developed as part of your job role is corporate information which may need to be shared and retained in accordance with national guidelines. Individuals may leave the PCT, but their job role usually continues. It is easier to find information if it organised by activity / function or job role, not personal name. If you need to refer to yourself, use your job title. The version number of a record should be indicated in its file name by the inclusion of „V‟ followed the version number and, where applicable, „Draft‟ or „Final‟.
Senior Managers must ensure that staff are compliant with the above standards by ensuring that training and support is provided and monitoring of the above, on an individual basis, is supported through supervision.
Using Records The importance of knowing where information can be found Accurate recording and knowledge of the whereabouts of all records is essential if the information they contain is to be located quickly and efficiently. One of the main reasons why records get misplaced or lost is because their next destination is not recorded anywhere.
Record Tracking Systems Manual tracking systems for individual services who store their own live records should be one of the following. A paper register – a book or a diary An index system with a card for every absent record, held in alphabetical order. Electronic register – a database or spreadsheet It is important that any tracking system meets user‟s needs and is adequately supported. The success of any tracking system depends on it being up to date, therefore all staff should be made aware of its importance and receive adequate training in its use to ensure that it is kept up to date.
Records in Transit & Labelling and Packing If records are being delivered to another location they should be enclosed in securely sealed envelopes for transfer. Any records that may be damaged in transit should be enclosed in suitable padding or containers. For larger quantities, records should be boxed in suitable boxes or containers for their protection. All boxes/containers must be clearly labelled. There are various options if records are to be mailed, such as recorded delivery, registered mail etc. When choosing options staff should consider the following: Will the records be protected from damage, unauthorized access or theft? Is the level of security offered appropriate to the degree of importance, sensitivity or confidentiality of the records? Does the mail provider offer „track and trace‟ options and is a signature required on delivery?
Handling and transporting records No-one should eat or drink near records. Records being carried on – site should be enclosed in a sealed envelope or „zippy‟ bag. 5
Records should be handled carefully when being loaded, transported or unloaded. Records should never be thrown away. Records should be packed carefully onto vehicles to ensure that they will not be damaged by the movement of the vehicle Records in vehicles must be hidden from view so that they are protected from risks such as theft. Vehicles containing records should be locked when stationary 5.4
Taking records off site When transporting records individuals are tasked with ensuring and protecting the safety and confidentiality of the record. Records should wherever possible not be left unattended e.g. in the car. If using records at the end or the beginning of the day, and it would be inconvenient to return or collect records from base, it is acceptable to store records securely in the professionalâ€&#x;s home. It is essential that any such records are tracked out of the department, so that staff within the department are aware of the location of the record.
Breaches in Security Any incident or near miss relating to a breach in the security of all records held by the PCT relating to the use, storage, transportation or handling of records must be reported on the PCT Incident Reporting Form. Refer to Incident Reporting Procedure. Reportable incidents may also be related to PCT activity on exchange with an external party e.g. another PCT or hospital. All breaches of security are then reported to the Caldicott Guardian for investigation. Staff must be encouraged to report incidents or near misses within their teams and supported by their Line Manager to enable lessons to be learnt from incidents of this nature. A serious breach of security e.g. major theft or fire may result in the Serious Untoward Incident procedure to be followed. Refer to Serious Untoward Incident procedure.
Lost records For the purpose of these guidelines a lost record is defined as a record that cannot be located within 5 working days of first attempting to access the record or any record that has been stolen from a known place If a record is lost or misplaced, including diaries or any other document that is used to record information or PCT business, the PCTâ€&#x;s Caldicott Guardian must be informed immediately. An incident form must be completed giving clear details of all actions including When and where record was last seen, with date if known If stolen, from where and if reported to police 6
Actions taken to locate file. Do not include patient identifiable information on the incident form.
Storing Current Paper Records Common sense When a record is in constant or regular use, or is likely to be needed quickly, it makes sense to keep it within the service unit responsible for the related work. Such records should be stored in lockable desk drawers or filing cabinets to enable information to be appropriately filed so that they can be retrieved when next required. Records must always be kept securely and when a room containing records is left unattended it must be locked. A sensible balance should be achieved between the needs for security and accessibility.
Storage of archived records When records are no longer in constant use they may be archived with the PCTâ€&#x;s contracted archive service, which provides secure off site storage with a retrieval service. Managers must ensure that records no longer required for business use are reviewed as soon as practicable so that ill-considered destruction is avoided. The review will determine whether records are to be selected for permanent preservation, destroyed or retained by the PCT for research or litigation purposes. Records selected for destruction must be disposed of in line with the PCTâ€&#x;s with the schedule set out in Appendix D or the Records Management: NHS Code of Practice Part 2 and an entry made in the records destruction log on the records management Z drive. Further advice on the archiving of corporate records can be obtained from the Director or Head of Corporate Services.
GUIDELINES FOR CLINICAL RECORDS AND RECORD KEEPING
Content and style
Information technology and electronic records
Using Records and Record Tracking systems
Storing Current Paper Records
Storage of Archived Records
Access to Health Records
1 Introduction These guidelines refer to the required practice in record keeping for those who create and maintain Health Records in the course of their work within NHS Kirklees. This is an evolving document, based on current legislation and professional best practice, as standards and practice will continue to change, therefore the policy may need updating on a regular basis. High quality information underpins the delivery of evidence-based health care and many other key service deliverables. Information is of greatest value when it is accurate, up to date and accessible when it is needed. Effective record keeping is vital: To support patient care and continuity of care; To support day to day business of the PCT; To support evidence based clinical practice; To support sound administrative and managerial decision making, as part of the knowledge base for NHS services; To meet legal requirements, including requests from patients under subject access legislation; To assist clinical and other audits; To support improvements in clinical effectiveness through research; To support archival functions by taking account of the historical importance of material and the needs of future research; Whenever and wherever there is a justified need for information, and in whatever media it is required. Good record keeping ensures that: a) Staff can work with maximum efficiency without having to waste time hunting for information b) An audit trail exists, that enables any record entry to be traced to a named individual at a given date/time and tracks all subsequent alterations c) Provides clear information about what has been done/not done, and why d) Provides clear justification for the decision making process for future users This is vitally important in cases such as: Providing patient care Clinical Liability Complaints Legal action Records are valuable because of the information they contain and that information is only usable if it is correctly and legibly recorded in the first place, is then kept up to date, and is easily accessible when needed. To ensure quality and continuity of operational services all records must be up to date. Local guidelines should be developed to ensure quality for both manual and 1
electronic records. These guidelines should be passed on to all staff that are responsible for creating and maintaining records. When clinical records are created it is essential that indices are checked e.g. SystmOne to avoid duplicate records being created for the same patient. 2 Content and style All staff should abide by the following guidance when keeping patient records: Record any important/relevant information, making sure that it is complete. Ensure that it is legible and in black permanent ink, so that it can be easily read and reproduced when required. Stored securely where it can be found when needed. Kept up to date. Be consecutive with clear filing instructions where practical within each record/or within a defined place in each department Evidence of all contacts with and information received from the patient and/or carer are recorded within 24 hours of the event. It is advised that a temporary record is made in a clinical diary within 24 hours in circumstances where the record is unavailable, and updated as soon as possible. If a record is not made at the time that the event took place, the entry should state that this is a retrospective recollection of what took place. Ensure that all entries are identified by a date, time using the 24 hour clock, name and signature of the professional adding to the record. An up to date register of signatures must be kept within each patient record or within a designated place within that service area. All changes in signature must be recorded. Gaps should not be left between entries when an entry should have been made contemporaneously. Ensure that all copies of correspondence relating to the patient are filed within the record. It is good practice to file telephone messages or document that one has been received, so that they can be referred to in the event of an enquiry. Make entries for all appointments even those cancelled or not attended. Record the reason for cancellation and an indication about future appointments. All errors i.e. spelling mistakes are corrected by a single line, signed and date of correction. (For factually incorrect entries see section 2.4 ) There should be no use of abbreviations ( See Abbreviations section 2.2) Be written, wherever possible, with the involvement of the service user or carer. Ensure that you always use the official documentation provided for the purpose of record keeping. Electronic records will have an integral audit trail providing at least the equivalent information Follow any national/professional protocols/guidance or PCT specific service guidance. 2
Be relevant and useful Identifying problems that have arisen and the action taken to identify them Providing evidence of the care planned, the decision made, the care delivered and the information shared Providing evidence of actions agreed with the patient (including consent to treatment and/or consent to share) Providing evidence of the evaluation of all interventions and outcomes. And include: Relevant disclosures by the patient and/or carer â€“ pertinent to understanding cause or effecting treatment Facts presented to the patient and/or carer Correspondence from the patient or other parties Provide evidence as to the use of interpreters as and when appropriate including: 1. Name of interpreter 2. Relationship to patient 3. Interpreter to make own or joint entry with clinician to sign Provide evidence as to the use of chaperones as and when appropriate including: 1. Name of chaperone 2. Relationship to patient
2.1 Patient records should not include: Unnecessary jargon, judgmental comments, meaningless phrases, irrelevant speculation and offensive statements regarding appearance or habits, etc unless clinically relevant. Personal opinions regarding the patient unless clinically relevant. All personal opinions must be recorded in the record as such. Patients records should not include any non healthcare related information e.g. complaints, access codes 2.2 Abbreviations Best practice when completing all records within the NHS is not to use abbreviations including patient records, minutes of meetings, reports. This is to ensure that both patients and staff can understand the content and context the information recorded. It has been agreed that all services will have an agreed abbreviation list consisting of no more than 10 abbreviations, or in exceptional circumstances working towards this. The list will be signed off by the Caldicott Guardian. This will be incorporated into the annual audit.
2.3 Facts, assumptions or opinions In the event that healthcare professionals are required to give evidence for claims, complaints or other legal proceedings, it is vital that healthcare professionals only record facts and avoid unaccounted for speculation or assumptions. Fact is information seen, heard or done by the health professional therefore, assumption/inference or an opinion should be avoided unless they are based upon fact. It must be clearly indicated in the record if the information is assumption/inference or opinion. 2.4 Factually Incorrect information If a patient feels information recorded on their health record is incorrect then they should firstly make an informal approach to the health professional concerned to discuss the situation in an attempt to have the records amended. If this avenue is unsuccessful then they may pursue a complaint under the NHS Complaints procedure in an attempt to have the information corrected or erased. All changes of this nature in a patient‟s paper record must have a clear statement that there has been a change of factual information. Clinical opinion cannot be altered the patient may not believe they are depressed but this is the clinicians opinion. Further information can be found in the PCT‟s Data Protection Policy 2.5 Recording Highly Sensitive Information The recording of highly sensitive information is referred to as information that is required to be placed in a „sealed envelope‟. Sealed envelopes are defined by the NHS Information Standards Board (ISB) on personal data as „personal data that are subject to special access restrictions made by the patient or clinician‟ (ISB 2003). Examples of information that may be placed in a sealed envelope by a patient would be information regarding any medical treatment they had received that they did not wish to be disclosed. An example of information that may be placed in a sealed envelope by a health professional would be any pre-adoptive medical information that would identify the patient‟s natural parents. 2.6 Equality and Diversity Good quality information on patient ethnicity is important as it provides a useful tool to inform, plan and manage the care provided for the conditions that are more prevalent in certain ethnic groups. The Department of Health and the NHS have identified from the 2001 population census the set of 16+1 ethnic categories. This information must be collected in line with PCT policy. The requirements of the Data Protection Act apply in collecting this information.
Further information in the collection of this information can be found in the PCTs Information to Support Recording Ethnicity. It is also good practice to collect data on the patientâ€&#x;s religion, sexual orientation and disability. 2.7 Clinical Diaries All clinical diaries, message and appointment books can constitute a legal record of contacts with patients and their carers and as such are part of the clinical record. The clinical diary should be used to log daily events. The following points should be adhered to: Entries are to be made concerning non-attendance or cancellation of appointments, telephone calls, visits and significant events and/or contacts making note of the time. All relevant entries recorded within the diary must be transferred to the patient record. Care of the diary is important, i.e. the general appearance, its confidentiality and safe place of keeping Diaries must be archived in accordance with PCT policy, not within staff homes (Refer to the retention schedule) When changing jobs or ending employment diaries must be handed over to the line manager and archived in line with PCT policy All entries must be indelible ink, not pencil If a prescription is issued, a note should be made in the diary to include prescription number Actual mileage to be recorded 2.8 Discharge/Transfer of Care Where a patientâ€&#x;s care is either transferred to another care provider e.g. private sector housing association or discharged to another healthcare provider or PCT, careful consideration must be given as to the type of information provided regarding the care and treatment of that individual. 2.9 Non-registered staff All services should ensure that all non registered staff making entries in clinical records are trained in clinical record keeping and understand their responsibilities in making entries into clinical records. The competency of different individuals will vary and some non registered staff will have attained high levels of competency, which should be reflected in the quality of entries they make within clinical records. Unregistered staff should not make entries in records until the professional is satisfied that they are competent to do so. The caseload manager or service manager should review all records made by non registered staff at the completion of an episode of care or on discharge and 5
countersign the entries that non registered staff have made are correct. Where there are numerous entries made by unregistered staff, one signature and a statement confirming that all entries are correct will suffice. When the main provider of continual clinical care is a non registered member of staff the care plan/record should be assessed at least six monthly and countersigned. Where non registered staff have delegated responsibility for carrying out and recording screening tests, it is not feasible for entries to be countersigned by a registered person. Line Managers are responsible for ensuring that non registered staff are competent in both carrying out and recording of tests before delegating this responsibility. Registered professionals remain accountable and responsible for clinical care given and recorded by non registered staff. As records are not always centralised and are often kept with the patient, contemporaneous countersigning is not possible, it is essential that all services have explicit systems in place for monitoring and auditing the delivery and recording of clinical care by non registered staff. Team Leaders and service managers must be satisfied that they have identified systems in place. 3 Electronic Records The principles of good records management practice described within these guidelines apply equally to any records which may be created electronically. When using electronic records: Terminals should not be able to be overlooked by members of the public or unauthorised personnel The printer used for taking off hard copies should be in secure areas Passwords must be at least 6 characters with at least one non letter character Passwords should be changed at least every 90 days Levels of access must be authorised. Staff should be given guidance on choosing passwords (these should not be obvious or guessable passwords) Anyone using the system should never write their password down anywhere. Staff should log off the PC when they move away from it All information created as part of your role constitutes as a PCT record and must be stored on the network drive. Avoid duplication of information check if it is stored elsewhere. SMART cards must not be shared or left unattended This guidance will be reviewed in the light of developments around the Electronic Patient Record for the PCT.
Senior Managers must ensure that staff are compliant with the above standards by ensuring that training and support is provided and with monitoring of the above, on an individual basis, supported through Clinical Supervision.
4 Using Records and Record Tracking Systems The importance of knowing where information can be found Accurate recording and knowledge of the whereabouts of all records is essential if the information they contain is to be located quickly and efficiently. One of the main reasons why records get misplaced or lost is because their next destination is not recorded anywhere.
4.1 Record Tracking Systems Manual tracking systems for individual Services who store their own live records should be one of the following. A paper register â€“ a book or a diary An index system with a card for every absent record, held in alphabetical order. Tracer card systems will be used in the main records libraries. Tracking mechanisms should record the following (minimum) information: Name of the record or identifier i.e. NHS Number which is to be loaned Description of the item i.e. the file title Name of the recipient and the service to which it is to be loaned The date of the transfer to them The date returned It is important that any tracking system meets userâ€&#x;s needs and is adequately supported. The success of any tracking system depends on it being up to date, therefore all staff should be made aware of its importance and receive adequate training in its use to ensure that it is kept up to date. 4.2 Labeling and packing If records are being delivered to another location they should be enclosed in securely sealed envelopes for transfer. Any records that may be damaged in transit should be enclosed in suitable padding or containers. For larger quantities, records should be boxed in suitable boxes or containers for their protection. All boxes/containers must be clearly labeled. All loose records, including single sheets of paper, whilst being transported by staff will be carried in sealed envelopes/bags to reduce the risk of loss.
There are various options if records are to be mailed, such as recorded delivery, registered mail etc. When choosing options staff should consider the following: Will the records be protected from damage, unauthorised access or theft? Is the level of security offered appropriate to the degree of importance, sensitivity or confidentiality of the records? Does the mail provider offer „track and trace‟ options and is a signature required on delivery? 4.3 Handling and transporting records No-one should eat or drink near records. Clinical records, including single sheets being carried on – site should be enclosed in an envelope/zippy bag. Records should be handled carefully when being loaded, transported or unloaded. Records should never be thrown. Records should be packed carefully into vehicles to ensure that they will not be damaged by the movement of the vehicle. Records in vehicles must be hidden from view so that they are protected from risks such as theft. Vehicles containing records should be locked when stationary. 4.4 Taking records off site When transporting records individuals are tasked with ensuring and protecting the safety and confidentiality of the record. Wherever possible, the transportation of records should be provided through the Facilities Portering Service. Records required for visits during the day should not be on display and should be kept securely in a closed bag in the boot of the car. Records pertaining to patients other than those of the immediate visit must not be taken into other patient‟s homes. Records should wherever possible not be left unattended e.g. in the car. If using records at the end or the beginning of the day, and it would be inconvenient to return or collect records from base, it is acceptable to store records securely in the professional‟s home. It is essential that any such records are tracked out of the department, so that staff within the department are aware of the location of the record. 4.5 Breaches in Security Any incident or near miss relating to a breach in the security of clinical record keeping relating to the use, storage, transportation or handling of patient records must be reported on the PCT Incident Reporting Form. Refer to Incident Reporting Procedure. Reportable incidents may also be related to PCT activity on exchange with an external party e.g. another PCT or hospital. All breaches of security are then reported to the Caldicott Guardian for investigation. 8
Staff must be encouraged to report incidents or near misses within their teams and supported by their Line Manager to enable lessons to be learnt from incidents of this nature. A serious breach of security e.g. major theft or fire may result in the Serious Untoward Incident procedure to be followed. Refer to Serious Untoward Incident procedure.
4.6 Lost records For the purpose of these guidelines a lost record is defined as a record that cannot be located within 5 working days of first attempting to access the record or any record that has been stolen from a known place e.g. the boot of a car. If a record is lost or misplaced, including diaries or any other document that is used to record patient information or PCT business, the PCTâ€&#x;s Caldicott Guardian must be informed immediately. An incident form must be completed giving clear details of all actions including When and where record was last seen, with date if known If stolen, from where and if reported to police Actions taken to locate file. Do not include patient identifiable information on the incident form. 5 Storing Current Paper Records When a record is in constant or regular use, or is likely to be needed quickly, it makes sense to keep it within the service unit responsible for the related work. Such records should be stored in lockable desk drawers or filing cabinets to enable information to be appropriately filed so that they can be retrieved when next required. Records must always be kept securely and when a room containing records is left unattended it must be locked. A sensible balance should be achieved between the needs for security and accessibility. 6 Storage of archive records When records are no longer in constant use they may be archived with the PCTâ€&#x;s contracted archive service, which provides off site secure storage with a retrieval service. Managers must ensure that records no longer required for business use are reviewed as soon as practicable under the criteria set out below so that ill-considered destruction is avoided. The review will determine whether records are to be selected for permanent preservation, destroyed or retained by the PCT for research or litigation purposes. Records should be destroyed in line with Records Management: NHS Code of Practice Part 2. 7 Access to Health Records (Data Protection Act 1998) 9
Best practice when providing subject access to records is that of enabling patients to access all their current records if and when they choose to and in a format that meets their individual needs. The PCT encourages informal access to clinical records wherever possible. If a patient requires formal access to their clinical records this can be achieved through the PCTâ€&#x;s Access to Records Policy.
8 Confidentiality of Records The legal obligations of healthcare professionals who deal with information supplied to them by patients are now largely codified by statute. In particular, the introduction of the Data Protection Act 1998 which means that the use of personal information held on manual as well as computer records is governed by statute. For further information refer to Confidentiality Policy 9 Audit Audit of health records is undertaken in the PCT on an annual basis. Objective verification is undertaken every three years using internal auditors or other service areas to provide peer review. When auditing records you are able to assess the standard of record keeping and identify areas for improvement. 10 Summary Record keeping is an integral part of your day to day practice Good record keeping is a mark of a skilled and safe practitioner Records should not include abbreviations, jargon, meaningless phrases. It is important signatures are recognisable and you should keep a record of names, signatories and initials of all those who are going to make entries into clinical records. Records should be written in terms the patient can understand Auditing is a tool to assess standards and areas for improvement You must sign all enteries and print name at least yearly Each service must have a signatory list in each patients file if possible Patients and clients have a right to access their records You must protect the patientâ€™s confidentiality Lock away files at the end of the day To prevent loss of records keep your tracer system upto date Records must be factual, consistent and accurate Use the twenty four hour clock when making an entry in the record Record all telephone conversations Your diary is a legal document Report all lost records using Incident Forms
Appendix D: (To be inserted) NHS Kirklees retention and destruction schedule
Equality Impact Screening Assessment Tool
To be completed and attached to any procedural document when submitted to the appropriate committee for consideration and approval. Insert Name of Policy / Procedure Yes/No 1.
Does the policy/guidance affect one group less or more favourably than another on the basis of: Race Ethnic origins travellers)
Religion or belief
Sexual orientation including lesbian, gay and bisexual people
Disability - learning disabilities, physical disability, sensory impairment and mental health problems
Some records eg maternity are kept for a longer period of time than other records. This is to protect individuals and should not have an adverse impact.
Is there any evidence that some groups are affected differently?
e.g. obstetric/maternity records
If you have identified potential discrimination, are any exceptions valid, legal and/or justifiable?
The PCT is following legal and national guidance on record keeping
Is the impact of the policy/guidance likely to be negative?
If so can the impact be avoided?
What alternatives are there to achieving the policy/guidance without the impact?
Insert Name of Policy / Procedure Yes/No 7.
Can we reduce the impact by taking different action?
Appendix G Sign Off Sheet regarding Dissemination of Procedural Documents To be completed and attached to any document which guides practice when submitted to the appropriate committee for consideration and approval. Title of Document:
Records Management Policy
Date Approved: Where approved: Dissemination Lead: Placed on Website: Review Date:
Stakeholders name and designation SMT Information Governance Committee Governance Committee KCHS Governance Team
Date feedback requested 12/3/10
Detail of feedback received
Date feedback received
12/3/10 12/3/10 12/3/10