records management policy · 2.0 background and other information . the importance of sound records...
TRANSCRIPT
RECORDS MANAGEMENT POLICY
DOCUMENT INFORMATION
CATEGORY: Policy THEME: Information
DOCUMENT REFERENCE: 7.07 POLICY LEAD: Medical Director
APPROVAL DATE: 27 April 2017
APPROVAL BODY: Quality Committee
BOARD RATIFICATION DATE: 11 May 2017
FINAL REVIEW DATE: 31 May 2020
CONTENTS
Section Page 1.0 Policy Statement 3
2.0 Background & Other Information 3
3.0 Legal and Professional Obligations 4
4.0 Roles and Responsibilities 5
5.0 Risk and Incident Reporting 6
6.0 Information Governance 6
7.0 Confidentiality and Data Protection 6
8.0 Freedom of Information Act 2000 8
9.0 Equality, Diversity and Human Rights Act 1998 8
10.0 General Principles 8
11.0 Records Management 9
12.0 Process for Efficient Storage 11
13.0 Retention and Disposal Schedules 12
14.0 Transportation of Records 12
15.0 Records Management Audit 12
16.0 Training 13
17.0 Strategy Objectives 13
18.0 References 14
Appendix 1 Retention Schedule 15
Appendix 2 Corporate Records Audit Tool 33
Page 2
1.0 POLICY STATEMENT
1.1 The purpose of a records management policy is to have a systematic and planned approach for the management of records, to minimise the level of risk attributed to the records activity, continually improve the records management process and to reduce duplication.
(Ref. Risk Management Policy No 4.18).
1.2 Three key areas are identified, these being:
Confidentiality Information is required to be 'fit for the purpose', access confined to those with specified authority to hear, view, process and store information.
Integrity Systems are operating correctly according to their specification and in the way users believe them to be operating.
Availability Information is delivered to the right person when it is needed.
(Ref. Information Security & Data Protection Policy No 7.03)
1.3 The Records Management: NHS Code of Practice for Health and Social Care 2016 has been published by the Information Governance Alliance (IGA) for the Department of Health as a guide to use in relation to the practice of managing records. The code is relevant to organisations who work within, or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.
1.4 This policy relates to all clinical and non-clinical records held in any format
by the Trust. These include: • All administrative records (e.g. personnel, estates, financial, notes
associated with complaints, etc.); and • All patient health records
1.5 Records Management is a discipline which utilises an administrative system
to direct or control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally safe, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are:
• Record creation • Record keeping • Record maintenance (including tracking of record movements)
Page 3
• Access and disclosure • Closure and transfer • Appraisal • Archiving and Disposal
1.6 Information is a corporate asset. The Trust’s records are important sources
of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.
1.7 This policy is not intended to act as a stand-alone document and therefore
should be read in conjunction with current national publications and local policies as listed in references, page 14.
2.0 BACKGROUND AND OTHER INFORMATION The importance of sound records management practice in the NHS:
2.1 Records management is most effective when it is regarded as a professional activity requiring specific expertise.
2.2 Trust records are its corporate memory, providing evidence of actions and
decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision making, protect the interests of the Trust and the rights of patients, staff and members of the public. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways. The information is only useable if it is correctly and legibly recorded in the first place, is regularly updated and is easily accessible when it is needed.
2.3 The Trust Board has adopted this Records Management Policy and is
committed to ongoing improvement of its records management functions as it believes that it will gain a number of organisational benefits. These include:-
• Better use of physical and server space • Better use of staff time • Improved control of valuable information resources • Reduce costs • Support patient care and continuity of care. • Support evidence based clinical practice. • Support day-to-day business which underpins the delivery of care. • To meet legal requirements, including requests from patients under
subject access provisions of the current Data Protection Act legislation or the Freedom of Information Act 2000.
• To assist clinical and other types of audits.
Page 4
• Whenever and wherever there is a justified need for information and in whatever media it is required.
• To support patient choice and control over treatment and services designed around patients.
3.0 LEGAL AND PROFESSIONAL OBLIGATIONS
3.1 All NHS records are public records which are detailed within the Public Records Act. The Trust will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular:
• The Public Records Act 1958 • The Data Protection legislation • The Freedom of Information Act 2000 • The Common Law Duty of Confidentiality; and • The NHS Confidentiality Code of Practice • Any new legislation affecting records management as it arises.
3.2 The National Archives is the body that is responsible for advising on the
management of all types of public records, including NHS records. The National Archives has general oversight of the arrangements for the permanent preservation of records in local records offices, which have been formally approved by them as places of deposit,
4.0 ROLES AND RESPONSIBILITIES
4.1 The Chief Executive has overall responsibility for records management in
the Trust. As accountable officer they are responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required.
4.2 The Caldicott Guardian is currently the Medical Director and has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.
4.3 Local Managers The responsibility for local records management is
devolved to the relevant directors, directorate heads and department managers. Heads of Departments, other areas and business functions within the Trust have overall responsibility for the management of records generated by their activities, i.e. for ensuring that records controlled within their area are managed in a way which meets the Trust’s records management policies.
4.4 All staff whether clinical or administrative, who create, receive and use
records have records management responsibilities. In particular all staff
Page 5
must ensure that they keep appropriate records of their work in the Trust and manage those records in keeping with this policy and with any guidance subsequently produced. Failure to comply with the policy may result in the invocation of the performance management procedure or disciplinary action.
4.5 Other legal obligations exist in respect of particular classes of records, especially those containing personal information. (See appendix on page 14)
5.0 RISK & INCIDENT REPORTING
5.1 Risk management involves a two-stage approach to identifying both the points at which risk occurs in a system and solutions to reduce those risks. The first depends on reporting adverse incidents and near misses; the second depends on the systems, structures and processes linked to the incident.
5.2 Any incidents of non-compliance with this policy (e.g. lost records, breach of
confidentiality, incorrect destruction of records, failure in filing system etc.) must be reported via the Trust’s Incident Reporting System.
(Ref: Incident Reporting Policy & Guidance Policy No 5.1)
6.0 INFORMATION GOVERNANCE
Information Governance ensures that organisations and individuals guarantee that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care, it provides a consistent way for employees to deal with the many different information handling requirements, including:
• Information Quality Assurance • The NHS Confidentiality Code of Practice • Information Security Assurance • CurrentData Protection Legislation • Records Management • The Freedom of Information Act 2000
7.0 CONFIDENTIALITY AND DATA PROTECTION
7.1 All NHS bodies and those carrying out functions on behalf of the NHS, have a common law duty of confidentiality. Everyone working for or with the NHS who records, handles, stores or otherwise, comes across sensitive information has a personal common law duty of confidentiality to patients and to his or her employer. The duty of confidence continues even after death of the patient or after an employee or contractor has left the NHS. Trust employees (including temporary, agency, sub contractors
Page 6
etc.) are advised of their responsibility to deal with any information in a confidential manner. This is a mandatory requirement and is detailed on all Trust Job Descriptions and contracts.
(Ref: Confidentiality of Patient & Employee Personal Information Policy No 7.01)
7.2 A breach in duty of confidentiality has the potential to give rise to an action for damages and could also constitute gross misconduct for the employee and result in further action and possible dismissal.
7.3 A duty of confidentiality arises when one person discloses to another
(e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held confidentially. It is:-
• A legal obligation that is derived from case law; • A requirement established within professional codes of conduct, and; • Must be included within NHS employment contracts as a specific
requirement linked to disciplinary procedures.
7.4 In general, any personal information given or received in confidence for one purpose may not be used for a different purpose or passed to anyone else without the consent of the provider of the information (given that there is no obvious therapeutic benefit an appropriate consent form must be used). This duty of confidentiality is long established in common law. However, it is not an absolute duty and can be subject to an overriding public interest. Medical, historical and epidemiological research is based on patient information; usually the information is anonymised so those individual patients cannot be identified. In these cases, the use of information is generally accepted as being not compatible with the duty of confidentiality. Where identifiable information is used, in the absence of consent (express or implied), it is necessary to consider whether any public interest in the research outweighs the duty of confidentiality, having regard to all the circumstances. The ethics committee must first approve any research using patient records.
7.5 The Caldicott Committee recommends that NHS organisations should be held accountable through Clinical Governance procedures, for continuously improving confidentiality and security procedures governing access to and storage of clinical information.
(Ref: Information Security & Data Protection policy No 7.03).
7.6 The implementation of the Data Protection Law applies to both, patient and employee information, covers all identifiable information including computerised and manual personal data, establishes a set of principles within which users of personal information must comply. The legislation imposes statutory restrictions on the use of personal information, including health information. All individual members of staff are responsible for ensuring that they comply with the Data Protection Law.
Page 7
7.7 The NHS Confidentiality Code of Practice (COP) applies only to patient information. The COP incorporates the requirements of the Data Protection Law and other relevant legislation together with the findings of the Caldicott report, in some cases extending statutory requirements, and provides detailed specific guidance.
8.0 FREEDOM OF INFORMATION ACT 2000
The Freedom of Information Act 2000 (FOIA) is an Act which makes legal provision and creates a legal gateway and timetable for the disclosure, to the public, of certain corporate information held by this Trust. It gives the public:
• The right to be told whether information exists. • The right to receive the information.
It sets out exemptions from that right and places a series of obligations on Public Authorities. Any discussion concerning non-disclosure must be conveyed in writing; quoting the relevant exemption together with signposting to internal and external methods of complaint. The FOIA will lead to greater openness concerning NHS administrative records, but the disclosure of health records will continue to be dealt with along the lines of current common law and legislative provision in particular the Data Protection Act 1998. Local guidance on FOIA can be obtained from the Associate Director of Corporate Governance.
9.0 EQUALITY, DIVERSITY & HUMAN RIGHTS ACT 1998
The records management policies and strategies, within the Trust, will not infringe the convention rights of an individual under the articles of the Human Rights Act. An equality impact assessment has been undertaken for this policy with no potential or adverse impact identified.
10.0 GENERAL PRINCIPLES
10.1 Good record keeping ensures that:-
• Records are available when needed so work can be undertaken with maximum efficiency without having to waste time searching for information.
• There is an ‘audit trail’, which enables any record entry to be traced to
a named individual of a given date/time with a signature.
Page 8
• All alterations must also be able to be traced in a similar way as the previous point.
• Those accessing the record can see what has been done, or not done
and why.
• Any decisions can be justified or reconsidered at a later date.
10.2 This is vitally important in cases such as:
• Providing patient care
• Clinical liability
• Parliamentary accountability
• Purchasing and contract or service agreement management
• Financial accountability
• Complaints & claims
10.3 It is therefore imperative that;
• Important, relevant, and complete information is recorded.
• Entries are legible in black ink, so that they can easily be read and reproduced when required.
• Entries into clinical (and certain other) records are dated, timed and
signed.
• Where it is necessary to share information this should be done orally rather than by copying the records in order to reduce the risk of breach of confidentiality.
• Records are suitably disposed of (subject to national and local
retention periods). 11.0 RECORDS MANAGEMENT
11.1 The term Records Life Cycle describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation
Page 9
11.2 In this policy, Records are defined as ‘recorded information, in any form, created or received and maintained by the Trust in the transaction of its business or conduct of affairs and kept as evidence of such activity’.
11.3 Clinical records, including electronic ones such as the Electronic Patient Record (EPR), are routinely created and logged in the Trust tracer system for each patient when they first visit a clinician. A unique identifier e.g. the NHS number, is normally allocated to patients with their name, address, date of birth, their general practitioner and other data used as additional cross checks. With the development of EPR there will be a need to identify every item which is patient related with the relevant NHS number to provide the necessary links through all electronic records.
(Ref: Policy on Health Records Management & Standards No 7.17)
11.4 Non clinical records, not every administrative record needs to be logged.
Logging will depend on the organisation’s business need to maintain accountable records of particular activities, its information needs, how many records there are on that particular topic or in that series and on any legal obligations for registration with third parties, such as the Data Protection Act.
11.5 The requirements for recording information are:
• Legibility; • Timeliness; • Accuracy; • Completeness; • Provision of an audit trail.
11.6 The requirement of logging is:
• The file title must be unique; • The reference identifier assigned to each file must be unique; • Both must be relevant to and easily understood by all users; • Details must be recorded both on the file cover and in the log; • Patient records must be logged on the Trust electronic tracer system.
11.7 As a minimum the file description must identify:
• Its title; • Its identifier (e.g. number or prefix used in register); • The date it was logged (opened or created); • The date it is due to be closed and reviewed, destroyed or archived.
Page 10
12.0 PROCESS FOR EFFICIENT STORAGE
12.1 Records must be accessible and retrievable when and where required. When a paper record is in constant or regular use, or is likely to be needed quickly, it makes sense to keep it within the department responsible for the related work. This enables information to be speedily and appropriately filed, so that it can be retrieved when it is next required.
12.2 Electronic records must be maintained in a system that ensures they are
properly stored and protected throughout their life cycle, including migration across systems.
12.3 The movement and location of records must be controlled to ensure that a
record can be easily retrieved at any time, that any outstanding issues can be dealt with, and that there is an auditable trail of record transactions.
12.4 Records must always be kept securely and when a room containing records
is left unattended, it should be locked. A sensible balance should be achieved between the needs for security and accessibility.
12.5 Storage accommodation for current records must be clean and tidy, prevent
damage to the records and provide a safe working environment for staff.
12.6 Electronic records have been used for many years and courts will accept these as evidence (we must not forget the “best evidence” rule which is that where a paper record exists, it will be expected to be produced. If it does not exist then the electronic form becomes the best evidence). With the advancement of new technology transfer of information to electronic format has become much easier. Maintenance in terms of back-up and planned migration to new platforms must be designed and scheduled to ensure continuing access to readable information.
Electronic processing of information is a cost effective way to capture and store images of otherwise bulky or deteriorating archival material to:
• Minimise storage costs of materials, which would otherwise face
destruction.
• Make copies available for other users (such as for release to Solicitors, Patient’s, other Trusts, Prison Service etc.) whilst safeguarding the original.
• Reduce the storage space occupied by low activity paper records.
Page 11
12.7 Increasingly, information technology is being introduced into the workplace.
For instance, if an electronic document is to be produced as evidence in court cases, it will only be accepted if assurances can be given that the computer was not misused and was operating properly at the time the record was produced.
12.8 The principles of good record management practice apply equally to
records created manually and electronically.
12.9 The Trust uses all of these methods of storage and needs to ensure that robust procedures are in place to ensure the appropriate levels of security and accessibility.
13.0 RETENTION and DISPOSAL SCHEDULES
13.1 It is a fundamental requirement that all of the Trust’s records are retained
for a minimum period of time for legal, operational, research and safety reasons. The length of time for retaining records will depend on the type of record and its importance to the Trust’s business functions.
13.2 Records, both paper and electronic, should not be kept for longer than
necessary. 13.3 The Trust has adopted the retention periods set out in the Records
Management: NHS Code or Practice for Health and Social Care 2016. (A retention table is available as appendix A)
To see the full Records Management: NHS Code of Practice for Health and Social Care 2016, please click on this link hhttps://digital.nhs.uk/information-governance-alliance
14.0 TRANSPORTATION OF RECORDS
Patient records and confidential documentation when transported between hospitals, wards, departments etc. via internal post will be transported in the purpose made document bags with seals (Ref: Trust Guidance on Transport of Medical Documentation). If you are transporting records in person you are reminded of your duty of confidence and it is your responsibility to ensure that the records are kept securely.
15.0 RECORDS MANAGEMENT AUDIT 15.1 The Trust will regularly audit compliance with the Records Management
Policy and Supporting Guidance. This process will take place at least annually.
15.2 The audit will:
Page 12
• Assess compliance with the Records Management Policy and Supporting
Guidance; • Include spot checks in a selection of departments to ensure that records
are created, filed, stored, retrieved, scanned and disposed of in line with the policy;
• Highlight where non-conformance to the procedures is occurring and recommend a tightening of controls as required ensuring sound records management.
15.3 The results of audits and any recommendations arising from them will be
reported to the Trust Board or delegated sub group.
15.4 An example of corporate audit records tool is included in Appendix 2.
16.0 TRAINING
16.1 All Trust staff will be made aware of their responsibilities for record- keeping and record management through this policy and the Information Governance Training Tool.
17.0 STRATEGIC OBJECTIVES
• To raise the profile of records management
• To assess the current position of record keeping within the Trust and develop
a records management programme.
• To develop professional and generic standards and ensure best practice in record management throughout the Trust.
• To ensure maintenance of record keeping and management, in line with legal
requirements.
• To include records management in Trust business objectives and plans, to ensure appropriate resource allocation.
• To promote, both internally and externally, an awareness of the current rules
on records management related issues, such as data protection and access to patient information by staff and/or third parties.
• To ensure that consistent and appropriate policies and procedures are in
place and adhered to in order to meet legal and moral obligations in respect of records.
• To ensure that any individual/specific record management policies and
strategies are developed within the Trust, and are cohesive with and incorporated into the records management strategy.
Page 13
• To continue to support electronic record keeping options, as a means of improving records management and of achieving the intrinsic legibility, timeliness, accuracy, completeness, accessibility and storage benefits.
18.0 REFERENCES & OTHER SOURCES OF INFORMATION
• Nursing & Midwifery Guidelines for Records & Records Keeping www.nmc-
uk.org
• British Medical Association Guidelines www.bma.org.uk
• Listening Responding and Improving – PALS and Complaints Policy No. 4.26
• Risk Management Policy No. 4.18
• Incident Reporting Policy No. 5.01
• Confidentiality of Patient & Employee Records Personal Information Policy No. 7.01
• Access to Health & Employee Records Policy No. 7.02
• Information Governance Policy No. 7.08
• Information Security and Data Protection Policy No. 7.03
• Policy on Health Records Management & Standards No. 7.17
• North Staffordshire Combined Healthcare NHS Trust, Corporate Standards
• GENESYS manual
• HSC1999/012: Caldicott Guardians ‘Protecting and Using Patient Information’
• Information Commissioner (Data Protection & Freedom of Information
Acts) https://ico.org.uk/
• Caldicott Guardian https://www.gov.uk/
• Public Record Office (PRO) www.nationalarchives.gov.uk
• NHS Confidentiality Code of Practice https://www.gov.uk/
• The Records Management: NHS Code of Practice for Health and Social Care 2016 https://digital.nhs.uk/information-governance-alliance
• The Care Record Guarantee https://www.gov.uk/
• Research Policy No. 1.52a
Page 14
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
1. Care Records with standard retention periods
Electronic Patient Records System (EPR)
See notes See notes Destroy Where the electronic system has the capacity to destroy records in line with the retention schedule and where a metadata stub can remain demonstrating that a record has been destroyed, then the Code should be followed in the same way for electronic records as for paper records with a log being kept of the records destroyed. If the system does not have the capacity, then once the records have reached the end of their retention periods they should be inaccessible to users of the system and upon decommissioning, the system (along with audit trails) should be retained for the retention period of the last entry related to the schedule.
Mental Health records
Discharge or patient last seen
20 years or 8 years after the patient has died
Review and if no longer needed confidentially destroy
Covers records made where the person has been cared for under the Mental Health Act 1983 as amended by the Mental Health Act 2007. This included psychology records. Retention solely for any persons who have been sectioned under the Mental Health Act 1983 must be considerably longer than 20 years where the case may be ongoing. Very mild forms of adult mental health treated in a community setting where a full recovery is made may consider treating as an adult records and keep for 8 years after discharge. All must be reviewed prior to destruction taking into account any serious incident retentions.
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
2. Care Records with Non-Standard Retention Periods
Medical record of a patient with Creutzfeldt-Jakob Disease (CJD)
Diagnosis 30 years or 8 years after the patient has died
Review and consider transfer to a place of deposit
For the purposes of clinical care the diagnosis records of CJD must be retained. Where the CJD records are in a main patient file the entire file must be retained. All must be reviewed prior to destruction taking into account any serious incident retentions.
Record of long term illness or an illness that may reoccur
Discharge or patient last seen
30 years or 8 years after the patient has died
Review and confidentially destroy
Necessary for continuity of clinical care. The primary record of the illness and course of treatment must be kept of a patient where the illness may reoccur or is a life long illness.
3. Pharmacy
The IGA is currently reviewing this section. As an interim measure you can view a list of Pharmacy records and their associated retention periods and actions by clicking on the links. Information relating to controlled drugs
Creation See notes Review and if no longer needed confidentially destroy
NHS England and NHS BSA guidance for controlled drugs can be found at: http://www.nhsbsa.nhs.uk/PrescriptionServices/1120.aspx https://www.england.nhs.uk/wp-content/uploads/2013/11/som-cont-drugs.pdf The Medicines, Ethics and Practice (MEP) guidance can be found at the link (subscription required): http//www.rpharms.com/support/mep.asp Guidance from NHS England is that locally held controlled drugs information should be retained for 7 years. NHS BSA will hold primary data for 20 years and then review. NHS East and South East Specialist Pharmacy Services have prepared pharmacy records guidance including a specialised retention schedule for pharmacy. Please see:
Page 16
http://www.medicinesresources.nhs.uk/en/NICE-Profile/Login/
RECORD
TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
4. Event & Transaction Records
Clinical Audit Creation 5 Years Confidentially destroy
Chaplaincy Records
Creation 2 years Review & consider transfer to a place of deposit
See also Corporate Governance Records
Clinical Diaries End of the year to which they relate
2 years Confidentially destroy
Diaries of clinical activity & visits must be written up and transferred to the main patient file. If the information is not transferred the diary must be kept for 8 years.
Clinical Protocols
Creation 25 years Review and consider transfer to a Place of Deposit
Clinical protocols may have archival value. They may also be routinely captured in clinical governance meetings which may form part of the permanent record (see Corporate Governance Records).
Datasets released by HSCIC under a data sharing agreement
Date specified in the data sharing agreement
Delete with immediate effect
Delete according to HSCIC instruction
http://www.hscic.gov.uk/media/15729/Dars-Data-Sharing-Agreement/pdf/Data_Sharing_Agreement_2015v2%28restricted_editing%29.pdf
Destruction Certificates or Electronic Metadata destruction stubs or records of clinical
Destruction of records or information
20 years Review and consider transfer to a Place of Deposit
Destruction certificates created by public bodies are not covered by an instrument of retention and if a Place of Deposit or the National Archives do not class them as records of archival importance they are to be destroyed after 20 years.
Page 17
information held on destroyed physical media Equipment maintenance logs
Decommissioning of the equipment
11 years Review and consider transfer to a Place of Deposit
Inspection of equipment records
Decommissioning of the equipment
11 years Review and if no longer needed destroy
Notifiable disease book
Creation 6 years Review and if no longer needed confidentially destroy
Patient Property Books
End of the year to which they relate
2 years Review and if no longer needed confidentially destroy
Referrals not accepted
Date of rejection 2 years as an ephemeral record
Review if no longer needed confidentially destroy
The rejected referral to the service should also be kept on the originating service life.
Requests for funding for care not accepted
Date of rejection 2 years as an ephemeral record
Review and if no longer needed confidentially destroy
Smoking cessation
Closure of 12 week quit period
2 years Review and if no longer
Page 18
needed confidentially destroy
Ward handover sheet
Date of handover 2 years Review and if no longer needed destroy confidentially destroy
This retention relates to the ward. The individual sheets held by staff must be destroyed confidentially at the end of the shift.
Page 19
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
5. Deaths Body release forms
Creation 2 years Review and consider transfer to a Place of Deposit
Death – cause of death certificate counterfoil
Creation 2 years Review and consider transfer to a place of Deposit
6. Clinical Trials & Research
Please refer to the Department of Health – Records Management: Code of Practice
Please refer to the Trust Policy Research Governance Policy No. 1.52a
Page 20
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
7 Corporate Governance Board Meetings Creation Before 20
years but as soon as practically possible
Transfer to a Place of Deposit
Board Meetings (Closed Boards)
Creation May retain for 20 years
Transfer to a Place of Deposit
Although they may contain confidential or sensitive material they are still a public record and must be transferred at 20 years with any FOI exemptions notes or duty of confidence indicated.
Chief Executive records Creation May retain for 20years
Transfer to a Place of Deposit
This may include emails and correspondence where they are not already included in the board papers and they are considered to be of archival interest.
Committees listed in the Scheme of Delegation or that report into the Board and major projects
Creation Before 20 years but as soon as practically possible
Transfer to a Place of Deposit
Committees/Groups/Sub-committees not listed in the scheme of delegation
Creation 6 years Review and if no longer needed confidentially destroy
Includes minor meetings / projects and departmental business meetings.
Destruction Certificates or Electronic Metadata destruction stub or record of information held on destroyed physical media
Destruction of record or information
20 years Consider Transfer to a Place of Deposit or if no longer needed to destroy
The Public Records Action 1958 limits the holding of records to 20 years unless there is an instrument issued by the Minister with responsibility for administering the Act. If records are not excluded by such an instrument they must either be transferred to a Place of Deposit as a public record or destroyed 20 years after the record has been closed.
Incidents (serious) Date of incident 20 years Review and consider transfer to a
Page 21
Place of Deposit
Incidents (not serious) Date of incident 10 years Review and if no longer needed confidentially destroy
Non-Clinical Quality Assurance Records
End of year to which the assurance relates
12 years Review and if no longer needed destroy
Patient Advice and Liaison Service (PALS) records
Close of financial year
10 years Review and if no longer needed confidentially destroy
Policies, strategies and operating procedures including business plans
Creation Life of organisation plus 6 years
Review and consider transfer to a Place of Deposit
Page 22
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
7. Communications
Intranet site Creation 6 years Review and consider transfer to a place of Deposit
Patient information leaflets
End of use 6 years Review and consider transfer to a Place of Deposit
Press releases and important internal communications
Release Date 6 years Review and consider transfer to a Place of Deposit
Press releases may form a significant part of the public record or an organisation which may need to be retained.
Public consultations End of consultation 5 years Review and consider transfer to a Place of Deposit
Website Creation 6 years Review and consider transfer to a Place of Deposit
Page 23
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
8. Staff Records & Occupational Health Although pension information is routinely retained until 100th birthday by the NHS Pensions Agency employers must retain a portion of the staff record until the 75th birthday. All employee Records/documents are retained with the last employing team.
Duty Roster Close of financial year
6 years Review if no longer needed confidentially destroy
Occupational Health Reports
Staff member leaves
Keep until 75th birthday or 6 years after the staff member leaves whichever is sooner
Review and if no longer needed confidentially destroy
Occupational Health report of staff member under health surveillance
Staff member leaves
Keep until 75th birthday
Review and if no longer needed confidentially destroy
Staff Record Staff member leaves
Keep until 75th birthday (see notes)
Create staff record summary then review or confidentially destroy the main file
This includes (but is not limited to) evidence of right to work, security checks and recruitment documentation for the successful candidate include job adverts and application forms. May be destroyed 6 years after the staff member leaves or the 75th birthday, which is sooner, if a summary has been made.
Staff Record Summary 6 years after the staff member leaves
75th birthday Place of Deposit should be offered for
Page 24
continues retention or confidentially destroy
Timesheets (original record)
Creation 2 years Review and if no longer required confidentially destroy
Staff Training Records Creation See notes Review and consider transfer to a Place of Deposit
Records of significant training must be kept until 75th birthday or 6 years after the staff member leaves. It can be difficult to categorise staff training records as significant as this can depend upon the staff member’s role. The IGA recommends:
• Clinical training records – to be retained until 75th birthday or six years after the staff member leaves, whichever is the longer
• Statutory and mandatory training records – to be kept for ten years after training completed
• Other training records – keep for six years after training completed.
Page 25
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
9. Procurement
Contracts sealed or unsealed
End of contract 6 years Review and if no longer needed confidentially destroy
Contracts – financial approval files
End of contract 15 years Review and if no longer needed confidentially destroy
Contracts - financial approved suppliers documentation
When supplier finishes work
11 years Review and if no longer needed confidentially destroy
Tenders (successful) End of contract 6 years Review and if no longer needed confidentially destroy
Tenders (unsuccessful) Award of tender 6 years Review and if no longer needed confidentially destroy
Page 26
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
10. Estates
Building plans and records of major building work
Completion of work Lifetime of the building or disposal of asset plus 6 years
Review and consider transfer to a Place of Deposit
Building plans and records of works are potentially of historical interest and where possible be kept and transferred to a Place of Deposit.
CCTV See ICO Code of Practice
Review and if no longer need confidentially destroy
ICO Code of Practice: https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf The length of retention must be determined by the purpose for which the CCTV has been deployed. The recorded images will only be retained long enough for any incident to come to light (e.g. for a theft to be noticed) and the incident to be investigated.
Equipment monitoring and testing and maintenance work where asbestos is a factor
Completion of monitoring or test
40 years Review and if no longer needed destroy
Equipment monitoring and testing and maintenance work
Completion of monitoring or test
10 years Review and if no longer needed destroy
Inspection reports End of lifetime of installation
Lifetime of installation
Review
Leases Termination of lease
12 years Review and if no longer needed destroy
Minor building works Completion of work Retain for 6 years
Review and if no longer needed destroy
Photographic collections Close of collection Retain for Consider The main reason for maintaining photographic collections is for
Page 27
of service locations and events and activities
not more than 20 years
transfer to a Place of Deposit
historical legacy of the running and operation of an organisation. However, photographs may have subsidiary uses for legal enquiries.
Radioactive Waste Creation 30 years Review and if no longer needed destroy
Sterilix Endoscopic Disinfector Daily Water Cycle Test, Purge Test, Ninhydrin Test
Date of test 11 years Review and if no longer needed destroy
Surveys End of lifetime of installation or building
Lifetime of installation or building
Review and consider transfer to Place of Deposit
Page 28
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
11. Finance
Accounts Close of financial year
3 years Review and if no longer needed destroy
Includes all associated documentation and records for the purpose of audit as agreed by auditors
Benefactions End of financial year
8 years Review and consider transfer to Place of Deposit
These may already be in the financial accounts and may be captured in other records / reports or committee papers. For benefactions, endowment, Trust fund / legacies, offer to a Place of Deposit.
Debtor records cleared Close of financial year
2 years Review and if no longer needed confidentially destroy
Debtor records not cleared
Close of financial year
6 years Review and if no longer needed confidentially destroy
Donations Close of financial year
6 years Review and if no longer needed confidentially destroy
Expenses Close of financial year
6 years Review and if no longer needed destroy
Final annual accounts report
Creation Before 20 years
Transfer to Place of Deposit if not
Should be transferred to a Place of Deposit as soon as practically possible.
Page 29
transferred with the board papers.
Financial records of transactions
End of financial year
6 years Review and if no longer needed destroy
Petty cash End of financial year
2 years Review and if no longer needed destroy
Private Finance initiative (PFI) files
End of PFI Lifetime of PFI
Review and consider transfer to Place of Deposit
Salaries paid to staff Close of financial year
10 years Review and if no longer needed confidentially destroy
Superannuation records Close of financial year
10 years Review and if no longer needed confidentially destroy
Page 30
RECORD TYPE Retention Start Retention
period DISPOSAL METHOD
NOTES
12. Legal, Complaints & Information Rights
Complaints case file Close of incident (see notes)
10 years Review and if no longer needed confidentially destroy
http://www.national archives.gov.uk/documents/information-management/sched_complaints.pdf The incident is not closed until all subsequent processes have ceased including litigation. The file must not be kept on the patient file. A separate file must always be maintained.
Fraud case files Case closure 6 years Review and if no longer needed confidentially destroy
Freedom of Information (FOI) requests and responses and any associated correspondence
Closure of FOI request
3 years Review and if no longer needed destroy
Where redactions have been made it is important to keep a copy of the redacted disclosed documents or if not practical to keep a summary of the redactions.
FOI requests where there has been a subsequent appeal
Closure of appeal 6 years Review and if no longer needed destroy
Industrial relations including tribunal case records.
Close of financial year
10 years Review and consider transfer to a Place of Deposit
Some organisations may record these as part of the staff record but in most cases they will form a distinct separate record either held by the staff member / manager or by the payroll team for processing.
Litigation records Closure of case 10 years Review and consider transfer to a Place of Deposit
Patents / trademarks / End of lifetime of Lifetime of Review and
Page 31
copyright / intellectual property
patent or termination of licence / action
patient or 6 years from end of licence / action
consider transfer to Place of Deposit
Software licences End of lifetime of software
Lifetime of software
Review and if no longer needed destroy
Subject Access Request (SAR) and disclosure correspondence
Closure of SAR 3 years Review and if no longer needed confidentially destroy
Subject Access Request where there has been a subsequent appeal
Closure of appeal 6 years Review and if no longer needed confidentially destroy
Transfer to a Place of Deposit – The Public Records Act 1958 require organisations to select core records for permanent preservation at the relevant Place of Deposit to discuss and organise the transfer of records you must contact them; for North Staffordshire Combined Healthcare NHS Trust, the Place of Deposit is: The National Archives Staffordshire & Stoke-on-Trent Archive Service Staffordshire Record Office Eastgate Street Stafford ST16 1LZ Telephone: 01785 278379
Page 32
Appendix 2 Corporate Audit Records Tool Name of Record Held Type of Records Location of records If electronic records, is
there a back up system? Why do you collect this record?
Where does the information come from?
Does the record include personal / confidential data?
Is the record shared outside the department?
If yes, where is the record shared?
Approximately how many of these records are held?
Is there a register of the records?
Is there a register of the records?
If yes, where is the register held?
If the register is held electronically, is there a back up system?
Are the records tracked if they leave the department?
Is there business continuity in place for this record?
Has a retention period been identified for this period?
If yes, how long is the record retained for?
How are retention period reviewed and maintained?
Following the agreed retention period, are the records archived or destroyed?
If records are archived, where is the archive held?
Page 33