scope · web view2020-01-16 · corporate governance. patient advice and liaison service (pals)...
TRANSCRIPT
Information Lifecycle and Data
Quality Protocol
Policy Title / Reference
Author Owner
Information Lifecycle and Data Quality Protocol
Emma Cooper, Cluster DPO (Kafico)
Practice Manager
Version Revision author Version comments1 Emma Cooper, Kafico
LtdJan 18 New Draft
1.1 Emma Cooper, Kafico Ltd
Jan 2019 Replaced 1998 DPA with 2018 Act. Replaced GDPR with “data protection legislation”.
1.2 Paul Cook, DPO Nov 2019 Taken over DPO service and reviewed policies
Contents1. Scope..............................................................................................................2
2. Definitions.......................................................................................................2
3. Introduction.....................................................................................................2
4. Statutory Mandatory Framework.....................................................................2
5. Accountable Parties.........................................................................................3
6. What Information is Covered?.........................................................................3
7. What is a Record?............................................................................................4
8. Creation...........................................................................................................4
9. Using / Storage................................................................................................5
10. Retention......................................................................................................6
11. Destruction...................................................................................................6
12. General Practitioner Records........................................................................7
13. Change of Contract / Service Provider..........................................................7
14. National Data Standards..............................................................................8
15. NHS Number.................................................................................................8
16. Accuracy and Quality...................................................................................8
17. Information Incidents...................................................................................9
18. Associated Protocols..................................................................................10
19. Audit Schedule...........................................................................................10
20. Review........................................................................................................10
Appendix A: AoMRC Standards for Medical Records............................................11
1. ScopeThis protocol applies to all staff working at Bildeston Health Centre.
2. DefinitionsPersonal Confidential Information This term is intended to cover information
captured by the Data Protection Act 2018 / GDPR (identifiable information about the living), information covered by the Common Law Duty of Confidence / Tort of Misuse of Private Information and finally, information covered by Article 8 European Convention for Human Rights.
3. IntroductionThis protocol intends to support staff in recognising records and appropriate management of the records lifecycle and to encourage data quality across the organisation.
4. Statutory Mandatory FrameworkRecords of NHS organisations are public records in accordance with Schedule 1 of the Public Records Act 1958. This includes records controlled by NHS organisations under contractual or other joint arrangements, or as inherited legacy records of defunct NHS organisations. This applies regardless of the records format.
Effective records management allows organisations to comply with their legal obligations in respect to transparency and privacy. Being able to locate and rely on records of operations and processing of Personal Confidential Information allows the organisation to be accountable and to operate more effectively.
5. Accountable PartiesSee Information Governance Policy for key roles.
All staff, whether management or administrative, who create, receive and use Personal Confidential Information have responsibilities to ensure management of the full records management lifecycle and the quality of records held by the Practice. Employees have a contractual and legal obligation to read and comply with all company policies and to attend mandatory training to support the appropriate management of information.
6. What Information is Covered?Information is a corporate asset and as such, is an important source of administrative, financial, legal, evidential and historical information; it is vital to the organisation’s future operations, for the purposes of accountability and for an awareness and understanding of its history; information is the corporate memory of the organisation. Information may be held on paper, USB sticks, computer file or printout, laptops, tablets, mobile phones or even heard by word of mouth or telephone.This protocol provides general guidance about records management and data quality. When managing medical records, it is also necessary to comply with the standards identified at Appendix A Standards for Medical Records.
Without high-standards of information quality, supported by systematic processes and practice, we cannot support the delivery of high quality services and continue to improve.
The diagram below identifies the records management lifecycle and each part of the lifecycle needs to be consistently managed to encourage high standards.
7.
What is a Record?A record is information that memorializes and provides evidence of activities performed, events occurred, results achieved, or statements made. Records are created/received by an organisation routinely in the process of its business or in pursuance of its legal obligations. Records include accounts, agreements, books, drawings, letters, magnetic/optical disks, memos, micrographics, etc. Generally speaking, ‘records’ function as evidence of activities, whereas ‘documents’ function as evidence of intentions.Some activity will be predefined as a record that needs to be kept, such as clinical records. Other records are kept because they are a unique instance of an event such as a business document or email.
8. CreationRecords must be created within clinical systems or stored in the shared network
Records must not be stored in personal drives or mobile devices such as mobiles or memory sticks
The filing and naming of records should follow the Function-Activity-Transaction approach.
This means that the top-level folder would be named in line with the function, the second level named in line with the activity and the then in line with the transaction.
Example of
Level 1 – Function – Human Resources
Level 2 – Activity – Recruitment
Level 3 – Transaction – Application Forms / Interview Sheets / Offer Letters
Naming of specific documents should follow a clear consistent method such as including the date of creation or activity, the title and the version.
Example
20180129 Emma Cooper Application Form v1
9. Using / StoragePaper Records
In order to establish the authenticity of paper records and to meet the Care Records Guarantee that the service user can see who has accessed their records, the records must be held in a way that allows The Practice to audit who has accessed it.
Clinical records must be able to be tracked through the entire lifecycle up to destruction, or transfer to the National Archives or an approved place of deposit.
Paper records must be kept in a safe, dry and secure location
Digital Records
Digital information must be stored in such a way that throughout the lifecycle it can be recovered in an accessible format
Systems for storing digital records must provide information about those who have accessed the record, as required by the Care Records Guarantee.
When using digital records within a system such as a database or clinical system, you must provide any requested information such as reason for access
When using a digital record within the shared network such as a Word or Excel document, care must be given to provide ‘metadata’; this will include identifying the author, version, changes made and owner of the document.
Email messages can constitute part of the formal record of a transaction, decision or communication about an issue. All members of staff are responsible for identifying and managing emails messages that constitute a record of their work. When an email is sent or received a decision needs to be made about whether the email needs to be captured as a record. Once an email message has been captured as a record it should be deleted from the email client.
Email messages with attachments. Where an email message has an attachment a decision needs to be made as to whether the email message, the attachment or both should be kept as a record. The decision on whether an email and/or its attachment constitute a record depends on the context within which they were received. It is likely that in most circumstances the attachment should be captured as a record with the email message as the email message will provide the context within which the attachment was used. There are instances where the email attachment might require further work, in which case it would be acceptable to capture the email message and the attachment together as a record and keep a copy of the attachment in another location to be worked on. In
these circumstances the copy attachment that was used for further work will become a completely separate record.
Email messages that can be considered to be records should be captured as soon as possible. Most email messages will form part of an email conversation string. Where an email string has formed as part of a discussion it is not necessary to capture each new part of the conversation, ie every reply, separately. There is no need to wait until the end of the conversation before capturing the email string as several subjects might have been covered. Email strings should be captured as records at significant points during the conversation, rather than waiting to the end of the conversation because it might not be apparent when the conversation has finished.
All information relating to a specific record must be stored together. For example, email messages related to a specific recruitment campaign must be stored in the network Recruitment folder alongside the Application Form and Interview Sheet.Hyperlinks or embedded documents must still work when the document is transferred to different media or later versions
10. RetentionThe Practice uses the Department of Health Records Management Code of Practice to assign retention periods
Once a record has reached the end of the statutory retention period as set by the NHS Records Management Code of Practice, it should be appraised to consider whether and if so, how long, it should be further retained by the organisation. In order to retain records for longer than the statutory retention period you must have a legal basis.
Please see Appendix B for a list of key records and their retention periods.
Email messages that constitute records must be either printed to paper or saved on shared drives. Email messages captured as records should be located with other records relating to the same business activity. Once captured and stored the e-mail becomes subject to the same policy for records retention as any other record.
Personal mailboxes should not be used for long-term storage of email messages. Personal mailboxes should be used for short-term reference purposes, when
these emails are no longer required they should be deleted. Staff are responsible for the management of their emails and must routinely delete nonessential email messages as soon as possible on a regular basis.
Where the record is being retained, there should be a documented consideration of whether the information could be de-identified (direct or indirect identifiers removed) to reduce the risk of an information breach
11. DestructionPaper Records
Paper records can be incinerated, pulped or shredded (using a cross cut shredder) under confidential conditions.
Do not use the domestic waste or put them on a rubbish tip, because they remain accessible to anyone who finds them.
Staff must keep accurate records of destruction and appraisal decisions. Destruction implies a permanent action.
Electronic Records
Destruction of hard assets, like computers and hard drives and backup tapes, must be auditable in respect of the information they hold.
An electronic records management system will retain a metadata stub which will show what has been destroyed.
The Information Commissioners Office has indicated that if information is deleted from a live environment and cannot be readily accessed then this will suffice to remove information for the purposes of the Data Protection Legislation.
12. General Practitioner RecordsIt is important to note that the General Practitioner (GP) record is the primary record of care.
The majority of other services must inform the GP through a discharge note or a clinical correspondence that the patient has received care.
This record is to be retained for the life of the patient plus at least ten years after death.
The GP record must transfer with the individual as they change GP throughout their lifetime.
Following the move to digital GP records after the ‘paperlite’ accreditation process there was an instruction not to destroy the paper Lloyd George folders.
The GP2GP programme still requires the Lloyd George paper records to be transferred until further notice
GPs are obliged by their contract to follow the NHS Digital, DH and NHS England good practice guidance.
13. Change of Contract / Service ProviderWhen a service provider is changed, the exiting service provider still has a liability for the work they have done and so the records must be retained until the time period for liability has expired. Once this period of liability is over arrangements should be made and documented for either the destruction of the information or the transfer and deletion of the information.
Where legislation creates or disbands public sector organisations, the legislation will normally specify which organisation holds liability for any action conducted by a former organisation.
Where the contract change relates to delivery of health and social care, it may be necessary to inform the individuals concerned about the change.
Where there is little impact upon those receiving care, it may be sufficient to use posters and leaflets to inform people about the change, but more significant changes may require individual communications or obtaining explicit consent.
Although the conditions of Data Protection legislation may be satisfied in many cases there is still a duty of confidence which requires a patient or client (in some cases) to agree to the transfer.
If The Practice is adopting a new service, a full inventory of transferring records should be obtained. Likewise, when surrendering a service to a new provider, The Practice should provide an inventory.
14. National Data StandardsThe use of national data standards should be incorporated were it supports the appropriate sharing, exchange and monitoring of information.
Systems and processes should be evaluated to consider what national data standards are relevant and how they will be incorporated.
Any risks from not using these standards will be considered, recorded and appropriately managed.
15. NHS Number The NHS Number is the unique identifier within the Health Service.
Where available, it must be incorporated into all correspondence with patients and relevant information systems to ensure that the correct individual is identified.
This has been a policy requirement for a number of years, but Health and Social Care (Safety and Quality) Act 2015 provide a further mandate with statutory force; where the requirement can be met, it is a legal requirement to do so.
16. Accuracy and QualityIt is understood that errors and inaccuracies will occur in Information.
Systems, process and analysis during the lifecycle of the information need to identify the causes of any errors, the relevant margin of error introduced into any subsequent use of the Information and the appropriate action taken.
This includes understanding the context of any Information or Data Set, to ensure that “outliers”, results that fall outside expected ranges, are investigated to determine if there are any resulting Information Quality concerns.
It is important to determine and maintain a view of expected ranges of information to support the principles of Information Quality.
A Data Protection Impact Assessment should be completed for new processing activities to determine how data quality will be maintained
Information Asset Owners should determine and document the specific data quality measures in place for the Information Asset
Information coming in to The Practice must be checked for accuracy and completeness
Where incomplete, they should be returned to the sending organisation and the issues flagged with the appropriate lead
Manual quality checks should be completed on correspondence containing Personal Confidential Information
Systems should have the capacity to run data quality reports to identify duplications or incomplete records
Procurement of systems should include built in measures to maintain data quality such as reduction of free text boxes and the use of drop down lists
Integration with other systems should consider data validation and the potential for errors requiring manual intervention
Data Quality audits must be completed regularly and the results reporting into the Information Governance Lead or Data Protection Officer
Where errors are identified, appropriate mitigation is required. This includes correction, where relevant, analysis of process and appropriate action, and ongoing monitoring.
Understanding the cause of error and its likely consequence are a key component of improving Information Quality or managing issues that cannot be addressed through appropriate controls.
17. Information IncidentsAny suspected or actual incidents involving Personal Confidential Information must be reported immediately in line with the Information Incident Protocol.
18. Associated ProtocolsThis policy should be read in conjunction with;
Risk Management Policy Change Management Policy Information Governance Policy Information Rights Protocol Information Sharing and Privacy Protocol Information Lifecycle and Data Quality Protocol Information and Cyber Security Protocol Information Incident Protocol Information Risk and Audit Protocol Data Protection Impact Assessment Protocol
Freedom of Information Protocol Subject Access Request Protocol Prescription Pickup Protocol
19. Audit ScheduleCompliance with this protocol will be audited and the results fed into the Plan, Do, Check, Act Cycle described in the Information Risk and Audit Protocol.
20. ReviewThis protocol will be reviewed every year or sooner where necessary.
Appendix A: Academy of Medical Royal Colleges Standards for Medical Records
Appendix BBelow are retention periods pertinent to the GP’s if there is a retention not featured below please refer to the full NHS Records Management Code of Practice. Patient records have not been included due to them being deducted by PCSE.
Broad descriptor
Record Type Retention Start
Retention period
Action at end of retention period
Notes
Corporate Governance
Board Meetings Creation Before 20 years but as soon as practically possible
Transfer to a Place of Deposit
Corporate Governance
Board Meetings (Closed Boards)
Creation May retain for 20 years
Transfer to a Place of Deposit
Although they may contain confidential or sensitive material they are still a public record and must be transferred at 20 years with any FOI exemptions noted or duty of confidence indicated.
Corporate Governance
Chief Executive records
Creation May retain for 20 years
Transfer to a Place of Deposit
This may include emails and correspondence where they are not already included in the board papers and they are considered to be of archival interest.
Corporate Governance
Committees Listed in the Scheme of Delegation or that report into
Creation Before 20 years but as soon as practically
Transfer to a Place of Deposit
the Board and major projects
possible
Corporate Governance
Committees/ Groups / Sub-committees not listed in the scheme of delegation
Creation 6 Years Review and if no longer needed destroy
Includes minor meetings/projects and departmental business meetings
Corporate Governance
Destruction Certificates or Electronic Metadata destruction stub or record of information held on destroyed physical media
Destruction of record or information
20 Years Consider Transfer to a Place of Deposit and if no longer needed to destroy
The Public Records Act 1958 limits the holding of records to 20 years unless there is an instrument issued by the Minister with responsibility for administering the Public Records Act 1958. If records are not excluded by such an instrument they must either be transferred to a place of deposit as a public record or destroyed 20 years after the record has been closed.
Corporate Governance
Incidents (serious)
Date of Incident
20 Years Review and consider transfer to a Place of Deposit
Corporate Governance
Incidents (not serious)
Date of Incident
10 Years Review and if no longer needed
destroy
Corporate Governance
Non-Clinical Quality Assurance Records
End of year to which the assurance relates
12 years Review and if no longer needed destroy
Corporate Governance
Patient Advice and Liaison Service (PALS) records
Close of financial year
10 years Review and if no longer needed destroy
Corporate Governance
Policies, strategies and operating procedures including business plans
Creation Life of organisation plus 6 years
Review and consider transfer to a Place of Deposit
Communications
Intranet site Creation 6 years Review and consider transfer to a Place of Deposit
Communications
Patient information leaflets
End of use 6 years Review and consider transfer to a Place of Deposit
Communications
Press releases and important internal communications
Release Date
6 years Review and consider transfer to a Place of Deposit
Press releases may form a significant part of the public record of an organisation which may need to be retained
Communications
Public consultations
End of consultation
5 years Review and consider transfer to a Place of Deposit
Communications
Website Creation 6 years Review and consider transfer to a Place of Deposit
Staff Records & Occupational Health
Duty Roster Close of financial year
6 years Review and if no longer needed destroy
Staff Records & Occupational Health
Exposure Monitoring information
Monitoring ceases
40 years/5 years from the date of the last entry made in it
Review and if no longer needed destroy
A) Where the record is representative of the personal exposures of identifiable employees, for at least 40 years or B) In any other case, for at least 5 years.
Staff Records & Occupational Health
Occupational Health Reports
Staff member leaves
Keep until 75th birthday or 6 years after the staff member leaves whichever is sooner
Review and if no longer needed destroy
Staff Records & Occupational Health
Occupational Health Report of Staff member under health surveillance
Staff member leaves
Keep until 75th birthday
Review and if no longer needed destroy
Staff Records & Occupational Health
Occupational Health Report of Staff member under health surveillance where they have been subject to radiation doses
Staff member leaves
50 years from the date of the last entry or until 75th birthday, whichever is longer
Review and if no longer needed destroy
Staff Records & Occupational Health
Staff Record Staff member leaves
Keep until 75th birthday (see Notes)
Create Staff Record Summary then review
This includes (but is not limited to) evidence of right to work, security checks and recruitment documentation for the successful candidate including job adverts and application forms. May be destroyed 6 years after the
or destroy the main file.
staff member leaves or the 75th birthday, whichever is sooner, if a summary has been made.
Staff Records & Occupational Health
Staff Record Summary
6 years after the staff member leaves
75th Birthday
Place of Deposit should be offered for continued retention or Destroy
Please see page 36 for an example of a Staff Record Summary used by an organisation.
Staff Records & Occupational Health
Timesheets (original record)
Creation 2 years Review and if no longer needed destroy
Staff Records & Occupational Health
Staff Training records
Creation See Notes Review and consider transfer to a Place of Deposit
Records of significant training must be kept until 75th birthday or 6 years after the staff member leaves. It can be difficult to categorise staff training records as significant as this can depend upon the staff member’s role. The IGA recommends: 1 Clinical training records - to be retained until 75th birthday or six years after the staff member leaves, whichever is the longer2 Statutory and mandatory training records - to be kept for ten years after training completed3Other training records - keep for six years after training completed.
Procurement Contracts sealed
or unsealedEnd of contract
6 years Review and if no longer needed destroy
Procurement Contracts - financial approval files
End of contract
15 years Review and if no longer needed destroy
Procurement Contracts - financial approved suppliers documentation
When supplier finishes work
11 years Review and if no longer needed destroy
Procurement Tenders (successful)
End of contract
6 years Review and if no longer needed destroy
Procurement Tenders (unsuccessful)
Award of tender
6 years Review and if no longer needed destroy
Estates Building plans and records of major building work
Completion of work
Lifetime of the building or disposal of asset plus
Review and consider transfer to a Place of
Building plans and records of works are potentially of historical interest and where possible be kept and transferred to a place of deposit
six years Deposit
Estates CCTV See ICO Code of Practice
Review and if no longer needed destroy
"ICO Code of Practice: https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf The length of retention must be determined by the purpose for which the CCTV has been deployed. The recorded images will only be retained long enough for any incident to come to light (e.g. for a theft to be noticed) and the incident to be investigated.
Estates Equipment monitoring and testing and maintenance work where asbestos is a factor
Completion of monitoring or test
40 years Review and if no longer needed destroy
Estates Equipment monitoring and testing and maintenance work
Completion of monitoring or test
10 years Review and if no longer needed destroy
Estates Inspection reports
End of lifetime of installation
Lifetime of installation
Review
Estates Leases Termination of lease
12 years Review and if no longer
needed destroy
Estates Minor building works
Completion of work
retain for 6 years
Review and if no longer needed destroy
Estates Photographic collections of service locations and events and activities
Close of collection
Retain for not more than 20 years
Consider transfer to a place of deposit
The main reason for maintaining photographic collections is for historical legacy of the running and operation of an organisation. However, photographs may have subsidiary uses for legal enquiries.
Estates Radioactive Waste
Creation 30 years Review and if no longer needed destroy
Estates Sterilix Endoscopic Disinfector Daily Water Cycle Test, Purge Test, Nynhydrin Test
Date of test 11 years Review and if no longer needed destroy
Estates Surveys End of lifetime of installation or building
Lifetime of installation or building
Review and consider transfer to Place of
Deposit
Finance Accounts Close of financial year
3 years Review and if no longer needed destroy
Includes all associated documentation and records for the purpose of audit as agreed by auditors
Finance Benefactions End of financial year
8 years Review and consider transfer to Place of Deposit
These may already be in the financial accounts and may be captured in other records/reports or committee papers. Where benefactions endowment trust fund/legacies - permanent retention.
Finance Debtor records cleared
Close of financial year
2 years Review and if no longer needed destroy
Finance Debtor records not cleared
Close of financial year
6 years Review and if no longer needed destroy
Finance Donations Close of financial year
6 years Review and if no longer needed destroy
Finance Expenses Close of financial year
6 years Review and if no longer needed
destroy
Finance Final annual accounts report
Creation Before 20 years
Transfer to place of deposit if not transferred with the board papers
Should be transferred to a place of deposit as soon as practically possible
Finance Financial records of transactions
End of financial year
6 Years Review and if no longer needed destroy
Finance Petty cash End of financial year
2 Years Review and if no longer needed destroy
Finance Private Finance initiative (PFI) files
End of PFI Lifetime of PFI
Review and consider transfer to Place of Deposit
Finance Salaries paid to staff
Close of financial year
10 Years Review and if no longer needed
destroy
Finance Superannuation records
Close of financial year
10 Years Review and if no longer needed destroy
Legal, Complaints & information Rights
Complaints case file
Closure of incident (see Notes)
10 years Review and if no longer needed destroy
"http://www.nationalarchives.gov.uk/documents/information-management/sched_complaints.pdfThe incident is not closed until all subsequent processes have ceased including litigation. The file must not be kept on the patient file. A separate file must always be maintained.
Legal, Complaints & information Rights
Fraud case files Case closure 6 years Review and if no longer needed destroy
Legal, Complaints & information Rights
Freedom of Information (FOI) requests and responses and any associated correspondence
Closure of FOI request
3 years Review and if no longer needed destroy
Where redactions have been made it is important to keep a copy of the redacted disclosed documents or if not practical to keep a summary of the redactions.
Legal, Complaints & information Rights
FOI requests where there has been a subsequent
Closure of appeal
6 years Review and if no longer needed destroy
appeal
Legal, Complaints & information Rights
Industrial relations including tribunal case records
Close of financial year
10 Years Review and consider transfer to a Place of Deposit
Some organisations may record these as part of the staff record but in most cases they will form a distinct separate record either held by the staff member/manager or by the payroll team for processing.
Legal, Complaints & information Rights
Litigation records
Closure of case
10 years Review and consider transfer to a Place of Deposit
Legal, Complaints & information Rights
Patents / trademarks / copyright / intellectual property-
End of lifetime of patent or termination of licence/action
Lifetime of patent or 6 years from end of licence /action
Review and consider transfer to Place of Deposit
Legal, Complaints & information Rights
Software licences
End of lifetime of software
Lifetime of software
Review and if no longer needed destroy
Legal, Complaints & information Rights
Subject Access Requests (SAR) and disclosure correspondence
Closure of SAR
3 Years Review and if no longer needed destroy
Legal, Complaints & information Rights
Subject access requests where there has been a subsequent appeal
Closure of appeal
6 Years Review and if no longer needed destroy