Policy: R9 Records Management and Information Lifecycle Policy Incorporating the Records Management Information Lifecycle Strategy Version:

R9/07

Ratified by:

Trust Management Team

Date ratified:

16th April 2014

Title of Author:

Records Management Consultant

Title of responsible Director

Medical Director

Governance Committee

Trust Information and Governance Group

cords Information Lifecycle Policy Date issued:

17th April 2014

Review date:

October 2015

Target audience:

All staff Trust wide

Disclosure Status

B - Can be disclosed to patients and the public

N/A

EIA / Sustainability Implementation Plan

Other Related Procedures or Documents: H8 - Medical Records Policy;

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 1 of 34 This is version R9/07 - April 2014

Equality & Diversity statement The Trust strives to ensure its policies are accessible, appropriate and inclusive for all. Therefore all policies will be required to undergo an Equality Impact Assessment and will only be approved once this process has been completed Sustainable Development Statement The Trust aims to ensure its policies consider and minimise the sustainable development impacts of its activities. All policies are therefore required to undergo a Sustainable Development Impact Assessment to ensure that the financial, environmental and social implications have been considered. Policies will only be approved once this process has been completed

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 2 of 34 This is version R9/07 - April 2014

Version Control Sheet Version

Date

R9/01

Feb 08

R9/02

April 08

R9/02

April 08

R9/03

R9/04

R9/05

Status

Comment

Information Governance Manager Information Governance Manager Information Governance Manager

N/A

New Policy developed

Draft for ED’s

Incorporating amendments from IG Forum members

Draft for ED’s - to ODG meeting held 23/04/08

ODG agreed the revised policy and strategy would be sent out for Trust st wide consultation period ending 1 August 08

Oct 08

Information Governance Manager

New Policy issued to staff on 10.10.10

Do you want to change erroneous date?

March 2010

IG Manager

Working document

Information Governance Manager

Revised Policy issued

Information Governance Manager

Revised Policy

Update to Policy name and contents to reflect Department of Health Information Governance Toolkit requirements Submitted to Trust Policy Review th Group 6 April 2010. Further work done to ensure NHSLA compliant. Following consultation ending 06.08.10 to be represented at the th PRG on 17 August 2010 – approved. Update to Policy to ensure compliance with NHSLA standards.

th

27 Aug 2010

R9/06

Title of Author

8 August 2011

Amendments: Section 9.1, Retention, Section 12.2 Compliance & Training, Merged and amended Section 13 .1 Audit & Section 14.2 Review and B2.6 Audit and B3 Review to ensure consistency. Removed outdated Implementation Plan. th

R9/07

05 November 2013 – March 2014

Records Management Consultant

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Revised Policy

Present to 25 August Policy Review Group for approval – approved. Updated into new template. All sections amended. Emphasis on Electronic storage as preferred archival. Trustwide consultation ending 23.12.13

Page 3 of 34 This is version R9/07 - April 2014

Content

Page No.

1.

Flowchart

5

2.

Introduction (includes purpose)

5

3.

Scope

7

4.

Definitions

7

5.

Duties

9

5.1

Chief Executive

9

5.2

Accountable Director

9

5.3

Managers

10

5.4

Policy Author

10

5.5

Local Records Managers /Information Asset Owner

10

5.6

Central Records Manager

10

5.7

All Staff

10

6

Systems & Recording

10

7.

Creation

10

8.

Maintenance and Storage

11

9.

Disclosure

12

10.

Transfer

12

11.

Access and Audit

12

12.

Retention

13

13.

Closure and Archiving

14

14.

Appraisal and Disposal

14

15.

Destruction of Scanned Paper Records

15

16.

Compliance/Training

15

17.

Monitoring

16

18.

Fraud Statement (if required)

17

19.

References

17

20.

Supporting documents

17

21.

Glossary of Terms/Acronyms

17

22.

Appendices

18

Appendix 1 – Guidelines for Indexing Records

19

Appendix 2 – Minimum Retention Periods for Clinical Records

20

Appendix 3 – Minimum Retention Periods got non-Health (Corporate) Records

23

Appendix 4 - Guidance for the Classification Marking of NHS Information

29

Appendix 5 – Monitoring Template

35

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 4 of 34 This is version R9/07 - April 2014

1.

FLOWCHART The flowchart below illustrates the lifecycle of records from their creation through to their archival or disposal. The definition of Records Lifecycle and the explanation of its various stages is given in Section 4, Records Management. Archive Create

Index

Store

Appraise Dispose

2.

INTRODUCTION

2.1

The purpose of this policy is to define the aims and objectives of the West London Mental Health NHS Trust to manage its information assets through effective Records Management.

2.2

This document sets out a framework within which the staff responsible for managing the Trust’s records can develop specific policies and procedures to ensure that records are managed and controlled effectively, and at best value, commensurate with legal, operational and information needs.

2.3

Records Management is the process by which an organisation manages all the aspects of their information assets whether internally or externally generated and in any format or media type, from their creation, all the way through their lifecycle to their eventual disposal.

2.3

The Records Management: NHS Code of Practice© has been published by the Department of Health as a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.

2.4

The aims of the Trust’s Records Management System are to ensure that: records are primarily retained in an electronic format except where valid legislative, historical, research or financial considerations so dictate. records are available when needed - from which the Trust is able to form a reconstruction of activities or events that have taken place; records can be accessed - records and the information within them can be located and displayed in a way consistent with its initial use, and that the current version is identified where multiple versions exist; records can be interpreted - the context of the record can be interpreted: who created or added to the record and when, during which business process, and how the record is related to other records; records can be trusted – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated; records can be maintained through time – the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format; records are secure - from unauthorised or inadvertent alteration or erasure, that access and disclosure are properly controlled and audit trails

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 5 of 34 This is version R9/07 - April 2014

will track all use and changes. To ensure that records are held in a robust format which remains readable for as long as records are required; records are retained and disposed of appropriately - using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value; and staff are trained - so that all staff are made aware of their responsibilities for record-keeping and record management. 2.5

The Trust’s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision-making, protect the interests of the Trust and the rights of patients, staff and members of the public. They inform, support and aid patient care; support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways.

2.6

Information should be: Clearly, relevantly and completely recorded Stored electronically on the Trust’s Electronic Document Management System (EDMS) and other Electronic Systems by CSU’s where such systems have been implemented; and by the remaining CSU’s after subsequent implementations. These will be in accordance with the Digital Archival Process (below) where unless dictated otherwise by regulatory requirements and scientific or historical archival purposes. Shared electronically within the Trust and not reprinted, copied or emailed in order to reduce risks to confidentiality, to avoid duplication and to maintain the integrity of the record Kept up to date (by use of use version control) Stored securely where it can easily be found when necessary Security marked (classified) as appropriate Suitably destroyed in accordance with retention schedules

2.7

The Trust Board has adopted this records management policy and is committed to ongoing improvement of its records management functions as it believes that it will gain a number of organisational benefits from so doing. These include: better use of staff time; improved control of valuable information resources; compliance with legislation and standards; and reduced costs. better use of physical and server space;

2.8

The Trust also believes that its internal management processes will be improved by the greater availability of information that will accrue by the recognition of records management as a designated corporate function.

2.9

This policy should be read in conjunction with the Trust’s Records Management and Information Lifecycle Strategy (Appendix B) and the embedded Implementation Plan

2.11 This policy is intended to provide standards against which records management procedures and record-keeping can be audited and monitored to inform risk management and identify areas for improvement.

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 6 of 34 This is version R9/07 - April 2014

3.

SCOPE

3.1

This policy relates to all clinical and non-clinical operational records held in any format by the Trust as detailed in the Department of Health’s publication Records Management: NHS Code of Practice©, ie: all administrative records (For example: HR, Estates and Facilities, Security, Financial and Accounting, Audit, Complaints, Supplies and Procurement, Project Management, Communications, Contractual, Corporate Policies and Policy Archives); and all patient health records for all specialties and including records for private patients treated on NHS premises.

3.2

This policy applies to: all employees of the Trust other individuals and agencies who may gain access to information, such as, but not limited to, volunteers, visiting professionals, researchers, and organisations providing services to the organisation.

3.3

This policy relates to all and any information kept on all and any media including but not limited to: electronic (any clinical information system, Electronic Document Management System(s), floppy disc, solid state drives, flash drives, hard drives, CD, DVD, or any electronic media stored on, for example, an operational clinical, HR or finance system); paper photographs; X-rays, scans and audio or video recordings.

4.

DEFINITIONS All definitions apply equally to all records, irrespective of the medium in which they are held.

4.1

Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are: record creation; record capture; record storage & maintenance (file structure, tracking and tracing); access and disclosure; closure and transfer; appraisal; archiving; and disposal.

4.2

Records are defined as ‘recorded information, in any form, whether created, received or stored in any media, which is required to be retained by the Trust in the transaction of its business or conduct of its affairs and kept as evidence of such activity’. Records cannot be amended. However, they can be superseded by a new version whilst retaining any and all previous version(s).

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 7 of 34 This is version R9/07 - April 2014

4.2.1 Records Life Cycle describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention and archival (such as closed files which may still be referred to occasionally) and finally either permanent archival preservation or confidential destruction and disposal.. 4.2.2 Master Record is the record retained by the Trust which will be used as the only credible and authoritative evidence of the business transaction and decision. By definition, the Master Record will be an electronic record stored in the Trust’s EDMS with the exception of those records that are required to be kept in original hard copy format for legal, historical or research purposes. 4.3

Capture refers to the identification of a document as a record and placing it within the shared record keeping system so that it can be located when required

4.4

Folder is an electronic or paper (cardboard) container used to store records of a given category within a system

4.4.1 Folder (File) Structure is the hierarchy of Folders within an Electronic Document Management System (EDMS) 4.4.2 Electronic Document Management System (EDMS) is a system designed to organise and manage records and documents that enables these to be stored, safeguarded and accessed electronically with an audit of all activities. 4.4.3 Indexing is the process of capturing metadata relevant to the record to be stored. 4.4.4 Metadata provides information about the content and characteristics of a record. Metadata allows records to be retrieved and managed. 4.4.5 Index Log is the register of the records kept by the Trust or on its behalf by archive providers. It records the receipt, transfer, removal and disposal of the record. By its nature as a database, the EDMS updates and maintains such information for the records it holds. 4.5

Information is a corporate asset. The Trust’s records are important sources of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.

4.5.1 The Senior Information Risk Owner (SIRO) is an executive who is familiar with and takes ownership of the organisation’s information risk policy and acts as advocate for information risk on the Board. The Trust’s SIRO is Director of Finance/Deputy Chief Executive.

4.5.2 The Information Asset Owner (IAO) is a senior member of staff, normally the Service Director or his/her deputy, who is the nominated owner for the information assets within the Service. IAOs work closely with other IAOs of the Trust to ensure there is comprehensive asset ownership and clear understanding of responsibilities and accountabilities, especially where information assets are shared by multiple services. Their role is to understand and address risks to the information assets they ‘own’ and to provide assurance to the SIRO on the security and use of those assets. 4.6

Archiving is the process of storing records and documents within a system that allows for the record to be retained, safeguarded and accessed until disposal.

4.7

Disposal is a formal decision taken on the final status of a record (or set of records) to either destroy the records, transfer them to another organisation for

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 8 of 34 This is version R9/07 - April 2014

permanent preservation or retain them within the records management system for appraisal at a later date. 4.7.1 Appraisal refers to the process of determining whether records are worthy of permanent archival preservation. 4.7.2 Retention schedule (Disposal schedule) identifies types of records and specifies the minimum periods for which they will be kept before they are appraised and the decision on disposal is made.

5.

DUTIES

5.1

Chief Executive The Chief Executive has overall responsibility for Records Management in the Trust. As accountable officer he/she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required The Trust has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.

5.2

Accountable Directors

5.2.1 Medical Director The Medical Director is the Trust’s Caldicott Guardian who has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. He/she is responsible for ensuring patient identifiable information is shared in an appropriate and secure manner. 5.2.2 Senior Information Risk Owner (SIRO) The Deputy Chief Executive – Director of Information and Finance is the executive who is familiar with and takes ownership of the Trust’s information risk policy and acts as advocate for information risk on the Board. 5.3

Managers

5.3.1 The Trust’s Information Governance Manager/Trust Records and Information Governance Group is responsible for ensuring that this policy is communicated and implemented and that the records management system and processes are developed, co-ordinated and monitored. 5.3.2 Information Management & Technology Department have a responsibility to provide tools to aid in the management of electronic records and this will include the storage, security, audit, removal and accessibility of them. 5.4

Policy Author The Policy Author is the Trust’s Information Governance Manager who is responsible for the review of this policy as well as ensuring the implementation and monitoring is communicated effectively throughout the Trust via IAOs, Managers and Local Policy Leads. .

5.5

Local Records Managers/Information Asset Owners (IAO’s) The responsibility for implementing this policy locally is devolved to the specified Service Directors or their deputies who will act as Information

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 9 of 34 This is version R9/07 - April 2014

Asset Owners. It is also the responsibility of every Information Asset Owner (IAO) to ensure local managers develop procedures for their area that cover all of the ‘records’ that form the information assets within their remit, using this policy and references. 5.6

Central Records Manager The Central Records Manager is responsible for the overall development and maintenance of records management practices throughout the Trust, in particular for drawing up guidance for good records management practice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of archived information.

5.7

All Staff All Trust staff in all Trust Services, whether clinical, corporate or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work in the Trust and manage those records in keeping with this policy and with any guidance subsequently produced.

6.

SYSTEMS & RECORDING The Trust uses Documentum EDMS (Electronic Document Management System) as the System for the management of its Records. EDMS enables records: To be securely retained To be accessed by authorised users To audit and record access To be assigned Metadata which catalogues archived information To be retrieved by search criteria To have an assigned appraisal and destruction date

7.

CREATION

7.1

Each department should have a process for documenting its activities, taking into account the legislative and regulatory environment in which it operates. The process must be approved by the relevant IAO. All of these activities must be maintained as a complete and accurate record and stored in the Trusts EDMS or other approved repository to provide safe, rapid and easy access.

7.2

In the application of this policy, an effective process should be implemented and maintained by each Trust area and Service to capture, manage, store, archive and provide access to records through the Trust’s EDMS. The record keeping process should be easily understood and include a documented set of rules developed by the Central Records Manager and approved by the IOA and/or the Trust Records and Information Governance Group,

7.3

Naming Conventions and Metadata are rules used to Index records which enables them to be identified by using terms applying to the type of record being stored or archived. The Trust will establish naming conventions and metadata standards for medical and corporate records respectively.

7.4

Classification (ie. Confidential, NHS Protect, Public) is an essential part of the successful and safe management of information in the Trust. In this policy, the Trust adopts DH guidance for the classification marking of NHS Information and

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 10 of 34 This is version R9/07 - April 2014

Managers preparing local policies should use this system - Guidance for the Classification Marking of NHS Information given in Appendix 4 7.5

Quality: Records must be maintained as accurate and complete in order to; facilitate audit; fulfil Trust responsibilities; and, to protect the Trust’s legal and other rights. Records should show proof of their validity and authenticity so that any evidence derived from them is clearly credible and authoritative.

7.6

A document becomes a record when it has been finalised and becomes part of the Trust’s information assets. At this point, the record cannot be amended and must be stored in the Trust’s EDMS excepting those records which are required to be retained in their hard copy format due to legislative, historical or research purposes. Through the application of metadata, the EDMS ensures that records are auditable and version controlled.

8.

MAINTENANCE AND STORAGE

8.1

The Trust’s default storage medium for its records is its Electronic Document Management System(s) (EDMS) or other designated electronic system used by the Trust for the storage of records. For the purposes of this Policy, EDMS refers to all electronic storage systems, All records will be stored on the EDMS irrespective of the format and medium in which they were originally created with the exception of those detailed in 8.3.1 and 8.3.2 below. Records stored on the EDMS must be clearly indexed by allocating metadata according to a prescribed format and stored in a folder structure appropriate to the Service and record The EDMS will be subject to documented and auditable access, modification and versioning of records

8.2

The Trust’s shared (hard) drives and any local or personal drives may not be used for the storage of electronic records.

8.2.1 Certain records may be required to be retained in their original media to meet regulatory, historical or research archival obligations. These records: Must be archived in the Trust’s designated off-site storage facility or other designated facility providing safe, clean and secure environment with controlled access. Must be easy to retrieve with an auditable trail of their movement within or out of the storage facility 8.3

Records may be retained temporarily in their existing storage medium in CSUs where EDMS has not yet been introduced until the implementation of EDMS. At which time records must be transferred to EDMS.

8.4

With the exception of certain paper records of legislative, historical or research interest (including Broadmoor Hospital records), all paper records are stored at the Trust’s central archiving facility operated by Cleardata.

8.5

Services must send their paper records to the central archive facility or other approved repository and ensure that these records contain easily accessible information for the record to be properly indexed.

8.6

The Trust’s guidelines for the indexing of records are given in Appendix 1

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 11 of 34 This is version R9/07 - April 2014

9.

DISCLOSURE

9.1

There is a complex array of legal and professional obligations that limit, prohibit or set conditions in respect of the management, use and disclosure of information and similarly, a range of statutes that permit or require information to be used or disclosed.

9.2

Only the specific information required should be disclosed to authorised parties and always in accordance and with strict adherence to the Data Protection Act 1998 and the Freedom of Information Act 2000. The key statutory requirements can be found in Annex C of the Records Management: NHS Code of Practice (Part 1): http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolic yAndGuidance/DH_4131747

9.3

The Trust will continually review the legal statutes and professional obligations placed upon it to ensure good practice in the use and/or disclosure of information. Good practice will be integral to the NHS Confidentiality Code of Conduct adopted by the Trust and staff must follow the guidelines contained therein at all times. If in doubt regarding the disclosure of any information that has the potential to identify a patient or person, staff should refer any questions to the Trust Caldicott Guardian/Information Governance Manager.

10.

TRANSFER

10.1

The mechanism for transferring records from one organisation to another must be tailored to the sensitivity of the material concerned and the media on which it is held. Records must only be transferred when there is appropriate authority to do so, e.g. patient consent or relevant legislation.

10.2

For electronic transmission of records, all staff must comply with the Trust’s IM&T Security Policy: I2

10.3

Paper records must be transferred using methods appropriate to their classification.

11.

ACCESS AND AUDIT

11.1 Records held at the Trust’s central archive facility may be accessed by completing a request form available in the EDMS. Paper records will be digitally scanned upon request and loaded to the EDMS as an electronic record. The request will be subject to audit and will show the user, date and reason for the request. Once scanned, records must be viewed through the EDMS. 11.2 Users must inform the Central Records Manager of any errors or defects in the scanned record within 30 days of the record being available in the EDMS. Where such notification is not received, the scanned record will be deemed as the Master Record and the paper original will be prepared for destruction. See Section 13. 11.3 The Trust’s EDMS provides an audit trail for all electronic records that have been accessed. The audit trail will show: User Record(s) accessed West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 12 of 34 This is version R9/07 - April 2014

Date, time and duration of access Action, i.e. viewing, extraction, versioning, etc. 11.4 Electronic records must not be printed or emailed within the Trust. Users must view electronic records through the EDMS to which they have access subject to their rights to the patient administration system (RiO) or the Electronic Staff Record. 11.5 Where, for exceptional reasons, the paper record is requested from the Trust’s central archive or other approved storage facility an entry of the request must be made on the Index Log of the record showing: Requesting user name, User’s location and/or department, Date of request Reason for request Number of files (volumes) and pages dispatched. Date dispatched Date returned The Index Log will be maintained by Cleardata, the Trust’s archiving partner or the IAO or his/her deputy responsible for the approved storage facility. The Central Records Manager will receive copies of the logs monthly or on demand. 11.6 The physical movement of records within the Trust and to/from its archives will be undertaken in a safe and secure way. Wherever possible and practicable, the Trust’s porters will move paper records within the Trust and Cleardata staff will be responsible for delivery and collection of records for the central archive. Logistics providers contracted to the Trust will be used in other cases. 11.7 It is the responsibility of users, their managers and the appropriate IAO to ensure records are returned to storage.

12.

RETENTION

12.1

It is a fundamental requirement that all of the Trust’s records are retained for a minimum period of time for legal, operational, research and safety reasons. The length of time for retaining records will depend on the type of record, its importance to the Trust’s business functions and applicable legislation.

12.2

The Trust adopts the NHS Records Management Code of Practice 2006, Annex D 1 Health Records and Annex D2 Business & Corporate Records as the basis for its retention schedules, a copy of which can be found on the Trust’s Internet. (see http://theexchange/sorce/docs/dt27051v/1893_0/NHS_Code_of_Practice.pdf see also: http://theexchange/sorce/docs/dt27051v/1896_0/Records_Management_COP_ 1.pdf http://systems.hscic.gov.uk/infogov/links/recordscop2.pdf Local retention schedules may be increased, but not shortened, with the approval of the IAO.

12.3

The Trust’s key minimum retention schedules are given in Appendix 2 for clinical records and Appendix 3 for corporate and non-clinical records.

12.4

The following Record types are covered in this schedule, regardless of the media on which they are held:

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 13 of 34 This is version R9/07 - April 2014

All clinical records Administrative records, including personnel, estates, financial and accounting records, and notes associated with complaint handling; photographs, slides and other images (clinical and non-clinical); microform i.e. microfiche/microfilm); audio and video on tapes, cassettes and all digital media o Audio and video on analogue media should be transferred to digital media to ensure long term preservation e-mails; computerised records; and scanned documents 12.5

If further advice is sought in unusual circumstance relating to non-health records contact the Trust’s Information Governance Manager.

12.6

If further advice is sought in unusual circumstance relating to health records refer to the Trust’s Health Records Policy H8.

13.

CLOSURE AND ARCHIVING

13.1

Records that have ceased to be in active use other than for reference purposes should be closed and archived.

13.2

Where a record is no longer used on a regular basis, but is still within its minimum retention period, it should be archived subject to compliance with documented procedures.

13.2.1 The EDMS serves simultaneously as a repository and as an archive. Therefore, no action will be taken with closed or archived electronic records until such records reach the end of their minimum retention period. The records will then be appraised according to Section 14 below. 13.2.2 Physical records should be transferred to secondary storage and clearly marked on the Index Log. The Log should show Date of closure Authority for closure Location of record

14.

APPRAISAL AND DISPOSAL

14.1

It is required that all the Trust’s records are retained for a minimum period of time for legal, operational, research and/or safety reasons. This minimum period may be extended in a ‘local retention schedule’ approved by the Information Asset Owner (IAO).

14.2

At the end of the minimum retention period, as defined by the Records Management: NHS Code of Practice 2006 or local retention schedule, records must be appraised to determine whether they should be destroyed or warrant permanent archival. The appraisal must be performed by the Information Asset Owner (IAO) and recorded on the Index Log.

14.3

Where it is decided to permanently archive the record, it must be offered to the National Archives or an approved Place of Deposit.

14.4

Records that are to be destroyed must have safeguards to ensure confidentiality at every stage of the process.

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 14 of 34 This is version R9/07 - April 2014

14.5

Electronic records must be deleted from the EDMS. An audit report will be produced from the EDMS every 3 months (quarterly) detailing those records that have been deleted from the system.

14.5.1 Paper records must be destroyed by approved Trust staff or by approved contractors who follow recognised industry standard and auditable processes. Records must be shredded using Level 3 cross shredders or above and subsequently incinerated or sent for recycling. A Certificate of Destruction must be issued detailing the records that have been destroyed. 14.6

If there is any doubt regarding the appropriateness of disposing of any records, these should be referred via line management to the Trust’s Senior Information Risk Owner (SIRO).

15.

DESTRUCTION OF SCANNED PAPER RECORDS

15.1 Paper records that have been scanned will be placed in a holding area at the archival site awaiting response from the requesting user regarding quality, completeness or other issues with the scanned document. If no response is received within 30 days following the availability of the scanned record on the EDMS, the scanned paper record will be placed in an area awaiting destruction. 15.2 The archive location will update the Index Log with details of the records awaiting destruction. This Index Log will be forwarded to the Central Records Manager on the last working day of each month. 15.3 The Central Records Manager (CRM) will verify that an electronic record exists in the EDMS for the paper records selected for destruction. Where no electronic record exists, the archive will be notified to return the record to storage. The CRM will notify the Information Asset Owner(s) of the records selected to be destroyed. 15.4 Objection(s) to the destruction must be received by the CRM within 10 working days of the notification. The reason(s) for the objection(s) must be detailed. If the objections are valid, the records will be replaced in the archive and this action and any other comments noted on the Index Log. 15.5 If no objection(s) are raised, the CRM will make arrangements for destruction of the records, together with any paper records requiring destruction after appraisal. See Section 14 above. 15.6 The destruction of the paper records will be in accordance with the process given in Section 14. Para 14.5.2 above.

16.

COMPLIANCE/TRAINING

16.1

Compliance with this policy and related policies is the duty of every member of staff.

16.2

All Trust staff will be made aware of their responsibilities for record-keeping and record management and managers will ensure that their staff complete the Information Governance E-learning module for Records Management where appropriate.

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 15 of 34 This is version R9/07 - April 2014

16.3

Trust staff responsible for the implementation and continuous maintenance of this Policy will receive mandatory training in accordance with M12 – Mandatory Training Policy.

16.4

Staff should regularly review this policy and related policies, to ensure they are aware of their own individual responsibilities.

17.

MONITORING

17.1 The Trust will monitor this policy through the following:

How and when Audit of records loaded to EDMS and retained in hard copy in archives

Purpose To ensure records are correctly loaded and retained according to policy

Reporting Structure Central Records Manager to:

Decision to dispose of or permanently archive the records

Central Records Manager to:

Reporting on destruction due to end of minimum term and previously scanned documents.

Central Records Manager to:

Ensure authorised access

Information Asset Owner to:

Validate actions taken on EDMS, i.e. version control, deletions, etc.

SIRO

Bi-Annually (6 monthly) Appraisal of records which have exceeded their minimum retention period

Information Asset Owner

Information Asset Owner/SIRO

Bi-Annually (6 monthly) Destruction of paper records Quarterly

Audit of access to electronic (EDMS) records via the Audit Tool in the EDMS

Information Asset Owner/SIRO

Quarterly

17.2 The Trust will regularly audit and review its records management practices for compliance with this framework as part of the NHS Connecting for Health Information Governance Toolkit annual assessment. 17.3

The results of audits will be reported via the Trust Records and Information Governance Group to provide assurance to the Trust Board.

17.4

This policy will be reviewed every two years (or sooner if new legislation, codes of practice or national standards are introduced).

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 16 of 34 This is version R9/07 - April 2014

18.

FRAUD STATEMENT Not applicable

19.

REFERENCES (EXTERNAL DOCUMENTS) Legislation and NHS Codes aligned with this policy include: Data Protection Act 1998; Freedom of Information Act 2000; Environmental Information Regulations 2004; NHS Confidentiality Code of Practice: and Records Management: NHS Code of Practice 2006

20.

21.

SUPPORTING DOCUMENTS (TRUST DOCUMENTS) H8 - Medical Records Policy

I2 – IM&T Security Policy

D5 – Data Protection Policy

F5 – Freedom of Information Act

I5 – Information Governance Framework

M12 – Mandatory Training Policy

GLOSSARY OF TERMS / ACRONYMS NHS

National Health Service

EDMS

Electronic Document Management System

IAO

Information Asset Owner

IM&T

Information Management and Technology

SIRO

Senior Information Risk Owner

TRIGG

Trust Records and Information Governance Group

Cleardata

The Trust’s partner for the archiving of paper documents

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 17 of 34 This is version R9/07 - April 2014

22.

APPENDICES

Appendix 1 – Guidelines for Indexing of Records Records loaded into the EDMs will be indexed using metadata input into the EDMS Loading (Documentum Automation) Tool shown below. The format of the Tool will be standardised across all Services in the Trust which are or will be using the EDMS as the repository for their records

Explanation of Fields Application: This will default to the Service or department to which the user has rights Documents (Records) to be Loaded: Records that a user wisheds to load to the EDMS will be saved to a virtual Z drive on the user’s PC. (see screenshot below). Users can save Records to the Z drive from their desktop or copy from any shared or other drive on the Trust’s network to which they have access.

The Record(s) loaded to the Z drive will appear in the Documents to be Loaded panel

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 18 of 34 This is version R9/07 - April 2014

Document Details: These are the indexing fileds which make up the Metadata for the Record Document Type – The Main Folder into which the document/record is to be stored Document Sub-Type – The Sub-Folder, if any, within the above Main Folder Author – The person or organisation which is the creator or originator of the document/record Document Date – The date when the document was created. Assigned Employee/Patient This field is used to designate the Employee or Patient in whose folder structure the document /record is to be deposited. This field will be blank for Services and departments other than Clinical, HR or Occupational Health Comment The user may enter comments regarding the document/record being uploaded. Completion of this field is optional.

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 19 of 34 This is version R9/07 - April 2014

NHS Information Governance

Appendix 2 – Minimum Retention Periods for Clinical Records Note: Where a record type is not shown the minimum retention period will be as specified in the NHS Records Management Code of Practice 2006, Annex D 1 Health Records

Description of Record

Retention (Years)

Notes

Admission books

8 years after the last entry

Local decisions should be made with regard to the permanent preservation of these records, in consultation with relevant health professionals and places of deposit.

Asylum seekers & refugees (NHS Personal Health Record – Patient-held Record) Chaplaincy Records

Patient held – no requirement on NHS to retain. 2 years

Computerised records

Death registers (i.e. register of deaths kept by the hospital)

2 years

Discharge Books

8 years after the last entry

Health records - personal/patients Hospital patient case records (individual)

Children and young people

Clinical Psychology Clinical Trials Records of patients involved in clinical trials Controlled drug registers and

Likely to have archival value The recommended minimum retention periods apply to both paper and computerised records, All patient health records are stored on Rio/PsyMon/EDMS and conform to retention recommendations. London: Permanent, some with Metropolitan Archives Broadmoor: Death registers not held, deaths recorded in discharge books Likely to have archival value London: see separate record types Broadmoor: Permanently preserved See below

Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period

London: Schedule agreed with responsible health authority destroy at age 25 or 26 if 17 when treatment concluded. These are NOT mental health records. Broadmoor: No records for Children and young people.

30 years At least 5 years after conclusion of treatment. See Records Management COP

15 years after trial ended (very few held)

2 years

Individual retention periods from

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 20 of 34 This is version R9/07 - April 2014

prescriptions Dietetic & Nutrition

Forensic Medicine records (including pathology, toxicology, haematology, dentistry, DNA testing, post- mortems forming part of the Coroner’s report, and human tissue kept as part of the forensic record)

Mentally disordered persons (within the meaning of the Mental Health Act 1983)

General (not covered above) Microfilm/microfiche records relating to patient care Occupational Therapy Records Occupational Health Records (Staff) Out-patient lists

Patient Activity Data

Hospital Pharmacists Group 2003 Retain for the period appropriate to the speciality. For post-mortem records which form part of the Coroner’s report, approval should be sought from the Coroner for a copy of the report to be incorporated in the patient’s notes, which should then be kept in line with the speciality, and then reviewed. All other records retain for 30 years. 20 years after the date of last contact between the patient/client/service user and any health/ care professional employed by the mental health provider, or 8 years after the death of the patient/client/service user if sooner NB Mental health organisations may wish to keep mental heath records for up to 30 years before review. Records must be kept as complete records for the first 20 years in accordance with this retention schedule but records may then be summarised and kept in summary format for the additional 10-year period Social services records are retained for a longer period. Where there is a joint mental health and social care trust, the higher of the two retention periods should be adopted 8 years after conclusion of treatment.

Broadmoor - a copy of the postmortem report is held on the patient file London: Where not required by hospital, accessible via Coroner

London: destroyed 20 years after treatment. Older H&F records held on microfiche by Hamm Hospitals Trust. Pre 1978 Ealing records with LMA. Where not open to public only accessible with consent from WLMHT. Broadmoor health records are permanently preserved. They are most valuable in terms of archival and research purposes. The Reading Public Record Office will be taking older records in 2006/07. A protocol is being prepared for the archiving, preservation and public access to these records.

Retain for period appropriate to speciality. Retain for period appropriate to speciality. 3 years after termination of employment unless litigation ensues (see litigation) 2 years after the year to which they relate

3 years

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Broadmoor: This is mainly statistical data and is invaluable for research. The keeping of such data has not been consistent up until the 1980s. There is no plan to destroy this Page 21 of 34 This is version R9/07 - April 2014

Pharmacy records

Physiotherapy Records Podiatry Records Records/documents related to any litigation

Research Records and Research databases (not patient specific) Serious Untoward Incident’ records

Individual retention periods from Hospital Pharmacists Group 2003. Retain for period appropriate to the speciality Retain for a period appropriate to the speciality As advised by the organisation’s legal advisor. All records to be reviewed. Normal review 10 years after the file is closed 30 years 30 years

Statistics (Korner returns, statistical returns to DH) Patient Activity Data

3 years from date of submission to DH

Ward Registers including daily bed returns

2 years after the year to which they relate

X-ray films

X-ray reports (including reports for all imaging modalities)

data. Patient activity data is also held outside of the Health Records Department (eg IT Depts, Performance Management, Security etc Retention complies with recommendations for the retention of pharmacy records, as published in the pharmacy journal, which are based upon HSC 1999/053

7 years

To be considered as a permanent part of the patient record

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Broadmoor: This is mainly statistical data and is invaluable for research. The keeping of such data has not been consistent up until the 1980s. There is no plan to destroy this data. Patient activity data is also held outside of the Health Records Department (eg IT Depts, Performance Management, Security etc). These records should be considered under HSC 1999/053. DH publish most of this information annually. Local decisions should be made with regard to the permanent preservation of these records, in consultation with relevant health professionals and places of deposit. London: Retained in & with patient records Broadmoor records retained for 20 years by Radiographer London: Retained in & with patient records Broadmoor records retained for 20 years by Radiographer

Page 22 of 34 This is version R9/07 - April 2014

Appendix 3 – Minimum Retention Periods for non- Health (Corporate) Records Note: Where a record type is not shown the minimum retention period will be as specified in the NHS Records Management Code of Practice 2006, Annex D 1 Health Records Description of Record

Retention (Years)

Notes

ADMINISTRATIVE (CORPORATE & ORGANISATION) Accident Forms

10 years

Accident Register (RIDDOR)

8

Agendas & minutes

2

Business Plans

20 10 years from completion of action 5

Following term of office

2

Not held by Trust

1

Electronic diaries retained for 2 years and then deleted

Complaints CVs for non-executive directors (successful) CVs for non-executive directors (unsuccessful applicants) Diaries (manual and electronic) - office - on completion

Freedom of Information requests

3 years after full disclosure; 10 years if information is redacted or the information requested is not disclosed

History of Authority or Predecessors, its organisation and procedures

30

Laundry Lists and Receipts

2 years From completion of the audit

Litigation Dossiers (complaints including accident reports)

10

Minutes & agendas of the NHS Trust or Health Authority, major committees and subcommittees -signed Mortgage documents (acquisition, transfer and disposal) Nurses Training Records Papers of minor or short-lived importance Press Cuttings Products – Liability West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

See Litigation dossiers Reporting of injuries, diseases and dangerous occurrences regulations, reg.7 Social Security (Claims and Payments) Regulations, reg. 25 Other than Board meetings, committees & sub-committees (see below)

Permanent preservation

Where a legal action has been commenced, keep as advised by legal representatives.

30 years 6 years after repayment 30 2 years after the settlement of the matter to which they relate 1 11

Consumer Protection Act 1987 Page 23 of 34 This is version R9/07 - April 2014

Description of Record Project Files (over £100,000) on termination – including abandoned or deferred projects Project Files (less than £100,000) on termination Project Team Files - summary retained Quality Assurance Records Receipt for registered and recorded delivery mail Receipts Record of custody and transfer of keys Reports (major) Requisitions Research ethics committee records

Retention (Years) 6 years

3 years 2 2 6 2 years after last entry 30 years 1.5 years 30 years from date of decision 6

Subject access requests (DPA and AHR– records of requests

3 years after last action 2 years from completion of audit

ESTATES/ENGINEERING Buildings and engineering works, inclusive of major projects abandoned or deferred - key records, (e.g. Final accounts, surveys, site plans, bills of quantities) Buildings and engineering works, inclusive of major projects abandoned or deferred - town and country planning matters and all formal contract documents Buildings - papers relating to occupation (but not Health & Safety information)

Deeds of Title

Engineering works Equipment West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

The schemes are generally refurbishments in existing building and I consider the 6 year period to be more relevant here.

2 years

Specifications

Surgical Appliances – Forms

Notes

The Limitation Act, 1980

Specifications are likely to form part of the project files for any one of the above and are therefore kept for the relevant period.

30

30

3 years after occupation ceases Retain while the organisation has ownership of the building unless a Land Registry certificate has been issued, in which case the deeds should be placed in an archive Lifetime of the building to which they relate 11

The general principle to be followed in regard to these records is that they should be preserved for the life of the buildings and installations to which they refer. Construction Design Management Regulations 1994

See Plans and Buildings

Page 24 of 34 This is version R9/07 - April 2014

Description of Record Inspection Reports - e.g. Boilers, lifts etc. Inventories of plant & permanent or fixed equipment Land Surveys/Registers Leases Plans - Building (As Built) Plans - Building (Detailed) Plans - Engineering Lifetime Property Acquisitions Dossiers Property Disposal Dossiers Surveys - building and engineering works

Retention (Years) Lifetime of installation 5 years after date of inventory 30 Period of the lease plus 12 years Lifetime of building or installation Lifetime of building or installation Lifetime of building or installation 30 30 Lifetime of building or installation

Notes

Limitation Act 1980

See Inspection reports See Inspection reports

FINANCIAL Accounts - Annual (Final - one set only)

30

Accounts - Cost Accounts - Working Papers Accounts - Minor records (pass books; payingin slips; cheque counterfoils; cancelled/discharged cheques (other than cheques bearing printed receipts –See Receipts); accounts of petty cash expenditure; travelling and subsistence accounts; minor vouchers; duplicate receipt books; income records; laundry lists and receipts.)

3 3

Audit Records - original documents Audit Reports (including Management Letters, VFM reports and system/final accounts memorandum) Bills, receipts and cleared cheques Bank Statements

Budgets Capital Charges Data

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Copies exist for the 6 years since the Trust created. Therefore compliant

2 years from completion of audit

2 years from completion of audit 2 years after formal completion by statutory auditor 6 2 years from completion of the audits 2 years from completion of the audit 2 years from completion of the audit

In conjunction with Auditors

Capital charges data going back 5 or 6 years. The capital charges data essentially consists of the asset register which is used to calculate the capital charges. We need the asset register data for at least five years for a number of reasons primarily because our assets are revalued every 5 years and it is useful to compare the previous revaluation figure e.g. 2000 with the current i.e. 2005 Page 25 of 34 This is version R9/07 - April 2014

Description of Record Cash Books

Cash Sheets

Creditor Payments

Debtors' records - cleared

Debtors' records - uncleared Demand Notes

Retention (Years) 6 years after end of financial year to which they relate 6 years after end of financial year to which they relate 3 years after end of financial year to which they relate 2 years from completion of the audit 6 years from completion of the audit 6

Estimates: including supporting calculations and statistics

3

Expense Claims

5

Funding Data

6

Invoices Ledgers Non-Exchequer funds records

6 6 30 6 years after termination of employment 6 years after termination of employment 6 years after termination of employment 10

Pay Roll - full-time medical staff

Pay Roll - other staff

PAYE Records Superannuation Accounts Superannuation Forms - SD55 (ADP) and SD55J (copies) Superannuation Registers Tax Forms VAT Records Wages/Salary Records

10

Notes The Limitation Act, 1980

The Limitation Act, 1980.

Retained for significant projects and annual budgets. Not ad hoc calculations The annual accounts analyse income and therefore there is record of funding data. A better record is signed SLAs which we do not have for the last 6 years. We do for the last 3 years. This is unlikely to be rectified however action in place to ensure compliance The Limitation Act, 1980 The Limitation Act, 1980

Originals are sent to NHS Pensions Agency. These records are not held by the Trust.

10 6 6 10 years after termination of employment

PURCHASING / SUPPLIES Approved Suppliers Lists West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

11

Consumer Protection Act 1987 Page 26 of 34 This is version R9/07 - April 2014

Description of Record Contracts - non sealed on termination Contracts – sealed Delivery Notes Stores Records - major (stores ledgers etc.) Stores Records - minor (requisitions, issue notes, transfer vouchers, goods received books etc.) Supplies records - minor (e.g. invitations to tender and inadmissible tenders, routine papers relating to catering and demands for furniture, equipment, stationery and other supplies) Tenders (successful) Tenders (unsuccessful)

Retention (Years) 6 Minimum of 15 years, which they should be reviewed 2 6

Notes The Limitation Act, 1980 Fully documented records stored appropriately since June 1998.

1.5

1.5 Tender period plus 6 year limitation period 6

See Contracts The Limitation Act, 1980

IM&T

Documentation relating to computer programmes written in-house

Lifetime of software

Software licenses

Lifetime of software

The only areas of relevance are for the Exchange (applications) and the data warehouse (extraction programmes). In both of these we are Compliant and maintain documentation during the lifetime of the software application.

PERSONNEL/HUMAN RESOURCES

Personnel / Human Resources records – major (e.g. Personal files, letters of appointment, contracts references & related correspondence)

6

Personnel / Human Resources records – minor (e.g. attendance books, annual leave records, duty rosters, clock cards, timesheets)

2

Job Advertisements COSHH Records (Control of Substances Hazardous to Health) West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

1 Minimum of 40 years from date of last entry

The files are kept for a period of 6 years from the date the employee leaves the Trust. There is currently no system in place to destroy the records after expiry of the retention period. We are currently looking at the location and maintenance of our archives, and will address this issue as part of this review. The HR Department does not retain information relating to rosters, timesheets, and annual leave records; these are held by line managers. The Payroll Department processes timesheets and will therefore hold records of these Retained with personnel file Retained with Occupational Health Records Page 27 of 34 This is version R9/07 - April 2014

Description of Record Job Applications (following termination of employment) Job Applications (unsuccessful) Job Descriptions (following termination of employment) Leavers Dossiers (provided summary retained) Nurse Training Records Study Leave Applications

Retention (Years)

Notes

3

Retained with personnel file

1 3

Retained with personnel file

6 30 5

Retained with personnel file

OTHER Photographs (non-clinical)

Lifetime of subject.

Research and Development (Scientific, Technological and Medical) (see also health records retention schedule

30 years

Social Care Records

Retain for period appropriate to the speciality

Staff Parking Permits

3

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 28 of 34 This is version R9/07 - April 2014

Appendix 4 - Guidance for the Classification Marking of NHS Information This NHS Information Governance (IG) guidance is provided as good practice for NHS organisations of all types to consider in marking the records for which they are responsible. It is applicable to both information recorded on paper and that processed electronically including printouts, reports etc. Through the application of this guidance, NHS organisations should be able to further demonstrate the effectiveness of their local IG practices. This guidance should be considered alongside other published NHS IG Codes of Practice and guidance for Confidentiality, Records Management, Information Security Management, Legal and Professional obligations. These are currently available for download through the Department of Health website at www.dh.gov.uk. Further NHS IG guidance is also available through the www.igt.connectingforhealth.nhs.uk website.

Introduction: There has previously been no single or consistent system of classification marking of information within the NHS. Many NHS bodies have adopted their own classification schemes and this can cause confusion when organisations merge or where information is shared between organisations. This is particularly marked where, as in the case of, for example, NHS and Social Care organisations, there may be a need for common assurances in information partnerships. There is also danger of a lack of consistency in data handling and retention practice when information is shared with non-NHS bodies that relate to several NHS organisations. The lack of a single coherent system also hampers the development of appropriate IT system protocols for the NHS. Background and classification scheme outline: This guidance paper sets out a proposed simple scheme of classification relevant to the needs of NHS organisations and for the common benefit of all. It is similar to that used in central Government and other public sector organisations but takes account of important differences in the nature of NHS business activity and the kind of information used between the NHS and other public sector environments. Equally, the NHS does not have a requirement for the full range of protective markings used in Government. For example, central Government uses six categories of information classification, two of which - Secret and Top Secret - are, usually, only relevant to a very limited number of very serious situations involving national security and economic stability). The others are Confidential, Restricted, Protect and Unclassified. These are more relevant within an NHS context and are terms that were considered in developing this classification guidance. Categories proposed for use are prefixed “NHS” to indicate their relevance to a particular environment. NHS information that has no classification requirement should be considered Unclassified and may optionally be marked as such.

NHS Confidential: In Government, the marking “Confidential” would, for example, denote information that could undermine the viability of national organisations, damage security operations or national West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 29 of 34 This is version R9/07 - April 2014

finances or economic and commercial interests. These considerations are unlikely to apply in an NHS context. But within the NHS it is generally recognised, and there is a substantial body of case law that requires, that person-identifiable clinical information should always be held confidentially (Confidentiality: NHS Code of Practice). Therefore, the marking NHS CONFIDENTIAL should be used for that kind of information (e.g. patients’ clinical records, patient identifiable clinical information, and information about NHS staff that passes between NHS staff, and between NHS staff and staff of other appropriate agencies). This will include patient demographic details that might identify people who have had a GP contact/hospital appointment within a particular timeframe or who may have a particular condition. (NOTE: In order to safeguard confidentiality, the term “NHS Confidential” should never be used on correspondence to a patient.) The endorsement NHS CONFIDENTIAL should be included at the top centre of every page of the document. Documents so marked should be held securely at all times. That is, they should be stored in a locked room or equivalently within secured electronic systems to which only authorised persons have access. They should not be unattended at any time in any place where unauthorised persons might gain access to them. They should be transported securely in sealed containers and not unattended at any stage. Documents marked NHS CONFIDENTIAL not in a safe store or transport should be kept out of sight of visitors or others not authorised to view them. Please also see the related NHS Information Governance ‘Controls guidance for NHS information’ and other guidance relating to the handling and protection of NHS patient information contained on the IG website. Other uses of NHS Confidential: The endorsement NHS CONFIDENTIAL should also be used to mark all other sensitive information. That is, material the disclosure of which is likely to: adversely affect the reputation of the organisation or it’s officers or cause substantial distress to individuals; make it more difficult to maintain the operational effectiveness of the organisation; cause financial loss or loss of earning potential, or facilitate improper gain or disadvantage for individuals or organisations; prejudice the investigation, or facilitate the commission of crime or other illegal activity; breach proper undertakings to maintain the confidence of information provided by third parties or impede the effective development or operation of policies; breach statutory restrictions on disclosure of information; disadvantage the organisation in commercial or policy negotiations with others or undermine the proper management of the organisation and its operations. A paper, printout or report etc marked NHS CONFIDENTIAL may also be endorsed with a suitable descriptor indicating the reason for the classification eg. ‘NHS CONFIDENTIAL – PATIENT INFORMATION’ or ‘NHS CONFIDENTIAL – COMMERCIAL’. A list of the relevant descriptors is included in Table 1 (ANNEX). The endorsement should be included at the top centre on every page of the document. NHS CONFIDENTIAL documents should be stored in lockable cabinets or equivalently secured electronic systems. Please also see the related NHS Information Governance ‘Controls guidance for NHS information’. Information may be classified NHS CONFIDENTIAL in the light of the circumstances at a particular time. The classification should be kept under review and the information deWest London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 30 of 34 This is version R9/07 - April 2014

classified when the need for this protection no longer applies. NHS use of an equivalent classification for “Restricted” is unnecessary when NHS CONFIDENTIAL is used.

NHS Protect In Government a new marking of “PROTECT” was recently introduced. This discretional marking may be used in order to avoid unauthorised access to information. It establishes basic principles to handle with care, take relevant precautions and dispose of properly. In the NHS context, it is therefore possible for NHS organisations to adopt and use an equivalent NHS PROTECT marking, with or without descriptors, for information that requires protection below that of NHS CONFIDENTIAL and where care in handling is still necessary. NHS organisations that choose to adopt NHS PROTECT must therefore ensure their staff and business partners are aware of the different expectations and arrangements that apply for the protection and assurance of NHS CONFIDENTIAL and NHS PROTECT marked information.

Freedom of Information: When classifying NHS documents regard should be paid to the requirements of the Freedom of Information Act 2000. Careful consideration should be given before marking documents that would normally be published or disclosed on request. Over-classification might lead to an inappropriate decision not to disclose information that would later be embarrassing to the organisation (for example, where there was an appeal against non-disclosure or the Information Commissioner became involved). Protective markings should wherever possible be restricted to information that would be exempt from disclosure, including temporary exemption, such as that for drafts of documents that are intended for publication. A note of the exemptions that might be relevant to the protective markings is included in Table 2 (ANNEX). However, nothing in this guidance should be taken as authoritative advice on the operation of the Freedom of Information Act. Further information about the Act and its exemptions (including the application of the “public interest” test) is available on the website of the Information Commissioner (www.informationcommissioner.gov.uk).]

Digital Information Policy Department of Health January 2009

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 31 of 34 This is version R9/07 - April 2014

Appendix 4 ANNEX Classification of NHS Information - Marking Guidance for NHS Organisations NHS CONFIDENTIAL - appropriate to paper and electronic documents and files containing person-identifiable clinical or NHS staff information and other sensitive information. NHS PROTECT – Discretionary marking that may be used for information classified below NHS Confidential but requiring care in handling. Descriptors may also be used as required..

Table 1 – Descriptors that may be used with “NHS CONFIDENTIAL” or “NHS PROTECT” marking Category

Definition

Appointments

Concerning actual or potential appointments not yet announced.

Barred

Where there is a statutory (Act of Parliament or European Law) prohibition on disclosure, or disclosure would constitute a contempt of Court (information the subject of a court order).

Board

Documents for consideration by an organisation’s Board of Directors, initially, in private. (Note: This category is not appropriate to a document that could be categorised in some other way.)

Commercial

Where disclosure would be likely to damage a (third party) commercial undertaking's processes or affairs.

Contracts

Concerning tenders under consideration and the terms of tenders accepted.

For Publication

Where it is planned that the information in the completed document will be published at a future (even if not yet determined) date.

Management

Concerning policy and planning affecting the interests of groups of staff. (Note: Likely to be exempt only in respect of some health and safety issues.)

Patient Information

Concerning identifiable information about patients

Personal

Concerning matters personal to the sender and/or recipient.

Policy

Issues of approach or direction on which the organisation needs to take a decision (often information that will later be published).

Proceedings

The information is (or may become) the subject of, or concerned in a legal action or investigation.

Staff

Concerning identifiable information about staff

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 32 of 34 This is version R9/07 - April 2014

Table 2 - Freedom of Information Act Exemptions Possible Exemption [section(s) of the FOI Act] Category Appointments

S 40

Personal information (may be subject to a public interest test)

Barred

S 44

Legal prohibitions on disclosure

Commercial

S 43

Commercial interests (subject to a public interest test)

Contracts

S 43

Commercial interests (public interest test)

For Publication

S 22

For future publication (public interest test)

Management

S 38

Endanger health and safety (public interest test)

Personal

S 40

Personal Information (may be subject to public interest test)

Policy

S 22

For future publication (public interest test)

Proceedings

S 30

Investigations and proceedings

S 31

Law enforcement

Board

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

Page 33 of 34 This is version R9/07 - April 2014

APPENDIX 5

MONITORING FORM

R9 – Records Management Policy

POLICY / PROCEDURE:

MONITORING TEMPLATE

Minimum Requirement to be Monitored

Where Described in the Policy

WHO (which staff / team / dept)

Access to Records

Sections.11 & 17

IAO

Destruction of Hard Copy Records

Sections. 15 and 17

Central Records Manager/IAO

Sections14 & 17

Central Records Manager/IAS/SIRO

Sections 15 and 17

Central Records Manager/IAO

End of life Records Review of Retention/ disposal of Scanned Records

West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008

HOW MONITORED (Audit / process / report / scorecard) - list details Audit Function in EDMS Report received from Central Archive Report from EDMS and Central Archive List of scanned records from Central Archive

HOW MANY RECORDS (No of records / % records)

FREQUENCY (monthly / quarterly / annual)

REVIEW GROUP (which meeting / committee)

OUTCOME OF REVIEW / ACTION TAKEN (Action plan / escalate to higher meeting)

Up to 15% of users in Service

Quarterly and as required

ISO with Service Management

Escalated to SIRO if issues found

Quarterly

IAO/SIRO

Escalated to TRIGG and/or CTOG

6 Monthly

IAO/SIRO

Escalated to TRIGG and/or CTOG

6 Monthly

Central Records Manager/IAS

All Records to be destroyed All records reaching end of life in period All scanned records in period

Page 34 of 34 This is version R9/07 - April 2014

Escalated SIRO if issues