Policy: R9 Records Management and Information Lifecycle Policy Incorporating the Records Management Information Lifecycle Strategy Version:
R9/07
Ratified by:
Trust Management Team
Date ratified:
16th April 2014
Title of Author:
Records Management Consultant
Title of responsible Director
Medical Director
Governance Committee
Trust Information and Governance Group
cords Information Lifecycle Policy Date issued:
17th April 2014
Review date:
October 2015
Target audience:
All staff Trust wide
Disclosure Status
B - Can be disclosed to patients and the public
N/A
EIA / Sustainability Implementation Plan
Other Related Procedures or Documents: H8 - Medical Records Policy;
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 1 of 34 This is version R9/07 - April 2014
Equality & Diversity statement The Trust strives to ensure its policies are accessible, appropriate and inclusive for all. Therefore all policies will be required to undergo an Equality Impact Assessment and will only be approved once this process has been completed Sustainable Development Statement The Trust aims to ensure its policies consider and minimise the sustainable development impacts of its activities. All policies are therefore required to undergo a Sustainable Development Impact Assessment to ensure that the financial, environmental and social implications have been considered. Policies will only be approved once this process has been completed
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 2 of 34 This is version R9/07 - April 2014
Version Control Sheet Version
Date
R9/01
Feb 08
R9/02
April 08
R9/02
April 08
R9/03
R9/04
R9/05
Status
Comment
Information Governance Manager Information Governance Manager Information Governance Manager
N/A
New Policy developed
Draft for ED’s
Incorporating amendments from IG Forum members
Draft for ED’s - to ODG meeting held 23/04/08
ODG agreed the revised policy and strategy would be sent out for Trust st wide consultation period ending 1 August 08
Oct 08
Information Governance Manager
New Policy issued to staff on 10.10.10
Do you want to change erroneous date?
March 2010
IG Manager
Working document
Information Governance Manager
Revised Policy issued
Information Governance Manager
Revised Policy
Update to Policy name and contents to reflect Department of Health Information Governance Toolkit requirements Submitted to Trust Policy Review th Group 6 April 2010. Further work done to ensure NHSLA compliant. Following consultation ending 06.08.10 to be represented at the th PRG on 17 August 2010 – approved. Update to Policy to ensure compliance with NHSLA standards.
th
27 Aug 2010
R9/06
Title of Author
8 August 2011
Amendments: Section 9.1, Retention, Section 12.2 Compliance & Training, Merged and amended Section 13 .1 Audit & Section 14.2 Review and B2.6 Audit and B3 Review to ensure consistency. Removed outdated Implementation Plan. th
R9/07
05 November 2013 – March 2014
Records Management Consultant
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Revised Policy
Present to 25 August Policy Review Group for approval – approved. Updated into new template. All sections amended. Emphasis on Electronic storage as preferred archival. Trustwide consultation ending 23.12.13
Page 3 of 34 This is version R9/07 - April 2014
Content
Page No.
1.
Flowchart
5
2.
Introduction (includes purpose)
5
3.
Scope
7
4.
Definitions
7
5.
Duties
9
5.1
Chief Executive
9
5.2
Accountable Director
9
5.3
Managers
10
5.4
Policy Author
10
5.5
Local Records Managers /Information Asset Owner
10
5.6
Central Records Manager
10
5.7
All Staff
10
6
Systems & Recording
10
7.
Creation
10
8.
Maintenance and Storage
11
9.
Disclosure
12
10.
Transfer
12
11.
Access and Audit
12
12.
Retention
13
13.
Closure and Archiving
14
14.
Appraisal and Disposal
14
15.
Destruction of Scanned Paper Records
15
16.
Compliance/Training
15
17.
Monitoring
16
18.
Fraud Statement (if required)
17
19.
References
17
20.
Supporting documents
17
21.
Glossary of Terms/Acronyms
17
22.
Appendices
18
Appendix 1 – Guidelines for Indexing Records
19
Appendix 2 – Minimum Retention Periods for Clinical Records
20
Appendix 3 – Minimum Retention Periods got non-Health (Corporate) Records
23
Appendix 4 - Guidance for the Classification Marking of NHS Information
29
Appendix 5 – Monitoring Template
35
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 4 of 34 This is version R9/07 - April 2014
1.
FLOWCHART The flowchart below illustrates the lifecycle of records from their creation through to their archival or disposal. The definition of Records Lifecycle and the explanation of its various stages is given in Section 4, Records Management. Archive Create
Index
Store
Appraise Dispose
2.
INTRODUCTION
2.1
The purpose of this policy is to define the aims and objectives of the West London Mental Health NHS Trust to manage its information assets through effective Records Management.
2.2
This document sets out a framework within which the staff responsible for managing the Trust’s records can develop specific policies and procedures to ensure that records are managed and controlled effectively, and at best value, commensurate with legal, operational and information needs.
2.3
Records Management is the process by which an organisation manages all the aspects of their information assets whether internally or externally generated and in any format or media type, from their creation, all the way through their lifecycle to their eventual disposal.
2.3
The Records Management: NHS Code of Practice© has been published by the Department of Health as a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.
2.4
The aims of the Trust’s Records Management System are to ensure that: records are primarily retained in an electronic format except where valid legislative, historical, research or financial considerations so dictate. records are available when needed - from which the Trust is able to form a reconstruction of activities or events that have taken place; records can be accessed - records and the information within them can be located and displayed in a way consistent with its initial use, and that the current version is identified where multiple versions exist; records can be interpreted - the context of the record can be interpreted: who created or added to the record and when, during which business process, and how the record is related to other records; records can be trusted – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated; records can be maintained through time – the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format; records are secure - from unauthorised or inadvertent alteration or erasure, that access and disclosure are properly controlled and audit trails
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 5 of 34 This is version R9/07 - April 2014
will track all use and changes. To ensure that records are held in a robust format which remains readable for as long as records are required; records are retained and disposed of appropriately - using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value; and staff are trained - so that all staff are made aware of their responsibilities for record-keeping and record management. 2.5
The Trust’s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision-making, protect the interests of the Trust and the rights of patients, staff and members of the public. They inform, support and aid patient care; support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways.
2.6
Information should be: Clearly, relevantly and completely recorded Stored electronically on the Trust’s Electronic Document Management System (EDMS) and other Electronic Systems by CSU’s where such systems have been implemented; and by the remaining CSU’s after subsequent implementations. These will be in accordance with the Digital Archival Process (below) where unless dictated otherwise by regulatory requirements and scientific or historical archival purposes. Shared electronically within the Trust and not reprinted, copied or emailed in order to reduce risks to confidentiality, to avoid duplication and to maintain the integrity of the record Kept up to date (by use of use version control) Stored securely where it can easily be found when necessary Security marked (classified) as appropriate Suitably destroyed in accordance with retention schedules
2.7
The Trust Board has adopted this records management policy and is committed to ongoing improvement of its records management functions as it believes that it will gain a number of organisational benefits from so doing. These include: better use of staff time; improved control of valuable information resources; compliance with legislation and standards; and reduced costs. better use of physical and server space;
2.8
The Trust also believes that its internal management processes will be improved by the greater availability of information that will accrue by the recognition of records management as a designated corporate function.
2.9
This policy should be read in conjunction with the Trust’s Records Management and Information Lifecycle Strategy (Appendix B) and the embedded Implementation Plan
2.11 This policy is intended to provide standards against which records management procedures and record-keeping can be audited and monitored to inform risk management and identify areas for improvement.
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 6 of 34 This is version R9/07 - April 2014
3.
SCOPE
3.1
This policy relates to all clinical and non-clinical operational records held in any format by the Trust as detailed in the Department of Health’s publication Records Management: NHS Code of Practice©, ie: all administrative records (For example: HR, Estates and Facilities, Security, Financial and Accounting, Audit, Complaints, Supplies and Procurement, Project Management, Communications, Contractual, Corporate Policies and Policy Archives); and all patient health records for all specialties and including records for private patients treated on NHS premises.
3.2
This policy applies to: all employees of the Trust other individuals and agencies who may gain access to information, such as, but not limited to, volunteers, visiting professionals, researchers, and organisations providing services to the organisation.
3.3
This policy relates to all and any information kept on all and any media including but not limited to: electronic (any clinical information system, Electronic Document Management System(s), floppy disc, solid state drives, flash drives, hard drives, CD, DVD, or any electronic media stored on, for example, an operational clinical, HR or finance system); paper photographs; X-rays, scans and audio or video recordings.
4.
DEFINITIONS All definitions apply equally to all records, irrespective of the medium in which they are held.
4.1
Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are: record creation; record capture; record storage & maintenance (file structure, tracking and tracing); access and disclosure; closure and transfer; appraisal; archiving; and disposal.
4.2
Records are defined as ‘recorded information, in any form, whether created, received or stored in any media, which is required to be retained by the Trust in the transaction of its business or conduct of its affairs and kept as evidence of such activity’. Records cannot be amended. However, they can be superseded by a new version whilst retaining any and all previous version(s).
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 7 of 34 This is version R9/07 - April 2014
4.2.1 Records Life Cycle describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention and archival (such as closed files which may still be referred to occasionally) and finally either permanent archival preservation or confidential destruction and disposal.. 4.2.2 Master Record is the record retained by the Trust which will be used as the only credible and authoritative evidence of the business transaction and decision. By definition, the Master Record will be an electronic record stored in the Trust’s EDMS with the exception of those records that are required to be kept in original hard copy format for legal, historical or research purposes. 4.3
Capture refers to the identification of a document as a record and placing it within the shared record keeping system so that it can be located when required
4.4
Folder is an electronic or paper (cardboard) container used to store records of a given category within a system
4.4.1 Folder (File) Structure is the hierarchy of Folders within an Electronic Document Management System (EDMS) 4.4.2 Electronic Document Management System (EDMS) is a system designed to organise and manage records and documents that enables these to be stored, safeguarded and accessed electronically with an audit of all activities. 4.4.3 Indexing is the process of capturing metadata relevant to the record to be stored. 4.4.4 Metadata provides information about the content and characteristics of a record. Metadata allows records to be retrieved and managed. 4.4.5 Index Log is the register of the records kept by the Trust or on its behalf by archive providers. It records the receipt, transfer, removal and disposal of the record. By its nature as a database, the EDMS updates and maintains such information for the records it holds. 4.5
Information is a corporate asset. The Trust’s records are important sources of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.
4.5.1 The Senior Information Risk Owner (SIRO) is an executive who is familiar with and takes ownership of the organisation’s information risk policy and acts as advocate for information risk on the Board. The Trust’s SIRO is Director of Finance/Deputy Chief Executive.
4.5.2 The Information Asset Owner (IAO) is a senior member of staff, normally the Service Director or his/her deputy, who is the nominated owner for the information assets within the Service. IAOs work closely with other IAOs of the Trust to ensure there is comprehensive asset ownership and clear understanding of responsibilities and accountabilities, especially where information assets are shared by multiple services. Their role is to understand and address risks to the information assets they ‘own’ and to provide assurance to the SIRO on the security and use of those assets. 4.6
Archiving is the process of storing records and documents within a system that allows for the record to be retained, safeguarded and accessed until disposal.
4.7
Disposal is a formal decision taken on the final status of a record (or set of records) to either destroy the records, transfer them to another organisation for
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 8 of 34 This is version R9/07 - April 2014
permanent preservation or retain them within the records management system for appraisal at a later date. 4.7.1 Appraisal refers to the process of determining whether records are worthy of permanent archival preservation. 4.7.2 Retention schedule (Disposal schedule) identifies types of records and specifies the minimum periods for which they will be kept before they are appraised and the decision on disposal is made.
5.
DUTIES
5.1
Chief Executive The Chief Executive has overall responsibility for Records Management in the Trust. As accountable officer he/she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available as required The Trust has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.
5.2
Accountable Directors
5.2.1 Medical Director The Medical Director is the Trust’s Caldicott Guardian who has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. He/she is responsible for ensuring patient identifiable information is shared in an appropriate and secure manner. 5.2.2 Senior Information Risk Owner (SIRO) The Deputy Chief Executive – Director of Information and Finance is the executive who is familiar with and takes ownership of the Trust’s information risk policy and acts as advocate for information risk on the Board. 5.3
Managers
5.3.1 The Trust’s Information Governance Manager/Trust Records and Information Governance Group is responsible for ensuring that this policy is communicated and implemented and that the records management system and processes are developed, co-ordinated and monitored. 5.3.2 Information Management & Technology Department have a responsibility to provide tools to aid in the management of electronic records and this will include the storage, security, audit, removal and accessibility of them. 5.4
Policy Author The Policy Author is the Trust’s Information Governance Manager who is responsible for the review of this policy as well as ensuring the implementation and monitoring is communicated effectively throughout the Trust via IAOs, Managers and Local Policy Leads. .
5.5
Local Records Managers/Information Asset Owners (IAO’s) The responsibility for implementing this policy locally is devolved to the specified Service Directors or their deputies who will act as Information
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 9 of 34 This is version R9/07 - April 2014
Asset Owners. It is also the responsibility of every Information Asset Owner (IAO) to ensure local managers develop procedures for their area that cover all of the ‘records’ that form the information assets within their remit, using this policy and references. 5.6
Central Records Manager The Central Records Manager is responsible for the overall development and maintenance of records management practices throughout the Trust, in particular for drawing up guidance for good records management practice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of archived information.
5.7
All Staff All Trust staff in all Trust Services, whether clinical, corporate or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work in the Trust and manage those records in keeping with this policy and with any guidance subsequently produced.
6.
SYSTEMS & RECORDING The Trust uses Documentum EDMS (Electronic Document Management System) as the System for the management of its Records. EDMS enables records: To be securely retained To be accessed by authorised users To audit and record access To be assigned Metadata which catalogues archived information To be retrieved by search criteria To have an assigned appraisal and destruction date
7.
CREATION
7.1
Each department should have a process for documenting its activities, taking into account the legislative and regulatory environment in which it operates. The process must be approved by the relevant IAO. All of these activities must be maintained as a complete and accurate record and stored in the Trusts EDMS or other approved repository to provide safe, rapid and easy access.
7.2
In the application of this policy, an effective process should be implemented and maintained by each Trust area and Service to capture, manage, store, archive and provide access to records through the Trust’s EDMS. The record keeping process should be easily understood and include a documented set of rules developed by the Central Records Manager and approved by the IOA and/or the Trust Records and Information Governance Group,
7.3
Naming Conventions and Metadata are rules used to Index records which enables them to be identified by using terms applying to the type of record being stored or archived. The Trust will establish naming conventions and metadata standards for medical and corporate records respectively.
7.4
Classification (ie. Confidential, NHS Protect, Public) is an essential part of the successful and safe management of information in the Trust. In this policy, the Trust adopts DH guidance for the classification marking of NHS Information and
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 10 of 34 This is version R9/07 - April 2014
Managers preparing local policies should use this system - Guidance for the Classification Marking of NHS Information given in Appendix 4 7.5
Quality: Records must be maintained as accurate and complete in order to; facilitate audit; fulfil Trust responsibilities; and, to protect the Trust’s legal and other rights. Records should show proof of their validity and authenticity so that any evidence derived from them is clearly credible and authoritative.
7.6
A document becomes a record when it has been finalised and becomes part of the Trust’s information assets. At this point, the record cannot be amended and must be stored in the Trust’s EDMS excepting those records which are required to be retained in their hard copy format due to legislative, historical or research purposes. Through the application of metadata, the EDMS ensures that records are auditable and version controlled.
8.
MAINTENANCE AND STORAGE
8.1
The Trust’s default storage medium for its records is its Electronic Document Management System(s) (EDMS) or other designated electronic system used by the Trust for the storage of records. For the purposes of this Policy, EDMS refers to all electronic storage systems, All records will be stored on the EDMS irrespective of the format and medium in which they were originally created with the exception of those detailed in 8.3.1 and 8.3.2 below. Records stored on the EDMS must be clearly indexed by allocating metadata according to a prescribed format and stored in a folder structure appropriate to the Service and record The EDMS will be subject to documented and auditable access, modification and versioning of records
8.2
The Trust’s shared (hard) drives and any local or personal drives may not be used for the storage of electronic records.
8.2.1 Certain records may be required to be retained in their original media to meet regulatory, historical or research archival obligations. These records: Must be archived in the Trust’s designated off-site storage facility or other designated facility providing safe, clean and secure environment with controlled access. Must be easy to retrieve with an auditable trail of their movement within or out of the storage facility 8.3
Records may be retained temporarily in their existing storage medium in CSUs where EDMS has not yet been introduced until the implementation of EDMS. At which time records must be transferred to EDMS.
8.4
With the exception of certain paper records of legislative, historical or research interest (including Broadmoor Hospital records), all paper records are stored at the Trust’s central archiving facility operated by Cleardata.
8.5
Services must send their paper records to the central archive facility or other approved repository and ensure that these records contain easily accessible information for the record to be properly indexed.
8.6
The Trust’s guidelines for the indexing of records are given in Appendix 1
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 11 of 34 This is version R9/07 - April 2014
9.
DISCLOSURE
9.1
There is a complex array of legal and professional obligations that limit, prohibit or set conditions in respect of the management, use and disclosure of information and similarly, a range of statutes that permit or require information to be used or disclosed.
9.2
Only the specific information required should be disclosed to authorised parties and always in accordance and with strict adherence to the Data Protection Act 1998 and the Freedom of Information Act 2000. The key statutory requirements can be found in Annex C of the Records Management: NHS Code of Practice (Part 1): http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolic yAndGuidance/DH_4131747
9.3
The Trust will continually review the legal statutes and professional obligations placed upon it to ensure good practice in the use and/or disclosure of information. Good practice will be integral to the NHS Confidentiality Code of Conduct adopted by the Trust and staff must follow the guidelines contained therein at all times. If in doubt regarding the disclosure of any information that has the potential to identify a patient or person, staff should refer any questions to the Trust Caldicott Guardian/Information Governance Manager.
10.
TRANSFER
10.1
The mechanism for transferring records from one organisation to another must be tailored to the sensitivity of the material concerned and the media on which it is held. Records must only be transferred when there is appropriate authority to do so, e.g. patient consent or relevant legislation.
10.2
For electronic transmission of records, all staff must comply with the Trust’s IM&T Security Policy: I2
10.3
Paper records must be transferred using methods appropriate to their classification.
11.
ACCESS AND AUDIT
11.1 Records held at the Trust’s central archive facility may be accessed by completing a request form available in the EDMS. Paper records will be digitally scanned upon request and loaded to the EDMS as an electronic record. The request will be subject to audit and will show the user, date and reason for the request. Once scanned, records must be viewed through the EDMS. 11.2 Users must inform the Central Records Manager of any errors or defects in the scanned record within 30 days of the record being available in the EDMS. Where such notification is not received, the scanned record will be deemed as the Master Record and the paper original will be prepared for destruction. See Section 13. 11.3 The Trust’s EDMS provides an audit trail for all electronic records that have been accessed. The audit trail will show: User Record(s) accessed West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 12 of 34 This is version R9/07 - April 2014
Date, time and duration of access Action, i.e. viewing, extraction, versioning, etc. 11.4 Electronic records must not be printed or emailed within the Trust. Users must view electronic records through the EDMS to which they have access subject to their rights to the patient administration system (RiO) or the Electronic Staff Record. 11.5 Where, for exceptional reasons, the paper record is requested from the Trust’s central archive or other approved storage facility an entry of the request must be made on the Index Log of the record showing: Requesting user name, User’s location and/or department, Date of request Reason for request Number of files (volumes) and pages dispatched. Date dispatched Date returned The Index Log will be maintained by Cleardata, the Trust’s archiving partner or the IAO or his/her deputy responsible for the approved storage facility. The Central Records Manager will receive copies of the logs monthly or on demand. 11.6 The physical movement of records within the Trust and to/from its archives will be undertaken in a safe and secure way. Wherever possible and practicable, the Trust’s porters will move paper records within the Trust and Cleardata staff will be responsible for delivery and collection of records for the central archive. Logistics providers contracted to the Trust will be used in other cases. 11.7 It is the responsibility of users, their managers and the appropriate IAO to ensure records are returned to storage.
12.
RETENTION
12.1
It is a fundamental requirement that all of the Trust’s records are retained for a minimum period of time for legal, operational, research and safety reasons. The length of time for retaining records will depend on the type of record, its importance to the Trust’s business functions and applicable legislation.
12.2
The Trust adopts the NHS Records Management Code of Practice 2006, Annex D 1 Health Records and Annex D2 Business & Corporate Records as the basis for its retention schedules, a copy of which can be found on the Trust’s Internet. (see http://theexchange/sorce/docs/dt27051v/1893_0/NHS_Code_of_Practice.pdf see also: http://theexchange/sorce/docs/dt27051v/1896_0/Records_Management_COP_ 1.pdf http://systems.hscic.gov.uk/infogov/links/recordscop2.pdf Local retention schedules may be increased, but not shortened, with the approval of the IAO.
12.3
The Trust’s key minimum retention schedules are given in Appendix 2 for clinical records and Appendix 3 for corporate and non-clinical records.
12.4
The following Record types are covered in this schedule, regardless of the media on which they are held:
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 13 of 34 This is version R9/07 - April 2014
All clinical records Administrative records, including personnel, estates, financial and accounting records, and notes associated with complaint handling; photographs, slides and other images (clinical and non-clinical); microform i.e. microfiche/microfilm); audio and video on tapes, cassettes and all digital media o Audio and video on analogue media should be transferred to digital media to ensure long term preservation e-mails; computerised records; and scanned documents 12.5
If further advice is sought in unusual circumstance relating to non-health records contact the Trust’s Information Governance Manager.
12.6
If further advice is sought in unusual circumstance relating to health records refer to the Trust’s Health Records Policy H8.
13.
CLOSURE AND ARCHIVING
13.1
Records that have ceased to be in active use other than for reference purposes should be closed and archived.
13.2
Where a record is no longer used on a regular basis, but is still within its minimum retention period, it should be archived subject to compliance with documented procedures.
13.2.1 The EDMS serves simultaneously as a repository and as an archive. Therefore, no action will be taken with closed or archived electronic records until such records reach the end of their minimum retention period. The records will then be appraised according to Section 14 below. 13.2.2 Physical records should be transferred to secondary storage and clearly marked on the Index Log. The Log should show Date of closure Authority for closure Location of record
14.
APPRAISAL AND DISPOSAL
14.1
It is required that all the Trust’s records are retained for a minimum period of time for legal, operational, research and/or safety reasons. This minimum period may be extended in a ‘local retention schedule’ approved by the Information Asset Owner (IAO).
14.2
At the end of the minimum retention period, as defined by the Records Management: NHS Code of Practice 2006 or local retention schedule, records must be appraised to determine whether they should be destroyed or warrant permanent archival. The appraisal must be performed by the Information Asset Owner (IAO) and recorded on the Index Log.
14.3
Where it is decided to permanently archive the record, it must be offered to the National Archives or an approved Place of Deposit.
14.4
Records that are to be destroyed must have safeguards to ensure confidentiality at every stage of the process.
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 14 of 34 This is version R9/07 - April 2014
14.5
Electronic records must be deleted from the EDMS. An audit report will be produced from the EDMS every 3 months (quarterly) detailing those records that have been deleted from the system.
14.5.1 Paper records must be destroyed by approved Trust staff or by approved contractors who follow recognised industry standard and auditable processes. Records must be shredded using Level 3 cross shredders or above and subsequently incinerated or sent for recycling. A Certificate of Destruction must be issued detailing the records that have been destroyed. 14.6
If there is any doubt regarding the appropriateness of disposing of any records, these should be referred via line management to the Trust’s Senior Information Risk Owner (SIRO).
15.
DESTRUCTION OF SCANNED PAPER RECORDS
15.1 Paper records that have been scanned will be placed in a holding area at the archival site awaiting response from the requesting user regarding quality, completeness or other issues with the scanned document. If no response is received within 30 days following the availability of the scanned record on the EDMS, the scanned paper record will be placed in an area awaiting destruction. 15.2 The archive location will update the Index Log with details of the records awaiting destruction. This Index Log will be forwarded to the Central Records Manager on the last working day of each month. 15.3 The Central Records Manager (CRM) will verify that an electronic record exists in the EDMS for the paper records selected for destruction. Where no electronic record exists, the archive will be notified to return the record to storage. The CRM will notify the Information Asset Owner(s) of the records selected to be destroyed. 15.4 Objection(s) to the destruction must be received by the CRM within 10 working days of the notification. The reason(s) for the objection(s) must be detailed. If the objections are valid, the records will be replaced in the archive and this action and any other comments noted on the Index Log. 15.5 If no objection(s) are raised, the CRM will make arrangements for destruction of the records, together with any paper records requiring destruction after appraisal. See Section 14 above. 15.6 The destruction of the paper records will be in accordance with the process given in Section 14. Para 14.5.2 above.
16.
COMPLIANCE/TRAINING
16.1
Compliance with this policy and related policies is the duty of every member of staff.
16.2
All Trust staff will be made aware of their responsibilities for record-keeping and record management and managers will ensure that their staff complete the Information Governance E-learning module for Records Management where appropriate.
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 15 of 34 This is version R9/07 - April 2014
16.3
Trust staff responsible for the implementation and continuous maintenance of this Policy will receive mandatory training in accordance with M12 – Mandatory Training Policy.
16.4
Staff should regularly review this policy and related policies, to ensure they are aware of their own individual responsibilities.
17.
MONITORING
17.1 The Trust will monitor this policy through the following:
How and when Audit of records loaded to EDMS and retained in hard copy in archives
Purpose To ensure records are correctly loaded and retained according to policy
Reporting Structure Central Records Manager to:
Decision to dispose of or permanently archive the records
Central Records Manager to:
Reporting on destruction due to end of minimum term and previously scanned documents.
Central Records Manager to:
Ensure authorised access
Information Asset Owner to:
Validate actions taken on EDMS, i.e. version control, deletions, etc.
SIRO
Bi-Annually (6 monthly) Appraisal of records which have exceeded their minimum retention period
Information Asset Owner
Information Asset Owner/SIRO
Bi-Annually (6 monthly) Destruction of paper records Quarterly
Audit of access to electronic (EDMS) records via the Audit Tool in the EDMS
Information Asset Owner/SIRO
Quarterly
17.2 The Trust will regularly audit and review its records management practices for compliance with this framework as part of the NHS Connecting for Health Information Governance Toolkit annual assessment. 17.3
The results of audits will be reported via the Trust Records and Information Governance Group to provide assurance to the Trust Board.
17.4
This policy will be reviewed every two years (or sooner if new legislation, codes of practice or national standards are introduced).
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 16 of 34 This is version R9/07 - April 2014
18.
FRAUD STATEMENT Not applicable
19.
REFERENCES (EXTERNAL DOCUMENTS) Legislation and NHS Codes aligned with this policy include: Data Protection Act 1998; Freedom of Information Act 2000; Environmental Information Regulations 2004; NHS Confidentiality Code of Practice: and Records Management: NHS Code of Practice 2006
20.
21.
SUPPORTING DOCUMENTS (TRUST DOCUMENTS) H8 - Medical Records Policy
I2 – IM&T Security Policy
D5 – Data Protection Policy
F5 – Freedom of Information Act
I5 – Information Governance Framework
M12 – Mandatory Training Policy
GLOSSARY OF TERMS / ACRONYMS NHS
National Health Service
EDMS
Electronic Document Management System
IAO
Information Asset Owner
IM&T
Information Management and Technology
SIRO
Senior Information Risk Owner
TRIGG
Trust Records and Information Governance Group
Cleardata
The Trust’s partner for the archiving of paper documents
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 17 of 34 This is version R9/07 - April 2014
22.
APPENDICES
Appendix 1 – Guidelines for Indexing of Records Records loaded into the EDMs will be indexed using metadata input into the EDMS Loading (Documentum Automation) Tool shown below. The format of the Tool will be standardised across all Services in the Trust which are or will be using the EDMS as the repository for their records
Explanation of Fields Application: This will default to the Service or department to which the user has rights Documents (Records) to be Loaded: Records that a user wisheds to load to the EDMS will be saved to a virtual Z drive on the user’s PC. (see screenshot below). Users can save Records to the Z drive from their desktop or copy from any shared or other drive on the Trust’s network to which they have access.
The Record(s) loaded to the Z drive will appear in the Documents to be Loaded panel
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 18 of 34 This is version R9/07 - April 2014
Document Details: These are the indexing fileds which make up the Metadata for the Record Document Type – The Main Folder into which the document/record is to be stored Document Sub-Type – The Sub-Folder, if any, within the above Main Folder Author – The person or organisation which is the creator or originator of the document/record Document Date – The date when the document was created. Assigned Employee/Patient This field is used to designate the Employee or Patient in whose folder structure the document /record is to be deposited. This field will be blank for Services and departments other than Clinical, HR or Occupational Health Comment The user may enter comments regarding the document/record being uploaded. Completion of this field is optional.
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 19 of 34 This is version R9/07 - April 2014
NHS Information Governance
Appendix 2 – Minimum Retention Periods for Clinical Records Note: Where a record type is not shown the minimum retention period will be as specified in the NHS Records Management Code of Practice 2006, Annex D 1 Health Records
Description of Record
Retention (Years)
Notes
Admission books
8 years after the last entry
Local decisions should be made with regard to the permanent preservation of these records, in consultation with relevant health professionals and places of deposit.
Asylum seekers & refugees (NHS Personal Health Record – Patient-held Record) Chaplaincy Records
Patient held – no requirement on NHS to retain. 2 years
Computerised records
Death registers (i.e. register of deaths kept by the hospital)
2 years
Discharge Books
8 years after the last entry
Health records - personal/patients Hospital patient case records (individual)
Children and young people
Clinical Psychology Clinical Trials Records of patients involved in clinical trials Controlled drug registers and
Likely to have archival value The recommended minimum retention periods apply to both paper and computerised records, All patient health records are stored on Rio/PsyMon/EDMS and conform to retention recommendations. London: Permanent, some with Metropolitan Archives Broadmoor: Death registers not held, deaths recorded in discharge books Likely to have archival value London: see separate record types Broadmoor: Permanently preserved See below
Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period
London: Schedule agreed with responsible health authority destroy at age 25 or 26 if 17 when treatment concluded. These are NOT mental health records. Broadmoor: No records for Children and young people.
30 years At least 5 years after conclusion of treatment. See Records Management COP
15 years after trial ended (very few held)
2 years
Individual retention periods from
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 20 of 34 This is version R9/07 - April 2014
prescriptions Dietetic & Nutrition
Forensic Medicine records (including pathology, toxicology, haematology, dentistry, DNA testing, post- mortems forming part of the Coroner’s report, and human tissue kept as part of the forensic record)
Mentally disordered persons (within the meaning of the Mental Health Act 1983)
General (not covered above) Microfilm/microfiche records relating to patient care Occupational Therapy Records Occupational Health Records (Staff) Out-patient lists
Patient Activity Data
Hospital Pharmacists Group 2003 Retain for the period appropriate to the speciality. For post-mortem records which form part of the Coroner’s report, approval should be sought from the Coroner for a copy of the report to be incorporated in the patient’s notes, which should then be kept in line with the speciality, and then reviewed. All other records retain for 30 years. 20 years after the date of last contact between the patient/client/service user and any health/ care professional employed by the mental health provider, or 8 years after the death of the patient/client/service user if sooner NB Mental health organisations may wish to keep mental heath records for up to 30 years before review. Records must be kept as complete records for the first 20 years in accordance with this retention schedule but records may then be summarised and kept in summary format for the additional 10-year period Social services records are retained for a longer period. Where there is a joint mental health and social care trust, the higher of the two retention periods should be adopted 8 years after conclusion of treatment.
Broadmoor - a copy of the postmortem report is held on the patient file London: Where not required by hospital, accessible via Coroner
London: destroyed 20 years after treatment. Older H&F records held on microfiche by Hamm Hospitals Trust. Pre 1978 Ealing records with LMA. Where not open to public only accessible with consent from WLMHT. Broadmoor health records are permanently preserved. They are most valuable in terms of archival and research purposes. The Reading Public Record Office will be taking older records in 2006/07. A protocol is being prepared for the archiving, preservation and public access to these records.
Retain for period appropriate to speciality. Retain for period appropriate to speciality. 3 years after termination of employment unless litigation ensues (see litigation) 2 years after the year to which they relate
3 years
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Broadmoor: This is mainly statistical data and is invaluable for research. The keeping of such data has not been consistent up until the 1980s. There is no plan to destroy this Page 21 of 34 This is version R9/07 - April 2014
Pharmacy records
Physiotherapy Records Podiatry Records Records/documents related to any litigation
Research Records and Research databases (not patient specific) Serious Untoward Incident’ records
Individual retention periods from Hospital Pharmacists Group 2003. Retain for period appropriate to the speciality Retain for a period appropriate to the speciality As advised by the organisation’s legal advisor. All records to be reviewed. Normal review 10 years after the file is closed 30 years 30 years
Statistics (Korner returns, statistical returns to DH) Patient Activity Data
3 years from date of submission to DH
Ward Registers including daily bed returns
2 years after the year to which they relate
X-ray films
X-ray reports (including reports for all imaging modalities)
data. Patient activity data is also held outside of the Health Records Department (eg IT Depts, Performance Management, Security etc Retention complies with recommendations for the retention of pharmacy records, as published in the pharmacy journal, which are based upon HSC 1999/053
7 years
To be considered as a permanent part of the patient record
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Broadmoor: This is mainly statistical data and is invaluable for research. The keeping of such data has not been consistent up until the 1980s. There is no plan to destroy this data. Patient activity data is also held outside of the Health Records Department (eg IT Depts, Performance Management, Security etc). These records should be considered under HSC 1999/053. DH publish most of this information annually. Local decisions should be made with regard to the permanent preservation of these records, in consultation with relevant health professionals and places of deposit. London: Retained in & with patient records Broadmoor records retained for 20 years by Radiographer London: Retained in & with patient records Broadmoor records retained for 20 years by Radiographer
Page 22 of 34 This is version R9/07 - April 2014
Appendix 3 – Minimum Retention Periods for non- Health (Corporate) Records Note: Where a record type is not shown the minimum retention period will be as specified in the NHS Records Management Code of Practice 2006, Annex D 1 Health Records Description of Record
Retention (Years)
Notes
ADMINISTRATIVE (CORPORATE & ORGANISATION) Accident Forms
10 years
Accident Register (RIDDOR)
8
Agendas & minutes
2
Business Plans
20 10 years from completion of action 5
Following term of office
2
Not held by Trust
1
Electronic diaries retained for 2 years and then deleted
Complaints CVs for non-executive directors (successful) CVs for non-executive directors (unsuccessful applicants) Diaries (manual and electronic) - office - on completion
Freedom of Information requests
3 years after full disclosure; 10 years if information is redacted or the information requested is not disclosed
History of Authority or Predecessors, its organisation and procedures
30
Laundry Lists and Receipts
2 years From completion of the audit
Litigation Dossiers (complaints including accident reports)
10
Minutes & agendas of the NHS Trust or Health Authority, major committees and subcommittees -signed Mortgage documents (acquisition, transfer and disposal) Nurses Training Records Papers of minor or short-lived importance Press Cuttings Products – Liability West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
See Litigation dossiers Reporting of injuries, diseases and dangerous occurrences regulations, reg.7 Social Security (Claims and Payments) Regulations, reg. 25 Other than Board meetings, committees & sub-committees (see below)
Permanent preservation
Where a legal action has been commenced, keep as advised by legal representatives.
30 years 6 years after repayment 30 2 years after the settlement of the matter to which they relate 1 11
Consumer Protection Act 1987 Page 23 of 34 This is version R9/07 - April 2014
Description of Record Project Files (over £100,000) on termination – including abandoned or deferred projects Project Files (less than £100,000) on termination Project Team Files - summary retained Quality Assurance Records Receipt for registered and recorded delivery mail Receipts Record of custody and transfer of keys Reports (major) Requisitions Research ethics committee records
Retention (Years) 6 years
3 years 2 2 6 2 years after last entry 30 years 1.5 years 30 years from date of decision 6
Subject access requests (DPA and AHR– records of requests
3 years after last action 2 years from completion of audit
ESTATES/ENGINEERING Buildings and engineering works, inclusive of major projects abandoned or deferred - key records, (e.g. Final accounts, surveys, site plans, bills of quantities) Buildings and engineering works, inclusive of major projects abandoned or deferred - town and country planning matters and all formal contract documents Buildings - papers relating to occupation (but not Health & Safety information)
Deeds of Title
Engineering works Equipment West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
The schemes are generally refurbishments in existing building and I consider the 6 year period to be more relevant here.
2 years
Specifications
Surgical Appliances – Forms
Notes
The Limitation Act, 1980
Specifications are likely to form part of the project files for any one of the above and are therefore kept for the relevant period.
30
30
3 years after occupation ceases Retain while the organisation has ownership of the building unless a Land Registry certificate has been issued, in which case the deeds should be placed in an archive Lifetime of the building to which they relate 11
The general principle to be followed in regard to these records is that they should be preserved for the life of the buildings and installations to which they refer. Construction Design Management Regulations 1994
See Plans and Buildings
Page 24 of 34 This is version R9/07 - April 2014
Description of Record Inspection Reports - e.g. Boilers, lifts etc. Inventories of plant & permanent or fixed equipment Land Surveys/Registers Leases Plans - Building (As Built) Plans - Building (Detailed) Plans - Engineering Lifetime Property Acquisitions Dossiers Property Disposal Dossiers Surveys - building and engineering works
Retention (Years) Lifetime of installation 5 years after date of inventory 30 Period of the lease plus 12 years Lifetime of building or installation Lifetime of building or installation Lifetime of building or installation 30 30 Lifetime of building or installation
Notes
Limitation Act 1980
See Inspection reports See Inspection reports
FINANCIAL Accounts - Annual (Final - one set only)
30
Accounts - Cost Accounts - Working Papers Accounts - Minor records (pass books; payingin slips; cheque counterfoils; cancelled/discharged cheques (other than cheques bearing printed receipts –See Receipts); accounts of petty cash expenditure; travelling and subsistence accounts; minor vouchers; duplicate receipt books; income records; laundry lists and receipts.)
3 3
Audit Records - original documents Audit Reports (including Management Letters, VFM reports and system/final accounts memorandum) Bills, receipts and cleared cheques Bank Statements
Budgets Capital Charges Data
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Copies exist for the 6 years since the Trust created. Therefore compliant
2 years from completion of audit
2 years from completion of audit 2 years after formal completion by statutory auditor 6 2 years from completion of the audits 2 years from completion of the audit 2 years from completion of the audit
In conjunction with Auditors
Capital charges data going back 5 or 6 years. The capital charges data essentially consists of the asset register which is used to calculate the capital charges. We need the asset register data for at least five years for a number of reasons primarily because our assets are revalued every 5 years and it is useful to compare the previous revaluation figure e.g. 2000 with the current i.e. 2005 Page 25 of 34 This is version R9/07 - April 2014
Description of Record Cash Books
Cash Sheets
Creditor Payments
Debtors' records - cleared
Debtors' records - uncleared Demand Notes
Retention (Years) 6 years after end of financial year to which they relate 6 years after end of financial year to which they relate 3 years after end of financial year to which they relate 2 years from completion of the audit 6 years from completion of the audit 6
Estimates: including supporting calculations and statistics
3
Expense Claims
5
Funding Data
6
Invoices Ledgers Non-Exchequer funds records
6 6 30 6 years after termination of employment 6 years after termination of employment 6 years after termination of employment 10
Pay Roll - full-time medical staff
Pay Roll - other staff
PAYE Records Superannuation Accounts Superannuation Forms - SD55 (ADP) and SD55J (copies) Superannuation Registers Tax Forms VAT Records Wages/Salary Records
10
Notes The Limitation Act, 1980
The Limitation Act, 1980.
Retained for significant projects and annual budgets. Not ad hoc calculations The annual accounts analyse income and therefore there is record of funding data. A better record is signed SLAs which we do not have for the last 6 years. We do for the last 3 years. This is unlikely to be rectified however action in place to ensure compliance The Limitation Act, 1980 The Limitation Act, 1980
Originals are sent to NHS Pensions Agency. These records are not held by the Trust.
10 6 6 10 years after termination of employment
PURCHASING / SUPPLIES Approved Suppliers Lists West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
11
Consumer Protection Act 1987 Page 26 of 34 This is version R9/07 - April 2014
Description of Record Contracts - non sealed on termination Contracts – sealed Delivery Notes Stores Records - major (stores ledgers etc.) Stores Records - minor (requisitions, issue notes, transfer vouchers, goods received books etc.) Supplies records - minor (e.g. invitations to tender and inadmissible tenders, routine papers relating to catering and demands for furniture, equipment, stationery and other supplies) Tenders (successful) Tenders (unsuccessful)
Retention (Years) 6 Minimum of 15 years, which they should be reviewed 2 6
Notes The Limitation Act, 1980 Fully documented records stored appropriately since June 1998.
1.5
1.5 Tender period plus 6 year limitation period 6
See Contracts The Limitation Act, 1980
IM&T
Documentation relating to computer programmes written in-house
Lifetime of software
Software licenses
Lifetime of software
The only areas of relevance are for the Exchange (applications) and the data warehouse (extraction programmes). In both of these we are Compliant and maintain documentation during the lifetime of the software application.
PERSONNEL/HUMAN RESOURCES
Personnel / Human Resources records – major (e.g. Personal files, letters of appointment, contracts references & related correspondence)
6
Personnel / Human Resources records – minor (e.g. attendance books, annual leave records, duty rosters, clock cards, timesheets)
2
Job Advertisements COSHH Records (Control of Substances Hazardous to Health) West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
1 Minimum of 40 years from date of last entry
The files are kept for a period of 6 years from the date the employee leaves the Trust. There is currently no system in place to destroy the records after expiry of the retention period. We are currently looking at the location and maintenance of our archives, and will address this issue as part of this review. The HR Department does not retain information relating to rosters, timesheets, and annual leave records; these are held by line managers. The Payroll Department processes timesheets and will therefore hold records of these Retained with personnel file Retained with Occupational Health Records Page 27 of 34 This is version R9/07 - April 2014
Description of Record Job Applications (following termination of employment) Job Applications (unsuccessful) Job Descriptions (following termination of employment) Leavers Dossiers (provided summary retained) Nurse Training Records Study Leave Applications
Retention (Years)
Notes
3
Retained with personnel file
1 3
Retained with personnel file
6 30 5
Retained with personnel file
OTHER Photographs (non-clinical)
Lifetime of subject.
Research and Development (Scientific, Technological and Medical) (see also health records retention schedule
30 years
Social Care Records
Retain for period appropriate to the speciality
Staff Parking Permits
3
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 28 of 34 This is version R9/07 - April 2014
Appendix 4 - Guidance for the Classification Marking of NHS Information This NHS Information Governance (IG) guidance is provided as good practice for NHS organisations of all types to consider in marking the records for which they are responsible. It is applicable to both information recorded on paper and that processed electronically including printouts, reports etc. Through the application of this guidance, NHS organisations should be able to further demonstrate the effectiveness of their local IG practices. This guidance should be considered alongside other published NHS IG Codes of Practice and guidance for Confidentiality, Records Management, Information Security Management, Legal and Professional obligations. These are currently available for download through the Department of Health website at www.dh.gov.uk. Further NHS IG guidance is also available through the www.igt.connectingforhealth.nhs.uk website.
Introduction: There has previously been no single or consistent system of classification marking of information within the NHS. Many NHS bodies have adopted their own classification schemes and this can cause confusion when organisations merge or where information is shared between organisations. This is particularly marked where, as in the case of, for example, NHS and Social Care organisations, there may be a need for common assurances in information partnerships. There is also danger of a lack of consistency in data handling and retention practice when information is shared with non-NHS bodies that relate to several NHS organisations. The lack of a single coherent system also hampers the development of appropriate IT system protocols for the NHS. Background and classification scheme outline: This guidance paper sets out a proposed simple scheme of classification relevant to the needs of NHS organisations and for the common benefit of all. It is similar to that used in central Government and other public sector organisations but takes account of important differences in the nature of NHS business activity and the kind of information used between the NHS and other public sector environments. Equally, the NHS does not have a requirement for the full range of protective markings used in Government. For example, central Government uses six categories of information classification, two of which - Secret and Top Secret - are, usually, only relevant to a very limited number of very serious situations involving national security and economic stability). The others are Confidential, Restricted, Protect and Unclassified. These are more relevant within an NHS context and are terms that were considered in developing this classification guidance. Categories proposed for use are prefixed “NHS” to indicate their relevance to a particular environment. NHS information that has no classification requirement should be considered Unclassified and may optionally be marked as such.
NHS Confidential: In Government, the marking “Confidential” would, for example, denote information that could undermine the viability of national organisations, damage security operations or national West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 29 of 34 This is version R9/07 - April 2014
finances or economic and commercial interests. These considerations are unlikely to apply in an NHS context. But within the NHS it is generally recognised, and there is a substantial body of case law that requires, that person-identifiable clinical information should always be held confidentially (Confidentiality: NHS Code of Practice). Therefore, the marking NHS CONFIDENTIAL should be used for that kind of information (e.g. patients’ clinical records, patient identifiable clinical information, and information about NHS staff that passes between NHS staff, and between NHS staff and staff of other appropriate agencies). This will include patient demographic details that might identify people who have had a GP contact/hospital appointment within a particular timeframe or who may have a particular condition. (NOTE: In order to safeguard confidentiality, the term “NHS Confidential” should never be used on correspondence to a patient.) The endorsement NHS CONFIDENTIAL should be included at the top centre of every page of the document. Documents so marked should be held securely at all times. That is, they should be stored in a locked room or equivalently within secured electronic systems to which only authorised persons have access. They should not be unattended at any time in any place where unauthorised persons might gain access to them. They should be transported securely in sealed containers and not unattended at any stage. Documents marked NHS CONFIDENTIAL not in a safe store or transport should be kept out of sight of visitors or others not authorised to view them. Please also see the related NHS Information Governance ‘Controls guidance for NHS information’ and other guidance relating to the handling and protection of NHS patient information contained on the IG website. Other uses of NHS Confidential: The endorsement NHS CONFIDENTIAL should also be used to mark all other sensitive information. That is, material the disclosure of which is likely to: adversely affect the reputation of the organisation or it’s officers or cause substantial distress to individuals; make it more difficult to maintain the operational effectiveness of the organisation; cause financial loss or loss of earning potential, or facilitate improper gain or disadvantage for individuals or organisations; prejudice the investigation, or facilitate the commission of crime or other illegal activity; breach proper undertakings to maintain the confidence of information provided by third parties or impede the effective development or operation of policies; breach statutory restrictions on disclosure of information; disadvantage the organisation in commercial or policy negotiations with others or undermine the proper management of the organisation and its operations. A paper, printout or report etc marked NHS CONFIDENTIAL may also be endorsed with a suitable descriptor indicating the reason for the classification eg. ‘NHS CONFIDENTIAL – PATIENT INFORMATION’ or ‘NHS CONFIDENTIAL – COMMERCIAL’. A list of the relevant descriptors is included in Table 1 (ANNEX). The endorsement should be included at the top centre on every page of the document. NHS CONFIDENTIAL documents should be stored in lockable cabinets or equivalently secured electronic systems. Please also see the related NHS Information Governance ‘Controls guidance for NHS information’. Information may be classified NHS CONFIDENTIAL in the light of the circumstances at a particular time. The classification should be kept under review and the information deWest London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 30 of 34 This is version R9/07 - April 2014
classified when the need for this protection no longer applies. NHS use of an equivalent classification for “Restricted” is unnecessary when NHS CONFIDENTIAL is used.
NHS Protect In Government a new marking of “PROTECT” was recently introduced. This discretional marking may be used in order to avoid unauthorised access to information. It establishes basic principles to handle with care, take relevant precautions and dispose of properly. In the NHS context, it is therefore possible for NHS organisations to adopt and use an equivalent NHS PROTECT marking, with or without descriptors, for information that requires protection below that of NHS CONFIDENTIAL and where care in handling is still necessary. NHS organisations that choose to adopt NHS PROTECT must therefore ensure their staff and business partners are aware of the different expectations and arrangements that apply for the protection and assurance of NHS CONFIDENTIAL and NHS PROTECT marked information.
Freedom of Information: When classifying NHS documents regard should be paid to the requirements of the Freedom of Information Act 2000. Careful consideration should be given before marking documents that would normally be published or disclosed on request. Over-classification might lead to an inappropriate decision not to disclose information that would later be embarrassing to the organisation (for example, where there was an appeal against non-disclosure or the Information Commissioner became involved). Protective markings should wherever possible be restricted to information that would be exempt from disclosure, including temporary exemption, such as that for drafts of documents that are intended for publication. A note of the exemptions that might be relevant to the protective markings is included in Table 2 (ANNEX). However, nothing in this guidance should be taken as authoritative advice on the operation of the Freedom of Information Act. Further information about the Act and its exemptions (including the application of the “public interest” test) is available on the website of the Information Commissioner (www.informationcommissioner.gov.uk).]
Digital Information Policy Department of Health January 2009
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 31 of 34 This is version R9/07 - April 2014
Appendix 4 ANNEX Classification of NHS Information - Marking Guidance for NHS Organisations NHS CONFIDENTIAL - appropriate to paper and electronic documents and files containing person-identifiable clinical or NHS staff information and other sensitive information. NHS PROTECT – Discretionary marking that may be used for information classified below NHS Confidential but requiring care in handling. Descriptors may also be used as required..
Table 1 – Descriptors that may be used with “NHS CONFIDENTIAL” or “NHS PROTECT” marking Category
Definition
Appointments
Concerning actual or potential appointments not yet announced.
Barred
Where there is a statutory (Act of Parliament or European Law) prohibition on disclosure, or disclosure would constitute a contempt of Court (information the subject of a court order).
Board
Documents for consideration by an organisation’s Board of Directors, initially, in private. (Note: This category is not appropriate to a document that could be categorised in some other way.)
Commercial
Where disclosure would be likely to damage a (third party) commercial undertaking's processes or affairs.
Contracts
Concerning tenders under consideration and the terms of tenders accepted.
For Publication
Where it is planned that the information in the completed document will be published at a future (even if not yet determined) date.
Management
Concerning policy and planning affecting the interests of groups of staff. (Note: Likely to be exempt only in respect of some health and safety issues.)
Patient Information
Concerning identifiable information about patients
Personal
Concerning matters personal to the sender and/or recipient.
Policy
Issues of approach or direction on which the organisation needs to take a decision (often information that will later be published).
Proceedings
The information is (or may become) the subject of, or concerned in a legal action or investigation.
Staff
Concerning identifiable information about staff
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 32 of 34 This is version R9/07 - April 2014
Table 2 - Freedom of Information Act Exemptions Possible Exemption [section(s) of the FOI Act] Category Appointments
S 40
Personal information (may be subject to a public interest test)
Barred
S 44
Legal prohibitions on disclosure
Commercial
S 43
Commercial interests (subject to a public interest test)
Contracts
S 43
Commercial interests (public interest test)
For Publication
S 22
For future publication (public interest test)
Management
S 38
Endanger health and safety (public interest test)
Personal
S 40
Personal Information (may be subject to public interest test)
Policy
S 22
For future publication (public interest test)
Proceedings
S 30
Investigations and proceedings
S 31
Law enforcement
Board
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
Page 33 of 34 This is version R9/07 - April 2014
APPENDIX 5
MONITORING FORM
R9 – Records Management Policy
POLICY / PROCEDURE:
MONITORING TEMPLATE
Minimum Requirement to be Monitored
Where Described in the Policy
WHO (which staff / team / dept)
Access to Records
Sections.11 & 17
IAO
Destruction of Hard Copy Records
Sections. 15 and 17
Central Records Manager/IAO
Sections14 & 17
Central Records Manager/IAS/SIRO
Sections 15 and 17
Central Records Manager/IAO
End of life Records Review of Retention/ disposal of Scanned Records
West London Mental Health NHS Trust Policy R9 - First date of issue: February 2008
HOW MONITORED (Audit / process / report / scorecard) - list details Audit Function in EDMS Report received from Central Archive Report from EDMS and Central Archive List of scanned records from Central Archive
HOW MANY RECORDS (No of records / % records)
FREQUENCY (monthly / quarterly / annual)
REVIEW GROUP (which meeting / committee)
OUTCOME OF REVIEW / ACTION TAKEN (Action plan / escalate to higher meeting)
Up to 15% of users in Service
Quarterly and as required
ISO with Service Management
Escalated to SIRO if issues found
Quarterly
IAO/SIRO
Escalated to TRIGG and/or CTOG
6 Monthly
IAO/SIRO
Escalated to TRIGG and/or CTOG
6 Monthly
Central Records Manager/IAS
All Records to be destroyed All records reaching end of life in period All scanned records in period
Page 34 of 34 This is version R9/07 - April 2014
Escalated SIRO if issues