Standard Operating Procedure Template Title of Standard Operation Procedure:
Corporate Records Management Procedure (to be read in conjunction with the Records Management Policy)
Reference Number: IG/CRM
Version No: 02
Supercedes
Versions No: 01
Amendments Made:
Complete re-write
Issue Date:
Review Date: 15.10.17
Purpose and Background
The records management function is a corporate responsibility. This procedure provides a managerial focus for corporate records (as distinct from Clinical Records which are the subject of a separate policy) of all types, in all formats, throughout their life cycle. It provides clearly defined responsibilities and objectives with regard to the Trust’s corporate records.
Scope (i.e. organisational responsibility) Vital functions affected by this procedure:
All staff with responsibility for the creation, use and management of corporate records
Monitoring Compliance Requirement to be monitored. Must include all requirements within NHS LA Standards
Process to be used for monitoring e.g. audit
Responsible individual/ committee for carrying out monitoring
Frequency of monitoring
Responsible individual/ committee for reviewing the results
Responsible individual/ committee for developing action plan
Responsible individual / committee for monitoring action plan
Comprehensive evidence held to demonstrate compliance against all requirements
Regular audits to be undertaken
Information Governance Manager/IG& RMG
According to the Corporate Records Audit Plan
Information Governance & Records Management Group
Information Governance Manager
Information Governance & Records Management Group
Escalations (if you require any further clarification regarding this procedure please contact):
Committees / Group
Date
Consultation:
Information Governance & Records Management Group
15.10.15
Approval Committee
Information Governance & Records Management Group
15.10.15
Ratified by Committee:
Information Governance & Records Management Group Internet/intranet (infonet)
15.10.15
Received for information:
Corporate Records SOP October 2015
15.10.15
Guidance The records held, created and maintained by East Cheshire NHS Trust offer an organisational memory, providing evidence of actions and decisions, and represent a vital asset to support the Trusts daily functions and operations. A record is defined as “information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business.” (BS ISO 15489: 2001). This document applies to all records held and created by the Trust, held in any format, (including hard copy as well as electronic and digital formats on magnetic, digital, photographic and optical media) by staff of the Trust in the course of carrying out the functions of the Trust. This procedure does not apply to copies of documents published by other organisations that are kept for reference purposes only.
Records Management Programme The Information Governance Officer will facilitate the development of a co-ordinated records management programme to ensure that the characteristics of records are maintained throughout their lifecycle and that records are credible and authoritative and working towards the following principles of good records management. Authenticity It must be possible to prove that records are what they purport to be, that their integrity is demonstrably intact, and it must be possible to identify who created them. Where information is added, an audit trail of the added information will be created. Accuracy Records will accurately reflect the transactions that they represent. Integrity Records will be securely maintained to prevent unauthorised access, alteration, damage or removal and will be stored in secure environments at all times. Where records are migrated across changes in technology, the Trust will ensure that the evidence preserved remains authentic and accurate. Usability Records will be readily available and sufficient in content, context and structure to provide sufficient authenticated evidence of the relevant activities and transactions. This includes the accessibility and use of electronic records for as long as required (which may include their migration, transfer or emulation across systems); and the ability to cross reference electronic records to their paper counterparts in a hybrid environment.
Record Creation
Corporate Records SOP October 2015
Each Service Line, department and section will have in place an adequate system for documenting its activities. This system will take into account the legislative and regulatory environments in which the Trust works. The Trust will work towards having in place controls to ensure the record is created on the appropriate form or database etc. and is assigned a relevant name (see Appendix 1 naming conventions below).
Registration (Use of the Off-site Storage Facilities) The Information Governance Officer and Health Records Library staff will identify, monitor and action those records that are appropriate for registering, remaining on the registers (filetracking system), and those that are not. Where action on a registered file has been completed, or has been for the time being, the file must remain in safe storage until such time the file becomes active again or is reviewed and in due course, appropriately disposed of. If a record due for destruction is known to be the subject of a request for information, destruction should be delayed until disclosure has taken place or, if the Trust has decided not to disclose the information, until the complaint and appeal provisions of the Freedom of Information Act (FoIA) 2000 or other relevant legal causes have been exhausted. The Information Governance Officer will be responsible for all files/document registration activity including alterations and destructions/disposal. The Information Governance Officer will be responsible for assisting in conducting annual reviews and evaluations of their systems registers to ensure accuracy and completeness. The Information Governance Officer will be responsible for ensuring that all registered files are available for those with authorised access. The Information Governance Officer will be responsible for ensuring that files remain on the register in line with the Department of Health Records Management code of practice. The Information Governance Officer will be responsible for ensuring that files and records held within the registry are stored appropriately.
Classification Classifying information is a vital discipline. Good practice dictates a functional rather than an organisational structural approach. At the top level the classes cover the key functions for which the organisation is responsible. Below that are the activities that define each function and the transactions or processes that comprise them. The Trust is working towards a records’ classification system based on the business activities which generate records, whereby they are categorised in a systematic and consistent way to facilitate: Linkage between individual records that accrue to provide a continuous record of activity; Retrieval of all records relating to a particular function or activity; Assessment of security protection and appropriate access for sets of records; Distribution of responsibility for management of particular sets of records; Evaluation of appropriate retention periods and disposition actions for records.
Corporate Records SOP October 2015
Indexing/Referencing The function of an index or referencing system is to provide the user with an efficient means of tracing and finding information. The Trust will implement an indexing/referencing system that enables the user to: Immediately establish the presence or absence of information on a given subject; Identify and locate relevant information within a set of records; Group together information on subjects.
Metadata (data about data!) As well as the content, the record will contain, be linked to, or associated with, metadata – descriptive and technical documentation about the file or document such as: How, when, and by whom it was received, created, accessed, and/or modified and how it is formatted; Intended disposal of electronic records should be included in the metadata when the record is created; The Trust metadata standard will be reviewed on an annual basis.
Records Maintenance and Storage The tracking (movement and location of records) will be overseen by the Information Governance Officer to ensure that any record can be: Easily retrieved at any time; And that there is an auditable trail of record transactions. The Information Governance Officer will ensure appropriate environmental controls are provided for current records to prevent damage to the records. The Information Governance Officer will ensure equipment and facilities used for current records storage is fit for purpose and safe from unauthorised access, meeting fire regulations and providing reasonable protection from water, rodent or other damage, at the same time permitting maximum approved accessibility to the information, commensurate with its frequency of use. When records are no longer required for the conduct of current business, responsibility for their placement in the designated records storage location will lie with the Information Governance Officer. A business continuity plan will be in place to provide protection for records which are vital to the continued functioning of the Trust. The above criteria will be met by full record appraisals which will be carried out every three years.
Review, Retention and Disposal The Trust will implement controls and procedures in line with legislative and operational governance including Data Protection Act 1998; Freedom of Information Act 2000; Limitation Act 1980; Criminal Procedures Investigation Act 1996; and the NHS Code of Practice for Records Management.
Corporate Records SOP October 2015
To effectively manage risk the Trust will have in place standard procedures, the NHS Retention Schedule and the procedure for the off-site storage of records and documents, for reviewing records and making informed, accountable decisions about their retention or disposal including destruction/disposal as follows: Records should be retained for as long as they are required and until their scheduled disposal, according to their operational, legal, administrative and historical evaluation; Once the decision is made for destruction/disposal of records they should be destroyed/deleted in a secure manner as necessary for the level of confidentiality or security markings they bear. A record of the destruction/disposal of physical records, showing their reference, description and date of destruction/disposal should be maintained and preserved. Disposal and archiving of records will be in line with the NHS Retention Schedule. Records must be destroyed/deleted in such a way that the information they contain cannot be re-constituted by any commonly known or practised methods; Retain electronic records on media that permit reliable access and data migration and/or system modifications. Ensure that all records irrespective of their format of creation remain accessible up to the point of disposal by maintaining an effective means of accurately reproducing any record in a timely way without compromising them. Review procedures will ensure that information held by the Trust is held lawfully. They will also prevent the Trust from being overloaded by the volume of information captured and recorded.
Retention and Disposal Schedules The NHS retention schedules set out the review, retention and disposal periods for records held by the Trust in line with legal and operational requirements. It will be the responsibility of the Information Governance Officer to regularly review retention periods ensuring a consistent business need for those records and documents that are not listed on the national schedule.
Access and Security (Records Held Electronically) The legal and business environment in which the Trust operates establishes broad principles on access rights, conditions and restrictions. All staff have a responsibility to ensure that records are classified and handled in accordance with this environment and are protected from unauthorised disclosure. The data controller and Information Asset Owners will assign individuals access status in accordance with the Trust Information Security Policy. The monitoring and mapping of user permissions and functional job responsibilities is a continual process, as defined in the Information Security Policy.
Training The Trust will ensure all staff receive appropriate and timely training based on training needs analysis, using appropriate training products. A Trust training needs analysis will be conducted at regular and appropriate intervals according to need. The Information Governance Officer will assist in conducting and recommending records management training needs analysis for each business area. Corporate Records SOP October 2015
If it is identified that records management training is required, the Information Governance Officer will be responsible for co-ordinating, reviewing and record training activities and providing the training.
Audit and Compliance Where an internal Trust audit or quality assurance review is conducted, compliance with the Trust records management policy and guidance will be included as an integral part of the review process. The Information Governance team will have responsibility for auditing and ensuring compliance. The British Standards Institute document Principles of Good Practice for Information Management (PD0010) recommends audits at predetermined intervals. Audit trails will be provided for all records and documents. They should be kept securely and should be available for inspection by authorised personnel. Audit trails will be managed since they may be of critical importance to the organisation. Claims of compliance may be discredited if the audit trail is not treated correctly and cannot be interpreted unambiguously. The audit trail will be secure. If an audit record can be maliciously or inadvertently altered then the whole audit trail may be discredited. The audit trail will include a record of all relevant occurrences. If any significant occurrence is not audited, then the whole audit trail can be discredited and as a direct result all or any information held within the system will also be able to be discredited. For all audit trail data, it will be possible to identify the processes, enabling technology and individuals involved and the time and date of the event.
Corporate Records SOP October 2015
Appendix 1 Guidelines for Naming Electronic Documents Held on Network Drives
1 : Make file names short and clear File names need to be kept as short as possible. Clarity is never provided by the use of non-standard abbreviations, codes or acronyms that will mean nothing to anyone outside the team, or even within the team in 3 or 4 years time.
2 : Avoid repetition and redundancy in file names Redundancy and repetition always increase the length of file names and file paths. A file name should not contain information that is already present in the folder in which it is filed, for example:Sub-folder \Information Governance
File Name \NamingConventionsElectronicRecordsMay20 10.doc
Bad
\Information Governance
\20100513ElectronicRecords.doc
Good
Some words will add length to a file name without contributing to its meaning such as ‘a’, ‘and’, ‘the’ which can be removed from a file name when the name still remains meaningful within the context of the file directory. Sometimes documents such as MG forms that do have standard abbreviations are acceptable to use in the filename e.g. 20100518MG11SmithJ.doc.
3 : Avoid spaces and underscores in file names Some software packages have difficulty in recognising file names that contain spaces. The best solution is to create a file name with no spaces and use initial capital letters to donate the words. If using an acronym put the whole acronym in capital letters. Folder \Information Governance
Sub-folder \RequestTracking
\Information Governance
\RequestTracking
File Name \Freedom of Information Request for John Smith June 2009 \20090611SmithJFOI \20090611SmithJMG11
Bad
Good
4 : Use numbers in file names When including a number in a file name always give it a two-digit number, unless it is a year or another number with more than two digits. The file directory always displays file names in alphanumeric order. To maintain the numeric order in cases where the file names include numbers it is important to include the zero for numbers 0-9. In this way the files will display in the correct numerical order.
Corporate Records SOP October 2015
Electronic systems file in strict numerical order so all the numbers beginning with ‘1’ will file before all the numbers beginning with ‘2’ etc. Putting in leading zeros ensures the numbers will display in the correct numerical order. Folder \Information Governance \Information Governance
Sub-folder File Name \RequestTracking \Document 1 \Document 10 \Document 11 \RequestTracking \Document01 \Document02 \Document03
Bad
Good
5 : Using dates If using a date in a filename, always state the date in a ‘back-to-front’ format, and always use four digit years, two digit months and two digit days e.g. YYYYMMDD, YYYYMM or YYYY or YYYY-YYYY. The ‘back-to-front’ format means that the chronological order of the records is maintained in the file directory and this assists when trying to find a document with a specific date or the latest dated document.
Sub-folder \Information Governance \Information Governance
File Name \Freedom of Information Request for John Smith 11th June 2009 \20090611SmithJFOI
Bad Good
6 : Using personal or business names in file names When including a personal name in a file name always give the surname first followed by the initials. When including a business name use the most commonly used, appropriate business name or abbreviation. Folder \Information Governance
Sub-folder \RequestTracking
\Information Governance
\RequestTracking
File Name \Freedom of Information Request for Mr. John Smith June 2009 \20090611SmithJFOI
Bad
Good
Consistency ensures that information is accessible and retrievable to everyone who needs it.
7 : Words to avoid using at the start of file names Avoid using words like ‘draft’, ‘memo’ at the start of file names. Using descriptive generic terms at the start of the file names means that all such documents will appear together in the file directory which will make it much more difficult to retrieve the documents you are looking for.
Corporate Records SOP October 2015
Folder \Information Governance \Information Governance
Sub-folder File Name \RetentionSchedules \Draft MOPI Retention Schedule Version 1.doc \RetentionSchedules \MOPIV01Draft.doc
Bad Good
8 : Determine the order of the elements of a file name Order the elements in a file name in the most appropriate way to retrieve the record. How this will be implemented depends on the way you or the team work. For example, if the records are usually retrieved according to their date, then the date element should appear first. If, on the other hand, the records are retrieved by their subject, the subject description should be first. The names of records relating to recurring events (e.g. agendas and minutes of meetings) need to include the date and the event names/description in order for the record to be identified and retrieved. For example, two different departments may both have files relating to regular meetings but for one department the meetings are a key area of their work, whilst for the other they are more peripheral. The below may be right for the department who hold lots of meetings on different topics…:Folder
Sub-folder
\Information Governance
\Meetings
Subsubfolder \HRMG \IGRM \DQ
File Name
\2010412Minutes \2010302Minutes \20091212Minutes
Good
….but for the other department a single folder with meetings arranged by topic may be more appropriate i.e. Folder \Information Governance
Sub-folder \Meetings
File Name \2010412MinutesHRMG \2010302MinutesIGRM \20091212MinutesDQ
Good
9 : Naming correspondence records The file names of correspondence need to include the name of the correspondent (either the name of the person who sent the correspondence) or the recipient (the name of the person to whom you sent to correspondence) and not your name. If it is incoming correspondence include the standard abbreviation ‘rcvd’. Provide an indication of the subject unless it is already stated in the folder title and include the sent or received date. Folder \Information
Sub-folder \Letters
Corporate Records SOP October 2015
File Name \Letter from Joe Smith 12th
Bad
Governance \Information Governance
\Letters
December 2005 \SmithJBrcvd20051212
Good
10 : Applying version numbers and draft status The version number of a document should be indicated in its file name by the inclusion of the letter ‘V’ followed by the version number and, if applicable, ‘Draft’ or ‘Final’. A two-tiered numbering system is the standard: for example, 1.0 and 2.3. A major change requires an increase before the point, while a minor change means an increase in the number after the point. Version 1.0 is the first draft of a document that the author has sent out for comment or discussion It is always important to differentiate between various drafts of a document by giving each draft its own number. If a version number is applicable, it should always appear in the file name of the record so that the most recent version can be readily identified. File Name \IG Workbook Version 3
Bad
\IG Workbook V3.0
Good
Corporate Records SOP October 2015
