1.
1. Introduction
Records Management is the process by which an organisation manages all the aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through to their lifecycle to their eventual disposal.
The Records Management: NHS Code of Practice has been published by the Department of Health as a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice.
The purpose of this policy is to actively encourage and support BrisDoc and define the process for excellent record keeping, both in its clinical and non-clinical environments. Good record keeping is essential in every aspect of BrisDoc function.
In the clinical setting, it helps protect the welfare of patients (especially vulnerable adults and children) and promotes best-practice from each healthcare practitioner. Within the non-clinical setting, it is essential in making sure BrisDoc adopts the highest business standards, and maintains a professional approach and appearance. It is also invaluable in ensuring the smooth-running of BrisDoc on a day-to-day basis.
In both environments there are a number of legal responsibilities which must be adhered to, particularly in relation to length of time for keeping records.
2. Scope and Definitions
This policy relates to all clinical and non-clinical operational records held in any format by BrisDoc. These include:
- all administrative records (e.g. personnel, estates, financial and accounting records, notes associated with complaints)
- all patient health records
Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of BrisDoc and preserving an appropriate historical record. The key components of records management are:
- record creation
- record keeping
- record maintenance (including tracking of record movements)
- access and disclosure
- closure and transfer
- appraisal
- archiving
- disposal
Records Life Cycle describes the life of a record from its creation/receipt through the period of its ‘active’ use, then into a period of ‘inactive’ retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation.
Records are defined as ‘recorded information, in any form, created or received and maintained by BrisDoc in the transaction of its business or conduct of affairs and kept as evidence of such activity’.
Information is a corporate asset. BrisDocs records are important sources of administrative, evidential and historical information. They are vital to BrisDoc to support its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability, and for an awareness and understanding of its history and procedures.
BrisDoc’s Intent is that the highest standards of record keeping will be upheld within BrisDoc at all times, and that all legal requirements with regard to record retention time-periods and manner of storage are adhered to.
3. Types of Records Used
The following record types are kept at the Head Office Osprey Court:
- Staff contact details
- Training records
- Confidential pay / tax information
- CRB forms
- Financial records
- Diaries
- E-mails and text messages hosted on NHSMail or BrisDocs hosted exchange server
- Information Governance information
- Health records accessed on hosted central server by Adastra
- Voice Recordings
The following record types are held or accessed at our Clinical Assessment Service, Face to Face Treatment Centers and home visiting cars.
- Health records accessed on hosted central server by Adastra
- Voice Recordings
- Diaries/Appointment Books
- E-mails and text messages hosted on NHSMail or BrisDocs hosted exchange server
- Operational Procedures
The following record types are kept or accessed at the GP Support Unit:
- Health records held on a hosted central server by Adastra
- X-rays and scans
- Server and PC hard drives
- Administrative and accounting records
- Diaries
- E-mails and text messages
The following record types are kept at our Practices:
- Health records held on a hosted central server by EMIS
- X-rays and scans
- Photographs, slides and other images
- Server and PC hard drives
- Administrative and accounting records
- Diaries/Appointment Books
- Voice Recordings
- E-mails and text messages
4. Aims of the Records Management System
The aims of our Records Management System are to ensure that:
- records are available when needed – from which BrisDoc is able to form a reconstruction of activities or events that have taken place
- records can be accessed – records and the information within them can be located and displayed in a way consistent with its initial use, and that the current version is identified where multiple versions exist
- records can be interpreted – the context of the record can be interpreted: who created or added to the record and when, during which business process, and how the record is related to other records
- records can be trusted – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated
- records can be maintained through time – the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format
- records are secure – from unauthorised or inadvertent alteration or erasure, that access and disclosure are properly controlled and audit trails will track all use and changes. To ensure that records are held in a robust format which remains readable for as long as records are required
- records are retained and disposed of appropriately – using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value
- staff are trained – so that all staff are made aware of their responsibilities for record-keeping and record management.
5. Roles and Responsibilities
Managing Director/SIRO, has overall responsibility for records management in BrisDoc. As accountable officer he is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as It will ensure appropriate, accurate information is available as required and ensuring that BrisDoc meets its legal responsibilities, and for the adoption of internal and external governance requirements.
Caldicott Guardian, has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.
Data Protection Officer, will inform and advise on the organisation’s and employees’ obligations under the data protection regime. They also monitor for compliance with the obligations of the data protection regime, including policies, assignment of responsibilities, awareness raising, and training of staff.
Information Governance Board is responsible for ensuring that this policy is implemented, through the Records Management Strategy, and that the records management system and processes are developed, co-ordinated and monitored.
Information Governance Board the responsibility for local records management is devolved to the relevant service managers and operational leads. Service Managers and Operational leads have overall responsibility for the management of records generated by their activities, i.e. for ensuring that records controlled within their area are managed in a way which meets the aims of BrisDoc’s records management policy.
Information Governance Board has responsibility for record keeping and ensuring that the requirements with regard to new legislation, training of staff and improvements in best-practice are incorporated and maintained in conjunction with the service managers and operational leads.
All Staff, whether clinical or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work in BrisDoc and manage those records in keeping with this policy and with any guidance subsequently produced.
6. Legal and Professional Obligations
All NHS records are Public Records under the Public Records Acts. BrisDoc will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular:
- The Public Records Act 1958;
- The Data Protection Act 2018 implementing GDPR;
- The Freedom of Information Act 2000;
- The Common Law Duty of Confidentiality; and
- The NHS Confidentiality Code of Practice.
- Records Management Code of Practice 2021
and any new legislation affecting records management as it arises.
7. Register Records
BrisDoc will establish and maintain a register of records that services and operational areas are maintaining. The Records Register is held as a part of the Information Asset Register and is maintained by the IAO, in conjunction with the service managers and operational leads. The register will be reviewed annually. The register identifies for each record/information asset
- Department owning the asset
- Information Asset Description – (note format and system name where appropriate)
- BrisDoc Internal of Externally Controlled System
- Access Controls
- Anti-Virus Model
- Security Updates
- Supports the following activity (note types of data):
- Asset Owner
- Supplier
- Unavailable up to 3 hours
- Unavailable 1 day
- Unavailable 3 days
- Unavailable 1 week
- Local preventative measures (Backup & Recovery Model, Business Continuity)
- Do you have any storage backup issues with regard to saving to networks?
- Action Required
- Threat Source
- Threat Actors
- Risk Assessment Likelihood/ Impact/ Assessment
- Risk Treatment
- Duplicates Of Record Held
- Does the Record Include Personal Data
- No Of Records Held
- Is there a register/index for the records
- How Long Must the Record be kept
- What action is to be taken when the retention period is exceeded
- Notes
8. Retention and Disposal Schedules
BrisDoc has adopted the retention periods set out in the Records Management Code of Practice 2021. The retention schedule will be reviewed annually. See Appendix A & B.
9. Records Management Systems Audit
BrisDoc will annually audit its records management practices for compliance with this policy.
The audit will:
- Identify areas of operation that are covered by BrisDocs policies and identify which procedures and/or guidance should comply with the policy
- Follow a mechanism for adapting the policy to cover missing areas if these are critical to the creation and use of records, and use a subsidiary development plan if there are major changes to be made
- Set and maintain standards by implementing new procedures, including obtaining feedback where the procedures do not match the desired levels of performance
- Highlight where non-conformance to the procedures is occurring and suggest a tightening of controls and adjustment to related procedures.
- Review the Information Asset Register and add or amend as required.
The responsibility of performing the audit will be agreed and assigned by the Information Governance Board. The results of audits will be reported to the Information Governance Board.
Information Quality Assurance
BrisDoc staff will receive regular training updates with regard to records management and information quality. This includes all aspects of record creation, use and maintenance, covering the following points:
- What information should be recorded and in what manner
- Why this is being done
- Ensure information from patients or carers is cross-referenced with other available records to ensure accuracy
- How to identify and correct errors, and report those errors found
- What records are being used for (this will help them understand which are the most important aspects of the information they are recording and ensure they are included)
- How information should be updated and how information from other sources can be included.
The BrisDoc Audit Framework for Call Handlers in Integrated Urgent Care is used to review and manage operational staff, the Clinical Governance Team review and manage the Clinical Team for data completeness and quality using the Clinical Guardian tool and Clinical Guardian review process.
Data Quality
A vast amount of data is recorded when caring for patients in our services. Having accurate, relevant information that is accessible at the appropriate times is essential to each and every health management or business decision and to the success of the service provided. With this in mind, it is essential that all employees of BrisDoc recognise the importance of data quality and their responsibilities in this area.
- Data quality is everyone’s responsibility and can negatively impact patient care and the finances of BrisDoc.
- Errors in data shall be corrected at source, normally by the staff responsible for the original data entry.
- Information Asset Owners must ensure a System Specific Information Policy is in place for their electronic system.
- The NHS number is the only way of identifying patients across systems, and BrisDoc is committed to using this in all patient systems where it is available.
- The Data Protection Act requires that “personal data shall be accurate and, where necessary, kept up to date.
- From 25 May 2018 the Data Protection Legislation in the UK incorporates the EU General Data Protection Regulations. As well as outlining 6 principles of data protection, the new legislation contains a new principle of accountability for data controllers and processors and introduces new rights for data subjects, one of which is the right to have incorrect personal data amended.
- Quality information will help reduce unnecessary Subject Rights Requests to alter incorrect personal data
Data Standards
The standards for good data quality are reflected in the criteria below. Data needs to be:
- Complete (in terms of having been captured in full)
- Accurate (the proximity of the data to the exact or true values)
- Relevant (the degree to which the data meets current and potential user’s needs)
- Accessible (data must be retrievable in order to be used and in order to assess its quality)
- Timely (recorded and available as soon after the event as possible)
- Valid (within an agreed format which conforms to recognised standards)
- Defined (understood by all staff who need to know and reflected in procedural documents)
- Appropriately sought (in terms of being collected or checked with the patient during a period of care)
- Appropriately recorded (in both paper and electronic records)
- Processed in accordance with any existing data sharing agreement or data processing agreement
The use of data standards within systems can greatly improve data quality. These can be incorporated into systems either using electronic validation programmes which are conformant with NHS standards, e.g. drop down menus, or manually generated lists for services that do not yet have computer facilities. Either method requires the list to be generated from nationally or locally agreed standards and definitions, e.g. for GP practice codes, ethnicity, etc. These must be controlled, maintained and updated in accordance with any changes that may occur, and in addition electronic validation programmes must not be switched off or overridden by operational staff.
Record Keeping
Effective and accurate record keeping is made as a direct result of knowledge of the type of records held at BrisDoc, where they are stored, and their relationship to service or operational area function.
All record keeping systems will contain descriptive and / or technical documentation to enable efficient operation of the system and ensure that records are easily understood.
Systems, whether electronic or printed format, will include simple rule-sets for referencing, cross-referencing, indexing and, where necessary, protective marking as required.
Record Maintenance
The movement and location of records will be controlled to ensure that a record can be easily retrieved at any time, that any outstanding actions can be dealt with, and that there is an auditable trail of record transactions.
Storage areas for current records should be clean and tidy; the layout of which should be designed to help prevent damage to the records and should provide a safe working environment for BrisDoc staff, where possible.
For electronic records; maintenance in terms of back-up and planned migration to alternative platforms are designed and scheduled in a manner that ensures continued access to readable information.
Equipment used to store current records on all types of media provides storage that is safe and secure from unauthorised access and which meets health, safety and fire regulations. Additionally, the equipment also allows maximum accessibility of all records, commensurate with their frequency of use.
A business continuity plan is in place to provide protection for all types of records that are vital to the continued functioning of BrisDoc.
General Record Keeping Standards
BrisDoc’s policy of good record keeping aims to deliver the following standards of patient care and business professionalism:
- Supports the highest standards of clinical care
- Supports greater continuity of care
- Provides better communication and dissemination of information between clinical and non-clinical teams
- Provides an accurate account of treatments given, and promotes best care planning and delivery of services
- Enables early warning of potential problems (e.g. changes in the patient’s condition)
- Supports evidence-based clinical practices
- Complies with legal requirements (e.g. Data Protection Act and Access to Health Records Act)
- Assists with the audit process, both in a clinical and non-clinical setting
- Supports improvement and advancement in clinical practices and effectiveness of these
- Promotes patient choice and decision-making with regard to their treatment and the services on offer
- Provides evidence for the basis of legal or professional proceedings
- Supports efficiency and accuracy when dealing with suppliers and other outside bodies
- Establishes a clear and effective accounting procedure
Record Keeping within Consultations Protocol
All clinical staff must adhere to BrisDoc’s record keeping within consultations protocol.
The following information should be routinely recorded to ensure completeness in the patient record (you may wish to include Read Codes for various entries so that you are able to undertake searches at a later date for audit purposes – templates within the clinical system can be devised and used to ensure consistency and accuracy).
- Discussion that takes place within the consultation
- The reason the patient has attended
- Clinician’s findings (including conditions that were looked for and not found)
- Proposed treatment plan and whether the patient agrees with this
- Any medication prescribed and how they can report side effects
- Any follow up plans
- Information given on lifestyle changes and health promotion and whether the patient refuses to access this (e.g. smoking cessation clinic, weight management)
- Any refusal to accept surgical intervention once referred (see referral protocol)
- Any discussions on choice
- Any discussions regarding particular needs of the patient
Where the consultation takes place at the patient’s home, the clinician must ensure notes of the consultation are transferred to the patient record as soon as possible.
Do not alter an entry or disguise an addition. If the notes are factually incorrect, then the amendment must make this clear.
Avoid unnecessary comments (patients have the right to access their records and a flippant remark might be difficult to explain).
All new diagnoses should be recorded and any consultations that take place regarding the diagnosis should be recorded under that heading.
Any injections given should be recorded together with the name and batch number of the vaccine given and the site (e.g. left deltoid, right buttock). Patients must be advised on possible reactions or side-effects and what they should do if they experience any.
Where minor surgery or coil-fits are undertaken, ensure disposable instruments are used (or where reusable instruments are used, an accurate sterilisation record is kept).
Record batch numbers where applicable. Patients must be advised on possible reactions or side-effects and what they should do if they experience any. Detail any follow-up requirements (e.g. check-up or stitch removal).
Record keeping best practice
The following section is an extract from DoH Confidentiality NHS Code of Practice (2003) and is detailed here for completeness as a copy.
Patient records should:
Be factual, consistent and accurate
- Be written as soon as possible after the event has occurred.
- Be written clearly and legibly and in such a manner that they can’t be erased.
- Be written in such a manner that any alterations or additions are dated, timed and signed in such a way that the original entry can still be seen clearly.
- Be accurately dated, timed and signed or otherwise identified with the name of the author being printed alongside the first entry.
- Be readable on any photocopies.
- Be written, wherever applicable with the involvement of the patient or carer.
- Be clear, unambiguous (preferably concise) and written in terms that the patient can understand. Abbreviations if used should follow common conventions.
- Be consecutive.
- (For electronic records) use standard coding techniques and protocols.
- Be written so as to be compliant with the Race Relations Act and the Disciplinary Discrimination Act.
Be relevant and useful
- Identify problems that have happened and the actions taken to rectify them.
- Provide evidence of the care planned, the decisions made, the care delivered and the information shared.
- Provide evidence of actions agreed with the patient (including consent to treatment and / or consent to disclose information.
- Include medical observations, examinations, tests, diagnoses, prognoses, prescriptions and other treatments.
- Include relevant disclosures by the patient – pertinent to understanding cause or effecting cure / treatment.
- Include facts presented to the patient.
- Include correspondence from the patient or other parties or made to other parties.
Records should NOT include
- Unnecessary abbreviations or jargon.
- Meaningless phrases, irrelevant speculation or offensive subjective statements.
- Irrelevant personal opinions regarding the patient.
Appendix A Health Record Retention Periods
For Final action instructions and other record types please refer to
https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/
Appendix B Non-Health Record Retention Periods
Adult health records not covered by any other section in this schedule | 8 years
Retention starts when the Discharge or patient last seen |
GP Patient records | 10 years after death – see Notes for exceptions |
Clinical Audit | 5 years |
Clinical Protocols
|
25 years Clinical protocols may have archival value. They may also be routinely captured in clinical governance meetings which may form part of the permanent record (see Corporate Records). |
Notifiable disease book | 6 years |
Recorded conversation which may later be needed for clinical negligence purpose | 3 Years. The period of time cited by the NHS Litigation Authority is 3 years
|
Recorded conversation which forms part of the health record | Store as a health record
|
Policies, strategies and operating procedures including business plans | Life of organisation plus 6 years
|
Patient information leaflets | 6 years |
Website | 6 years |
Closed-circuit TV images | ICO Code of Practice: https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf
The length of retention must be determined by the purpose for which the CCTV has been deployed. The recorded images will only be retained long enough for any incident to come to light (e.g. for a theft to be noticed) and the incident to be investigated. |
Complaints (See also litigation dossiers), correspondence, investigation and outcomes | 10 years from completion of action
|
Subject Access Request (SAR) and disclosure correspondence
|
3 years, 6 years is appealed |
Incident report forms | 10 years after completion of investigation (NHSLA 2016)
SUI Incident Forms 20 Years |
Manuals – policy and procedure (administrative and clinical, strategy documents) | 10 years after life of the system (or superseded) to which the policies or procedures refer |
Patient Advice & Liaison Service (PALS) records | 10 years after closure of the case |
Accounts – annual (final set only) | 3 years
Close of financial year
|
Accounts – minor records (pass books, paying-in slips, cheque counterfoils, cancelled/discharged cheques, accounts of petty cash expenditure, travel and subsistence accounts, minor vouchers, duplicate receipt books, income records, laundry lists and receipts) | 2 years from completion of audit |
Appendix D Records Register Information
The following additional information has been added to the Information Asset Register so that it can act as a single source for all Information Assets within BrisDoc.
- Record/Information Asset Name
- Are duplicates of the record held? Where
- Does the record include personal data
- How many records are held? (Estimate)
- Is there a register, index etc of the records?
- Have you identified how long the records must be kept
Appendix E HR Records Retention Periods
The categories of information which BrisDoc will hold and the times for which BrisDoc will hold such information is in accordance with the code of practice published by the Data Protection Commissioner.
Record Type | Retention Time |
Application Form | 6 years |
References received | 6 years |
Payroll and Tax Information | 11 years |
Sickness Records | 6 years |
Annual Leave Records | 6 years |
Unpaid Leave/Special Leave Records | 6 years |
Annual appraisal/assessment records | 6 years |
Records relating to promotion, transfer, training and disciplinary matters | 6 years |
References given/information to enable reference to be provided | 6 years |
Summary of record of service e.g. name, position held, dates of employment | 6 years |
Records relating to accident or injury at work | 6 years |
Incidents | 10 Years SUIs 20 years. |
Change Register
Date | Version | Author | Change Details |
Oct-11 | First Draft | SP | |
Aug-12 | 1.1 | DL | Bring in line with IG Toolkit Requirements for first full review. |
Oct-12 | 1.2 | DL | Align record register definition with information asset register definition to hold 1 register. |
Oct-12 | 1.3 | DL | Amendments after review by NG |
Feb-14 | 1.4 | DL | Review and additions to include retention periods for staff related records |
Oct-16 | 1.5 | DL | Annual review formatting changes |
Dec-18 | 1.6 | DL | Review for GDPR and addition of more Data Quality standards |
Mar-19 | 1.7 | DL | Align with 2016 IGA Records Management Code of Practice for Health and Social care 2016 |
Oct-19 | 1.8 | DL | Updates to record retention in line with above |
Mar-22 | 1.9 | DL | Change reference for Records Management Code of Practice 2016 to 2021 |
Mar-24 | 1.10 | DL | Annual review |