A Mapping of the Victorian Electronic Records Strategy Schema to openehr

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Mapping of the Victorian Electronic Records Strategy Schema to openehr"

Transcription

1 VERS openehr Mapping Commentary A Mapping of the Victorian Electronic Records Strategy Schema to openehr Electronic Health Records: Achieving an Effective and Ethical Legal and Recordkeeping Framework Australian Research Council Discovery Grant, DP School of Law Deakin University, School of Information Management and Systems Faculty of Information Technology and Faculty of Law Monash University, Australia Rob Meredith School of Information Management & Systems, Monash University January, 2004

2 Introduction This document is a commentary on a comparison between the Victorian Electronic Records Strategy (VERS) and the openehr electronic health records standard. VERS documents the Victorian State Government s requirements for electronic records submitted to the Public Records Office of Victoria, and forms the basis for other electronic records systems to be used by other branches of the Government. The specification can be found at openehr is an open standard for the design of electronic health records systems. Consisting of a number of models specifying the data required by compliant systems for various aspects of a medical records system, it is still a work in progress, in that a number of the proposed models are yet to be released to the public. Documentation for the current models can be found at Purpose The purpose of this document is to provide an overview of the results of the VERSopenEHR mapping. It should be read in conjunction with the mapping document itself (VERS-EHR.xls), as well as the VERS and openehr documentation itself (see below). This document highlights some of the main issues that have been identified as a result of the mapping process, but doesn t claim to be a comprehensive list of limitations of openehr from a record-keeping perspective. Document Versions The following document versions were used for the mapping process: VERS: [VERS1] Public Records Office Victoria (2003) Management of Electronic Records, PROS 99/007, Version 2.0, available at [VERS2] Public Records Office Victoria (2003) Advice 9: Introduction to the Victorian Electronic Records Strategy (VERS), PROS 99/007, Version 2.0, available at [VERS3] Public Records Office Victoria (2003) Specification 1: System Requirements for Preserving Electronic Records, PROS 99/007, Version 2.0, available at 1_Std_ver_2-0.pdf [VERS4] Public Records Office Victoria (2003) Specification 2: VERS Metadata Scheme, PROS 99/007, Version 2.0, available at 2_Std_ver2-0.pdf [VERS5] Public Records Office Victoria (2003) Specification 3: VERS Standard Electronic Record Format, PROS 99/007, Version 2.0, available at 3_Std_ver_2-0.pdf 1

3 [VERS6] Public Records Office Victoria (2003) Specification 4: VERS Long Term Preservation Formats, PROS 99/007, Version 2.0, available at 4_Std_ver_2-0.pdf [VERS7] Public Records Office Victoria (2003) Specification 5: Export of Electronic Records to PROV, PROS 99/007, Version 2.0, available at 5_Std_ver_2-0.pdf openehr: [EHR1] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (2002) The openehr Technical Roadmap, The openehr Foundation, Revision 1.2 [EHR2] Beale, T., Goodchild, A., & Heard, S. (2002) Design Principles for the EHR, The openehr Foundation, Revision 2.4 [EHR3] Beale, T. (2002) The openehr Modelling Guide, The openehr Foundation, Revision 1.0 [EHR4] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr EHR Reference Model, The openehr Foundation, Revision [EHR5] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr Common Reference Model, The openehr Foundation, Revision [EHR6] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr Data Types Reference Model, The openehr Foundation, Revision [EHR7] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr Data Structures Reference Model, The openehr Foundation, Revision [EHR8] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr Demographic Reference Model, The openehr Foundation, Revision [EHR9] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr Support Reference Model, The openehr Foundation, Revision [EHR10] Beale, T., Heard, S., Kalra, D., & Lloyd, D. (Eds.) (2003) The openehr EHR_EXTRACT Reference Model, The openehr Foundation, Revision Methodology A direct mapping of VERS to openehr is not possible for a number of reasons, the first being that the two models are intended for quite different purposes. VERS was developed with the needs of the Victorian Public Records Office in mind, that is, the needs of that office to be able to accept, for archival preservation and storage, records in electronic format from a number of agencies. openehr, on the other hand, is a logical model unrelated directly to any physical system, designed to manage patient health data. Whilst the two overlap (they are both concerned with record-keeping), there are broad areas of incompatibility. 2

4 The method adopted, therefore, has been to derive the requirements for records from the VERS documentation. These include system requirements, metadata and other aspects of record-keeping. Rather than directly mapping to openehr elements, the task is to determine whether a system implementing openehr either directly supports, or could be made to support, the derived VERS requirements. For example, a particular VERS Metadata item may not necessarily exist within an openehr model, but it might be reasonable to assume that if asked, the operator of an openehr system might be able to generate the metadata item asked for in VERS. There are therefore a number of levels of compatibility: Full, Implementation Dependent, Derivable (not directly supported, but reasonable to assume that the data could be generated), Partial, and Not Supported. Finally, some elements of VERS are listed as deprecated those elements have not been mapped, but they have been included in the mapping spreadsheet for completeness. The mapping spreadsheet, VERS-EHR.xls, has been structured in the same manner as the VERS documentation. For each document, a separate worksheet has been created that lists, on the left, the record-keeping requirements derived from that document. The next column specifies the level of compliance by openehr with that requirement. Where necessary, commentary has been provided in the next column. Main Findings A good summary of the overall support offered by openehr for the VERS requirements can be found in the worksheet relating to the VERS System Requirements document [VERS3]. The requirements listed in this document outline the requirements of a good electronic record-keeping system. This sheet is reproduced below: Requirements derived from VERS System Requirements Specification Record Authenticity Record Integrity Document Conversion Metadata Capture Modifying information associated with Records and Folders Documenting the History of the Records and Folders Reliability Refresh Record Transfer openehr Compliance Depends on Access Control Models, yet to be documented Partial Not applicable Partial Full Partial (record creation and modification, but not access) Depends on implementation Depends on implementation Not applicable Table 1 - VERS System Requirements & openehr Compliance Inapplicability of parts of VERS As can be seen from the table above, some sections of the VERS specification are not applicable to a mapping with openehr. The purpose of VERS is partly to specify for client organisations of the public records office the format of electronic records to be provided for long term preservationl. A compliant system owned by a client will be able to generate an electronic object (VEO) which is then able to be sent to the public records office for storage. Requirements specifically designed for long term preservation such as 3

5 the ability to convert documents to a VEO compliant format, and the ability to transfer this to the Public Records Office of Victoria are not the principal design specifications of openehr. Altough, as recorded below, openehr has components that comply with VERS. Most VERS Metadata Elements Fully Supported or Derivable The main area of relevance for openehr is the VERS metadata scheme [VERS4]. By mapping the schemas documented in the various openehr models, it has been possible to highlight a number of areas of difference. It should be noted that, whilst openehr doesn t provide complete compliance with the VERS metadata, the majority of metadata elements required in VERS are supported, at least to the point where they can be derived from an openehr system. Aspects of the VERS metadata such as the structuring of records and descriptions of their contents are fully supported by openehr. Those areas of VERS that receive the least amount of support, however, tend to relate to record-keeping business functions. Given the recordkeeping needs, however, of the medical industry, where long term, authentic and secure records are vital, the seriousness of these shortcomings should not be overlooked. These record keeping aspects are as follows: Rights Management The most glaring omission from openehr as it stands in the documents used for this comparison is the area of the control of use and access to records. Section 9.2 of Design Principles for the EHR [EHR2] states that the following five principles should underlie any openehr system (see [EHR2] for precise definitions): Authentication Confidentiality Integrity Availability Non-Repudiation Whilst these principles are worthwhile, the inclusion of these into the overall openehr model base is a work in progress. Section 9.2 itself has a number of sections marked To Be Continued, and the model that would contain most of the security functionality, Access Control (see Figure 2 openehr Model Family, page 10, [EHR1]) has yet to be released to the public. As a result, large sections relating to rights management in VERS, comprising VERS metadata elements M25-M31, M135-M151, and M154, are unable to be mapped as they may, or may not be supported by a subsequent version of openehr. Audit Trails Broadly speaking, openehr has a relatively rigorous audit trail mechanism in place. It provides support for the logging of the creation, modification and deletion of records, and ensures that all previous versions of a record are available if needed. It achieves this by implementing a chain of records representing the different versions of an individual record over time, beginning with the initial creation of the record, and allowing for a record to be flagged as deleted, rather than physically removing it at the end of its life. 4

6 This same concept is utilised in VERS with its modified VEO object (see [VERS3]). However, VERS also goes further in tracking not only the creation, modification and deletion of records, but their access as well, through the use of the following metadata elements (see [VERS3]: M73 Object Content.Record.Use History.Use.Use Date/Time M74 Object Content.Record.Use History.Use.Use Type M75 Object Content.Record.Use History.Use.Use Description This ensures that even if a user has legitimate rights to access a record for some purpose (rights management), all access to that record outside of the scope of that purpose is logged. This is an important privacy mechanism, missing in openehr. Whilst it is conceivable, and even likely, that the developer of an electronic health record system based compliant with openehr would incorporate such functionality, this is by no means guaranteed by the standard. Since privacy and accountability are vital aspects of the medical industry, it is surprising that logging of record access has been omitted in openehr. Scheduling of Specific Record Keeping Actions VERS includes a mechanism for the scheduling and logging of actions to be undertaken in regard to the preservation and disposal of a record. The following metadata elements are incorporated into VERS for record preservation (see [VERS3]): M78 Object Content.Record.Preservation History.Action.Action Date/Time M79 Object Content.Record.Preservation History.Action.Action Type M80 Object Content.Record.Preservation History.Action.Action Description M81 Object Content.Record.Preservation History.Next Action M82 Object Content.Record.Preservation History.Next Action Due Whilst the following manage record disposal: M89 Object Content.Record.Disposal.Disposal Authorisation M90 Object Content.Record.Disposal.Sentence M91 Object Content.Record.Disposal.Disposal Action Due M92 Object Content.Record.Disposal.Disposal Status Of these metadata elements, only M92 Disposal Status can at least be derived from an openehr system (by determining whether or not a record still exists and is accessible). Mandates for Record Keeping Activities Related to the issue of the management of record keeping activities, VERS supports the logging of the mandate used by a record-keeper to undertake an action in relation to a record. For example, a particular action, such as the deletion of a record, may be mandated by legislation, or some organisational policy. VERS incorporates the following metadata elements to implement this (see [VERS3]): M94 Object Content.Record.Mandate.Mandate Type M95 Object Content.Record.Mandate.Refers To 5

7 M96 Object Content.Record.Mandate.Mandate Name M97 Object Content.Record.Mandate.Mandate Reference M98 Object Content.Record.Mandate.Requirement Whilst the tracking of a mandate may not be as important as the logging of access to a record, or the management of record-keeping activities, the capture and logging of the mandate related to record-keeping activities is never-the-less important for ensuring the integrity and legality of the record, especially in long term time frames. None of these elements are supported by openehr in regard to records-management activities. Long Term Preservation of Records One of the strengths of VERS is that it has been designed with an emphasis on the long term preservation of records and their metadata. VERS mandates, for example, the use of common, standard encoding techniques such as Adobe s open, ubiquitous, even if proprietary portable document format (PDF), ASCII text, TIFF images and standard compression algorithms [VERS6]. It also specifies standard media such as 63 or 74 minute CD-R as opposed to 80 minute CDs or CD-RW formats [VERS7]. VERS also specifically prohibits the encryption of records to ensure their long-term accessibility. openehr, on the other hand, does not deal well with the issue of long-term preservation of records. openehr does have, as one of its stated aims, the long-term accessibility of health records (see section 9.4, page 88 of [EHR2]), and references concepts of selfdocumentation, self-containment and record structure extensibility, which are in common with long term preservation models. It also recognises a number of strategies by which this can be achieved (from [EHR2], page 88): Preservation of the original system Emulation of the original system on a new platform Migration of the data to a new system Encapsulation of the older data within the new format However, this being said, openehr sidesteps the issue of long-term preservation by arguing that the method of ensuring this principle is one of enterprise policy ([EHR2], p. 88) that is, it is up to the system developers/builders to derive an acceptable solution. This is further compounded when it is considered that data encryption is a likely tool for system developers to be used for ensuring security and privacy of health records, although encryption is not specifically incorporated into the openehr specification. Encryption is acceptable for transmission but not storage. There is a tension between the long-term access needs for health records (>100 years), and the security and privacy requirements placed upon system owners and operators. By placing the burden upon developers to devise a suitable long-term archival mechanism, with some justification (openehr doesn t claim to be a system requirements specification document), openehr leaves this important issue somewhat up to chance. 6

8 Conclusion In general, based upon this comparison with the record-keeping requirements of VERS, openehr has a moderately good level of support for basic record-keeping principles. Certainly the introductory documentation to openehr including the technical roadmap [EHR1] and the Design Principles [EHR2] outline a sound treatment of the recordkeeping aspects of electronic health records systems. Where the model currently falls down, however, is primarily in managing record-keeping activities (such as scheduling and the logging of record-keeping mandates) and in extending the audit trail to include record access as use in addition to creation, modification and deletion. openehr also sidesteps the important issue of the long term preservation of records by leaving the most important aspects of the mechanism for ensuring this up to system developers. Despite addressing the majority of record-keeping issues in the EHR context, these aspects of openehr reflect, perhaps, the fact that record-keepers have not had a strong influence on the development of the standard. Inclusion of input from record-keeping experts is an important task that the openehr Foundation should turn its attention to. Further work will be needed when the Access Control models for openehr are made available, at which time, the rights management aspects of VERS can be compared for a more detailed assessment of the security and access control features of openehr. 7

Management of Official Records in a Business System

Management of Official Records in a Business System GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version

More information

Public Record Office Standard PROS 99/007. Public Record Office Victoria. Management of Electronic Records

Public Record Office Standard PROS 99/007. Public Record Office Victoria. Management of Electronic Records Public Record Office Standard PROS 99/007 Public Record Office Victoria Management of Electronic Records Version 1.0 April 2000 PROS 99/007: Management of Electronic Records 1 Table of Contents 1.0 Introduction...

More information

System Requirements for Archiving Electronic Records PROS 99/007 Specification 1. Public Record Office Victoria

System Requirements for Archiving Electronic Records PROS 99/007 Specification 1. Public Record Office Victoria System Requirements for Archiving Electronic Records PROS 99/007 Specification 1 Public Record Office Victoria Version 1.0 April 2000 PROS 99/007 Specification 1: System Requirements for Archiving Electronic

More information

ADRI. Digital Record Export Standard. ADRI-2007-01-v1.0. ADRI Submission Information Package (ASIP)

ADRI. Digital Record Export Standard. ADRI-2007-01-v1.0. ADRI Submission Information Package (ASIP) ADRI Digital Record Export Standard ADRI Submission Information Package (ASIP) ADRI-2007-01-v1.0 Version 1.0 31 July 2007 Digital Record Export Standard 2 Copyright 2007, Further copies of this document

More information

Public Record Office Standard. PROS 99/007 Version 2.0. Standard. Management of Electronic Records PROS 99/007 (Version 2)

Public Record Office Standard. PROS 99/007 Version 2.0. Standard. Management of Electronic Records PROS 99/007 (Version 2) Public Record Office Standard PROS 99/007 Version 2.0 Standard Management of Electronic Records PROS 99/007 (Version 2) Copyright 2003, Public Record Office Victoria Further copies of this document can

More information

Queensland recordkeeping metadata standard and guideline

Queensland recordkeeping metadata standard and guideline Queensland recordkeeping metadata standard and guideline June 2012 Version 1.1 Queensland State Archives Department of Science, Information Technology, Innovation and the Arts Document details Security

More information

Document and Records Management Systems

Document and Records Management Systems GPO Box 2343 Adelaide SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa. gov.au Document and Records Management Systems August 2009 Version 2.1 Table

More information

Guideline 1. Cloud Computing Decision Making. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013

Guideline 1. Cloud Computing Decision Making. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013 Public Record Office Victoria Cloud Computing Policy Guideline 1 Cloud Computing Decision Making Version Number: 1.0 Issue Date: 26/06/2013 Expiry Date: 26/06/2018 State of Victoria 2013 Version 1.0 Table

More information

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010 Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0

More information

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,

More information

The legal admissibility of information stored on electronic document management systems

The legal admissibility of information stored on electronic document management systems Softology Ltd. The legal admissibility of information stored on electronic document management systems July 2014 SOFTOLOGY LIMITED www.softology.co.uk Specialist Expertise in Document Management and Workflow

More information

Standards Development. PROS 14/00x Specification 3: Long term preservation formats

Standards Development. PROS 14/00x Specification 3: Long term preservation formats Standards Development PROS 14/00x Specification 3: Long term preservation formats 1 2 Copyright Statement State of Victoria 2014 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 This work is licensed

More information

Data Portability Requirements for EHRs

Data Portability Requirements for EHRs Data Portability Requirements for EHRs Robert Rogers Chief Technology Officer mrrogers@applicationmatrix.com Open Source EHR Summit and Workshop Gaylord National, National Harbor, MD October 18,2012 Disclaimer

More information

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4 9. GOVERNANCE Policy 9.8 RECORDS MANAGEMENT POLICY Version 4 9. GOVERNANCE 9.8 RECORDS MANAGEMENT POLICY OBJECTIVES: To establish the framework for, and accountabilities of, Lithgow City Council s Records

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS STATEMENT OF PURPOSE The Delaware Public Archives (DPA) has issued "Model Guidelines for Electronic Records"

More information

Report on a preliminary analysis of the dataflow(s) in HealthConnect system

Report on a preliminary analysis of the dataflow(s) in HealthConnect system Report on a preliminary analysis of the dataflow(s) in HealthConnect system Electronic Health Records: Achieving an Effective and Ethical Legal and Recordkeeping Framework Australian Research Council Discovery

More information

Public Record Office Standard. Retention & Disposal Authority for Records of the Transport Accident Prevention and Assistance Functions

Public Record Office Standard. Retention & Disposal Authority for Records of the Transport Accident Prevention and Assistance Functions Public Record Office Standard PROS 14/01 Authority Retention & Disposal Authority for Records of the Transport Accident Prevention and Assistance Functions Version 2014 14/01 Issue Date: 15/08/2014 Copyright

More information

Life Cycle of Records

Life Cycle of Records Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible

More information

Microsoft SharePoint and Records Management Compliance

Microsoft SharePoint and Records Management Compliance Microsoft SharePoint and Records Management Compliance White Paper Revision: 2 Date created: 20 February 2015 Principal author: Nigel Carruthers-Taylor, Principal, icognition Reference: 15/678 Summary

More information

ANU Electronic Records Management System (ERMS) Manual

ANU Electronic Records Management System (ERMS) Manual ANU Electronic Records Management System (ERMS) Manual May 2015 ERMS Manual May 2015 1 Contents The ERMS Manual 1. Introduction... 3 2. Policy Principles... 3 3. The Electronic Records Management System...

More information

Information Management Advice 18 Managing records in business systems

Information Management Advice 18 Managing records in business systems Information Management Advice 18 Managing records in business systems Assessment tool: Measuring recordkeeping compliance in business systems Introduction Using this tool to identify and assess core business

More information

RECORDS MANAGEMENT PROCEDURE

RECORDS MANAGEMENT PROCEDURE AMINISTRATIVE 5 RECORS MANAGEMENT PROCEURE Parent Policy Title Associated ocuments Preamble General Records & Archives Management Policy Recordkeeping Guidelines The University is committed to making and

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

ADRI. Statement on the Application of Digital Rights Management Technology to Public Records. ADRI-2008-001-v1.0

ADRI. Statement on the Application of Digital Rights Management Technology to Public Records. ADRI-2008-001-v1.0 ADRI Statement on the Application of Digital Rights Management Technology to Public Records ADRI-2008-001-v1.0 Version 1.0 6 August 2008 Statement on the Application of Digital Rights Management Technology

More information

COUNCIL POLICY R180 RECORDS MANAGEMENT

COUNCIL POLICY R180 RECORDS MANAGEMENT 1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.

More information

Information Management Advice 50 Developing a Records Management policy

Information Management Advice 50 Developing a Records Management policy Information Management Advice 50 Developing a Records Management policy Introduction This advice explains how to develop and implement a Records Management policy. Policy is central to the development

More information

Digitisation of official records and management of source documents

Digitisation of official records and management of source documents GPO Box 2343 Adelaide SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa. gov.au Digitisation of official records and management of source documents December

More information

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information

More information

Records and Information Management. General Manager Corporate Services

Records and Information Management. General Manager Corporate Services Title: Records and Information Management Policy No: 057 Adopted By: Chief Officers Group Next Review Date: 08/06/2014 Responsibility: General Manager Corporate Services Document Number: 2120044 Version

More information

Records Management - Department of Health

Records Management - Department of Health Policy Directive Records Management - Department of Health Document Number PD2009_057 Publication date 24-Sep-2009 Functional Sub group Corporate Administration - Records Ministry of Health, NSW 73 Miller

More information

Records Management Policy

Records Management Policy Records Management Policy Responsible Officer Chief Operating Officer Approved by Vice-Chancellor Approved and commenced April, 2014 Review by April, 2017 Relevant Legislation, Ordinance, Rule and/or Governance

More information

16 Electronic health information management systems

16 Electronic health information management systems 16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new

More information

Guideline 2. Cloud Computing: Tools. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013

Guideline 2. Cloud Computing: Tools. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013 Public Record Office Victoria Cloud Computing Policy Guideline 2 Cloud Computing: Tools Version Number: 1.0 Issue Date: 26/06/2013 Expiry Date: 26/06/2018 State of Victoria 2013 Version 1.0 Table of Contents

More information

Digital Archiving Survey

Digital Archiving Survey Digital Archiving Survey Background information Under the Public Records Act 2002 (the Act), public authorities have a responsibility to ensure that digital records under their control remain accessible

More information

Records Management Security of University Records Procedures

Records Management Security of University Records Procedures Records Management Security of University Records Procedures pro-064 To be read in conjunction with: Records Management Policy Version: 2.00 Last amendment: Nov 2014 Next Review: Nov 2016 Approved By:

More information

Guideline 2. Cloud Computing: Tools. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013

Guideline 2. Cloud Computing: Tools. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013 Public Record Office Victoria Cloud Computing Policy Guideline 2 Cloud Computing: Tools Version Number: 1.0 Issue Date: 26/06/2013 Expiry Date: 26/06/2018 State of Victoria 2013 Version 1.0 Table of Contents

More information

information Records Management Checklist business people security preservation accountability Foreword Introduction Purpose of the checklist

information Records Management Checklist business people security preservation accountability Foreword Introduction Purpose of the checklist Records Management Checklist Foreword We fi rst developed the Records Management Checklist in 2008 to complement our performance audit Records Management in the Victorian Public Sector. At that time the

More information

Records Management and Information Lifecycle Strategy

Records Management and Information Lifecycle Strategy LINCOLNSHIRE PARTNERSHIP NHS FOUNDATION TRUST Records Management and Information Lifecycle Strategy DOCUMENT VERSION CONTROL Document Type and Title: Strategy New or Replacing: Revised/Updated Version

More information

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER SECTION 46 OF THE FREEDOM OF INFORMATION ACT 2000 NOVEMBER 2002 Presented to Parliament by the Lord Chancellor Pursuant to section

More information

Public Record Office Standard. Retention & Disposal Authority for Records of the Victims of Crime Assistance Tribunal

Public Record Office Standard. Retention & Disposal Authority for Records of the Victims of Crime Assistance Tribunal Public Record Office Standard PROS 04/08 Authority Retention & Disposal Authority for Records of the Victims of Crime Assistance Tribunal Version 2013 04/08 Issue Date: 01/12/2004 Expiry Date: 01/12/2014

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Records Management Checklist. preservation. accountability. information. security. peoplep. A tool to improve records management

Records Management Checklist. preservation. accountability. information. security. peoplep. A tool to improve records management Records Management Checklist preservation accountability information security busine ess peoplep A tool to improve records management preservation people security business Foreword accountability information

More information

Digital Preservation Guidance Note: Selecting File Formats for Long-Term Preservation

Digital Preservation Guidance Note: Selecting File Formats for Long-Term Preservation Digital Preservation Guidance Note: 1 Selecting File Formats for Long-Term Preservation Document Control Author: Adrian Brown, Head of Digital Preservation Research Document Reference: Issue: 2 DPGN-01

More information

VERS Standard Electronic Record Format PROS 99/007 Specification 3. Public Record Office Victoria

VERS Standard Electronic Record Format PROS 99/007 Specification 3. Public Record Office Victoria VERS Standard Electronic Record Format PROS 99/007 Specification 3 Public Record Office Victoria Version 1.0 April 2000 PROS 99/007 Specification 3: VERS Standard Electronic Record Format 1 Table of Contents

More information

PDF/A A standard for document archiving. Dipl. Inf. Reinhold Müller-Meernach. Dr. Uwe Wächter. SEAL Systems info@sealsystems.com www.sealsystems.

PDF/A A standard for document archiving. Dipl. Inf. Reinhold Müller-Meernach. Dr. Uwe Wächter. SEAL Systems info@sealsystems.com www.sealsystems. PDF/A A standard for document archiving Dipl. Inf. Reinhold Müller-Meernach Röttenbach Dr. Uwe Wächter Roßdorf No. 2/2006 SEAL Systems info@sealsystems.com www.sealsystems.com PDF/A A standard for document

More information

Information and Compliance Management Information Management Policy

Information and Compliance Management Information Management Policy Aurora Energy Group Information Management Policy Information and Compliance Management Information Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 1 11/03/2011 Revision and

More information

Metadata, Electronic File Management and File Destruction

Metadata, Electronic File Management and File Destruction Metadata, Electronic File Management and File Destruction By David Outerbridge, Torys LLP A. Metadata What is Metadata? Metadata is usually defined as data about data. It is a level of extra information

More information

BSO Board Director of Human Resources & Corporate Services Digitalisation of records in the Scanning Centre. 21 June 2012

BSO Board Director of Human Resources & Corporate Services Digitalisation of records in the Scanning Centre. 21 June 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Digitalisation of records in the Scanning Centre For Approval 21 June 2012 The Board is asked to consider

More information

Information Management Policy

Information Management Policy Title Information Management Policy Document ID Director Mark Reynolds Status FINAL Owner Neil McCrirrick Version 1.0 Author Deborah Raven Version Date 26 January 2011 Information Management Policy Crown

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What

More information

Implementing an Electronic Document and Records Management System. Key Considerations

Implementing an Electronic Document and Records Management System. Key Considerations Implementing an Electronic Document and Records Management System Key Considerations Commonwealth of Australia 2011 This work is copyright. Apart from any use as permitted under the Copyright Act 1968,

More information

Strategy for archiving digital records at the Danish National Archives. January 1

Strategy for archiving digital records at the Danish National Archives. January 1 Strategy for archiving digital records at the Danish National Archives January 2013 0 @ 1 0 1 Strategy for archiving digital records This document describes the strategy of the Danish National Archives

More information

E-mail Management: A Guide For Harvard Administrators

E-mail Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

BSBRKG403B Set up a business or records system for a small business

BSBRKG403B Set up a business or records system for a small business BSBRKG403B Set up a business or records system for a small business Release: 1 BSBRKG403B Set up a business or records system for a small business Modification History Not applicable. Unit Descriptor Unit

More information

Digital Continuity Plan

Digital Continuity Plan Digital Continuity Plan Ensuring that your business information remains accessible and usable for as long as it is needed Accessible and usable information Digital continuity Digital continuity is an approach

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

General Disposal Authority. For encrypted records created in online security processes

General Disposal Authority. For encrypted records created in online security processes General Disposal Authority For encrypted records created in online security processes May 2004 Commonwealth of Australia 2004 ISBN 1 920807 04 7 This work is copyright. Apart from any use as permitted

More information

NHS Business Services Authority Records Management Audit Framework

NHS Business Services Authority Records Management Audit Framework NHS Business Services Authority Records Management Audit Framework NHS Business Services Authority Corporate Secretariat NHSBSARM019 Issue Sheet Document Reference Document Location Title Author Issued

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

4 NUMBER 004 Policy Data base Document Reference Number 134004P

4 NUMBER 004 Policy Data base Document Reference Number 134004P NUMBER 00 olicy Data base Document Reference Number 100 urpose/ objectives This policy sets out the requirements for La Trobe University researchers to manage their research data and primary materials

More information

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0 ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Document Storage Tips: Inside the Email Vault

Document Storage Tips: Inside the Email Vault Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Document Storage Tips: Inside the Email Vault Law360,

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations

More information

Corporate Records Management Policy

Corporate Records Management Policy Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management

More information

ERMS Solution BUILT ON SHAREPOINT 2013

ERMS Solution BUILT ON SHAREPOINT 2013 ERMS Solution BUILT ON SHAREPOINT 2013 Purpose of the Presentation Present a comprehensive proprietary Electronic Records Management System (ERMS) Communication Progress is developing on SharePoint 2013,

More information

CORPORATE RECORDS MANAGEMENT POLICY

CORPORATE RECORDS MANAGEMENT POLICY 1.1 Introduction Derbyshire County Council is dependent on its records to operate efficiently and to account for its actions. This policy defines a structure for Derbyshire County Council to ensure that

More information

Environmental Auditor Guidelines Provision of Environmental Audit Reports, Certificates and Statements

Environmental Auditor Guidelines Provision of Environmental Audit Reports, Certificates and Statements Environmental Auditor Guidelines Provision of Environmental Audit Reports, Certificates and Statements Information Bulletin Publication number 1147.1 December 2012 Authorised and published by EPA Victoria,

More information

Digital Archives Migration Methodology. A structured approach to the migration of digital records

Digital Archives Migration Methodology. A structured approach to the migration of digital records Digital Archives Migration Methodology A structured approach to the migration of digital records Published July 2014 1 Table of contents Executive summary... 3 What is the Digital Archives Migration Methodology?...

More information

Independent Auditors Report to the Commissioner for Law Enforcement Data Security -

Independent Auditors Report to the Commissioner for Law Enforcement Data Security - Commissioner for Law Enforcement Data Security Audit of Victoria Police Compliance with CLEDS standards on Access Control and Release June 2008 Reference: Version: FY07/08 Final Date of review: April -

More information

Information Management Advice 39 Developing an Information Asset Register

Information Management Advice 39 Developing an Information Asset Register Information Management Advice 39 Developing an Information Asset Register Introduction The amount of information agencies create is continually increasing, and whether your agency is large or small, if

More information

Records Management Policy

Records Management Policy Once printed off, this is an uncontrolled document. Please check the Intranet for the most up to date copy Author Freedom of Information Lead Version 5.0 Issue Issue Date October 2011 Review Date October

More information

Staffordshire County Council. Records Retention and Disposal Policy

Staffordshire County Council. Records Retention and Disposal Policy Staffordshire County Council Records Retention and Disposal Policy Version Author Approved By Date Published Review V. 1.1 Information Governance Unit Philip Jones, Head of Information Governance 2/11/2012

More information

Complying with the Records Management Code: Evaluation Workbook and Methodology

Complying with the Records Management Code: Evaluation Workbook and Methodology Complying with the Records Management Code: Evaluation Workbook and Methodology Page 1 of 110 Crown copyright 2006 First edition published February 2006 Author: Richard Blake The National Archives Ruskin

More information

Records Management Policy

Records Management Policy Records Management Policy Document Number SOP2006-073 File No. 07/7 Date issued 1 September 2006 Author Branch Records and Mail Services Unit Branch contact 9320.7722 Division Finance & Data Services Summary

More information

Spatial Information Data Quality Guidelines

Spatial Information Data Quality Guidelines Spatial Information Data Quality Guidelines Part of Victoria s Second Edition The Victorian Spatial Council was established under the Victorian Spatial Information Strategy 2004-2007 to support the advancement

More information

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW

More information

In addition, a decision should be made about the date range of the documents to be scanned. There are a number of options:

In addition, a decision should be made about the date range of the documents to be scanned. There are a number of options: Version 2.0 December 2014 Scanning Records Management Factsheet 06 Introduction Scanning paper documents provides many benefits, such as improved access to information and reduced storage costs (either

More information

Risk-Based Approach to 21 CFR Part 11

Risk-Based Approach to 21 CFR Part 11 3109 W. Dr. Martin Luther King, Jr. Blvd., Suite 250 Tampa, FL 33607 USA Tel: 813/960-2105 Fax: 813/264-2816 www.ispe.org Risk-Based Approach to 21 CFR Part 11 The 21 CFR Part 11 regulation is a comprehensive

More information

Queensland Government Digital Continuity Strategy

Queensland Government Digital Continuity Strategy Queensland Government Digital Continuity Strategy Future proofing the critical digital records of government business September 2012 Queensland State Archives Department of Science, Information Technology,

More information

Remote Data Extraction Policy and Procedure

Remote Data Extraction Policy and Procedure Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

INTEGRATING RECORDS MANAGEMENT

INTEGRATING RECORDS MANAGEMENT INTERNATIONAL RECORDS MANAGEMENT TRUST INTEGRATING RECORDS MANAGEMENT IN ICT SYSTEMS Good Practice Indicators CONTENTS Figure 1: Designing a Records Management Improvement Programme iv Figure 2: Integrating

More information

Adequate Records Management - Implementation Plan

Adequate Records Management - Implementation Plan GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Adequate Records Management - Implementation Plan October 2012 Version

More information

Clarifications of EPSRC expectations on research data management.

Clarifications of EPSRC expectations on research data management. s of EPSRC expectations on research data management. Expectation I Research organisations will promote internal awareness of these principles and expectations and ensure that their researchers and research

More information

Adequate Records Management

Adequate Records Management GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8769 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@saugov.sa.gov.au www.archives.sa.gov.au Adequate Records Management December 2013 Version 3.0 Table of Contents

More information

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:

More information

Records Management Standards. Records Management Standards for Public Sector Organisations in the Northern Territory

Records Management Standards. Records Management Standards for Public Sector Organisations in the Northern Territory Records Management Standards Records Management Standards for Public Sector Organisations in the Northern Territory August 2010 Overview of the standards Standard 1 Governance (including identification

More information

Introduction Thanks Survey of attendees Questions at the end

Introduction Thanks Survey of attendees Questions at the end Introduction Thanks Survey of attendees Questions at the end 1 Electronic records come in a variety of shapes and sizes and are stored in a multitude of ways. Just what are you managing? Video Cloud computing

More information

Special Purpose Reports on the Effectiveness of Control Procedures

Special Purpose Reports on the Effectiveness of Control Procedures Auditing Standard AUS 810 (July 2002) Special Purpose Reports on the Effectiveness of Control Procedures Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

More information

AHDS Digital Preservation Glossary

AHDS Digital Preservation Glossary AHDS Digital Preservation Glossary Final version prepared by Raivo Ruusalepp Estonian Business Archives, Ltd. January 2003 Table of Contents 1. INTRODUCTION...1 2. PROVENANCE AND FORMAT...1 3. SCOPE AND

More information

STATEMENT OF ETHICAL PRACTICE

STATEMENT OF ETHICAL PRACTICE STATEMENT OF ETHICAL PRACTICE Preamble Records and information management (RIM) is the branch of the information professions primarily concerned with the efficient and systematic control of the creation,

More information

Managing Closed Circuit Television (CCTV) Records

Managing Closed Circuit Television (CCTV) Records Queensland State Archives Managing Closed Circuit Television (CCTV) Records Guideline for Queensland Public Authorities October 2010 Document details Security Classification PUBLIC Date of review of security

More information

Bradford Scholars Digital Preservation Policy

Bradford Scholars Digital Preservation Policy DIGITAL PRESERVATION The value of the research outputs produced by staff and research students at the University of Bradford cannot be over emphasised in demonstrating the scientific, societal and economic

More information

A grant number provides unique identification for the grant.

A grant number provides unique identification for the grant. Data Management Plan template Name of student/researcher(s) Name of group/project Description of your research Briefly summarise the type of your research to help others understand the purposes for which

More information

UNIVERSITY OF MANITOBA PROCEDURE

UNIVERSITY OF MANITOBA PROCEDURE UNIVERSITY OF MANITOBA PROCEDURE Procedure: Parent Policy: Effective Date: June 23, 2015 Revised Date: Review Date: June 23, 2025 Approving Body: Authority: Responsible Executive Officer: Delegate: Contact:

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information