Policy Document Control Page. Title: Creation, Filing and Retention of Electronic Records Protocol

Transcription

1 Policy Document Control Page Title Title: Creation, Filing and Retention of Electronic Records Protocol Version: 4 Reference Number: CO63 Supersedes Supersedes: Version 3 Description of Amendment(s): Slight change to name of protocol to allow for easier searching on the intranet Originator Originated By: Carole McCarthy Designation: Records Manager Equality Analysis Assessment (EAA) Process Equality Relevance Assessment Undertaken by: Records Manager ERA undertaken on: 21/01/2016 ERA approved by EIA Work group on: Where policy deemed relevant to equality- EIA undertaken by: EIA undertaken on: EIA approved by EIA work group on CO63 Creation Filing and Retention of Electronic Records V4 Page 1 of 21

2 Approval Referred for approval by: Records Manager Date of Referral: 21/01/2016 Approved by: Information Governance Assurance Group Approval Date: 27 th January 2016 Date ratified by Executive Directors: N/A Executive Director Lead: Medical Director Circulation Issue Date: 11 th February 2016 Circulated by: Performance and Information Issued to: An e-copy of this protocol is sent to all wards and departments Protocol to be uploaded to the Trust s External Website? YES Review Review Date: 21 st January 2017 or sooner when new Records Management Code of Practice is issued. Responsibility of: Carole McCarthy Designation: Records Manager This protocol is to be disseminated to all relevant staff. This protocol must be posted on the Intranet. Date Posted: 11 th February 2016 CO63 Creation Filing and Retention of Electronic Records V4 Page 2 of 21

3 1. INTRODUCTION 1.1 Everyone in Pennine Care NHS Foundation Trust has a duty of care to ensure that all records, and especially confidential records, are stored in a safe and secure environment, which recognises their sensitivity. 1.2 This guidance is intended primarily for those working in corporate services and those who have an administrative / clerical role within the boroughs / directorates. 1.3 Pennine Care NHS Foundation Trust s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. In principle electronic and paper records should be managed consistently and to the same high standards. 1.4 Robust procedures can help to: Support innovation and better ways of working Avoid duplication and wasted work by standardisation Prevent the loss of records Make a broader range of information accessible to a wider range of people Provide a more flexible response to organisational changes Assist the organisation in meeting its responsibilities 1.5 Although this protocol relates in the main to corporate records there is supporting guidance regarding electronic clinical documentation please see point 10 below 1.6 This procedure document should be read in conjunction with the Trust s Records Management Policy, which is available on the Pennine Care NHS Foundation Trust Intranet (CO20). 2. SCOPE 2.1 This guidance relates to all corporate operational records held in an electronic format by the Trust. Operational records are defined as information created or received in the course of Trust business and captured in readable form in any medium, providing evidence of the functions, activities and transactions. They include: Text-based word-processed documents Spreadsheets Presentations Microform (i.e. fiche/film) Digital Audio and video, cassettes Computerised records Scanned images

4 Photographs, slides and other images messages Website (hypertext) documents Multimedia documents Faxed messages This list is not exhaustive. 2.2 All records created in the course of the business of Pennine Care NHS Foundation Trust are corporate records and are public records under the terms of the Public Records Acts 1958 and This includes messages and other electronic records. (For advice on the management and storage of see the Policy (CO6) located on the Trust s intranet.) 2.3 While paper is still the most common storage method for records, usually within paper-based filing systems, electronic media are commonly used to create documents in the first place and increasingly to store them in the longer term. Well-managed electronic records are a vital part of our organisation s information resources. As much as paper records, they enable an organisation to retain a corporate memory of it s various activities, provide an auditable trail of transactions, demonstrate accountability for actions, and fulfil its obligations under the Public Records Acts. 2.4 Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that administratively and legally sound, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. 3. RECORD CREATION 3.1 Corporate records are created to ensure that information is available within the Trust: - To support day to day business which underpins delivery of care To support sound administrative and managerial decision making To meet legal requirements, including requests from patients under access to health records legislation To assist internal and external audits Whenever, and wherever there is a justified need for information, and in whatever media it is required CO63 Creation Filing and Retention of Electronic Records V4 Page 4 of 21

5 3.2 Each department/service should have in place a process for documenting its activities in respect of records management. Records of operational activities should be complete and accurate in order to allow employees and their successors to undertake appropriate actions in the context of their responsibilities, to facilitate an audit or examination of the Trust by anyone so authorised, to protect the legal and other rights of the Trust, its patients, staff and any other people affected by its actions, and provide authentication of the records so that the evidence derived from them is shown to be credible and authoritative. 3.3 Records created by the Trust should be arranged in a record-keeping system that will enable the Trust to obtain the maximum benefit from the quick and easy retrieval of information. 3.4 Network users should always store electronic documents on the shared network drive or the personal network drive as they are secure and backed up by the ICT Department on a nightly basis. The personal network drive is a private storage area on the network file server and can be used to store information that is not needed to be shared with colleagues and the shared network drive should be used for storage if work files are being shared between multiple users such as functions, departments or services. Staff are not permitted to save documents on their hard drive. 4. RECORD REGISTRATION 4.1 Declaring a document to be a record is a formal point of transition, which it passes into corporate ownership. A document becomes a record when it has been finalised and become part of an organisation s corporate information. Once designated as a record, the document is no longer managed by the creator but by the organisation as part of its corporate information resources e.g. approved minutes of a meeting or approved policies and protocols. 4.2 In order to ensure records can be identified and retrieved when needed it is necessary, in most cases, to allocate a registration system to a set of records. 4.3 Registration is a system which allocates a unique identifier (number or alphabetical prefix) to each item, and which records that sequentially in a register or index. 4.4 Determining which records require registration is a decision that should be made by staff with advice from the local records manager. The kinds of records, which are most likely to be placed on a registered file, include: Personnel records Financial papers CO63 Creation Filing and Retention of Electronic Records V4 Page 5 of 21

6 Estates papers Performance monitoring Policy papers (reports, correspondence, etc) Minutes, circulated papers etc of meetings Papers relating to the preparation of legislation Complaints papers and correspondence Research and development papers 4.5 Registration will depend on the Trust s business need to maintain accountable records of particular activities, its information needs, how many records there are on that particular topic or in that series. 4.6 The best practice principles of registration are: The file title must be unique The reference identity assigned to each file must be unique Both must be relevant to and easily understood by all users The identifier should be restricted to no more than four elements 4.7 Types of registered file systems include: Alphabetical Numerical Alpha-numeric Keyword 4.8 The Trust will establish and maintain mechanisms through which departments and other units can register the records they are maintaining. The inventory of record collections will facilitate: The classification of records into series; and The recording of the responsibility of individuals creating records. 4.9 The register will be reviewed every two years If any completely new record collections are created containing personal information, e.g. a new assessment questionnaire is created to collect patient information that has not previously been collected in any other way, it is essential that the Personal Data Report Form (Appendix 1) is completed and sent to the Information Governance Manager. This ensures that the requirements of the Data Protection Act 1998 and the Caldicott Report are met in that the Trust has an up to date knowledge of the information it holds If any new databases containing patient or staff identifiable information are to be created then the application form in Appendix 2 must be completed prior to development of the database. CO63 Creation Filing and Retention of Electronic Records V4 Page 6 of 21

7 4.12 If the database is to contain patient identifiable information the application will be considered by the Information Governance Manager. If the database should be created based on the risks should the database not be created then the final decision will be made by the Medical Director/ Caldicott Guardian. The Information Governance Manager will inform the requestor of the outcome of the application If the database is to contain staff identifiable information the application will be considered by the Electronic Staff Record (ESR) System Manager in Human Resources. If ESR cannot accommodate the requirement the Caldicott Guardian will decide if the database should be created based on the risks should the database not be created. The Information Governance Manager will inform the requestor of the outcome of the application The Information Governance Manager will retain an electronic inventory of approved and rejected applications At the point of creation of a completely new record that is not listed within the retention periods identified in Appendix 3, the lifecycle of the record must be determined e.g. purpose, storage, retention period. The creator of the record must contact the Records Manager to agree the lifecycle of the record. 5. NAMING CONVENTIONS 5.1 Naming conventions provide a set of rules, which assist the individual end user in allocating a framework for the naming of folders that hold a group of documents 5.2 Naming conventions for record titles should aim to: Give a unique title to each record Give a meaningful title which closely reflects the records contents Express elements of the title in a structured and predictable order Locate the most specific information at the beginning of the title and the most general at the end Give a similarly structured and worded title to records which are linked (e.g. an earlier and a later version) 6. CORPORATE FILING / INDEXING SYSTEMS 6.1 There needs to be some corporate filing structure both in paper and electronic filing systems in place to prevent the loss of records and to facilitate access. This filing system through the use of naming conventions, provide the means by which individual documents are held in meaningful record collections and indicate the sequence of events amongst the documents, establishing a narrative of events CO63 Creation Filing and Retention of Electronic Records V4 Page 7 of 21

8 6.2 A referencing system should be used that meets our business needs, and can be easily understood by staff members that create documents and records. The most common of these is alphanumeric as it allows letters to be allocated for a business activity, for example, HR for Human Resources, followed by a unique number for each record or document created by the HR function. 5.3 Personal names should not be used. Correct naming conventions enable business continuity especially when considering electronic records: GOOD PRACTICE EXAMPLES G Drive / HR / South Division / 1/ Team Meetings / Team Meeting Minutes 2016 February G Drive / Information Governance / Policies and Procedures / CO20Records Management Policy Version 6/ 2016 August. 6. MANAGING AND MAINTAINING ELECTRONIC RECORDS 6.1 Organisation, access and retrieval mechanisms are required to: Prevent time wasted by the user in looking for records or particular content Prevent time or effort wasted in using a non-current version of the record Provide a common corporate view of the information resource Present a record within the context of a narrative of events to which it relates Enable the common management of physically separated records as one group Enable the user to search one common access space using consistent descriptors 7. USE OF METADATA 7.1 The most common definition of metadata is data about data. A more helpful definition is that it is structured information about a resource. For example, the filename and path of this document: G:\TGH\Information Governance\Records Management\ Protocol for Creating & Filing of Electronic Records.doc.. The author and date should also be added e.g. Created by carole.mccarthy 24/08/ Adding a header or footer to any document will enable the next person to find the document in a minimal amount of time and it is easy to do. Click on View on the task bar located at the top of your screen then click on Header and Footer, click on insert auto text and from the drop down menu select filename and path. CO63 Creation Filing and Retention of Electronic Records V4 Page 8 of 21

9 7.3 Metadata makes it easier to manage or find information, be it in the form of web pages, electronic documents, paper files or databases. 8 MANAGING VERSIONS 8.1 To remain an authentic representation of events, once declared a record, a document should not be capable of being changed. 8.2 After a document is stabilised as a record, the ability to edit and make changes to the document should be prevented, as far as is possible within the available technology e.g. approved policies are held in portable document format (pdf) format on the Trust s intranet. 8.3 New and related versions of the record can be created by making and editing a copy, and saving this as a new record; e.g. it may be appropriate to retain various versions of a document as it passes through draft to finalisation. The record-keeping system should be capable of linking together versions of the same record, either automatically by the system or through the use of strict naming conventions, to ensure that the latest version is retrieved by a user search. The user should be aware that earlier versions of the record exist in the system. 8.4 Filing of the primary corporate record should be on the shared network Drive. 8.5 An audit trail should be kept recording significant actions which have been taken on a record, including the date of the action and identification of the individual responsible. Actions taken should include: Any changes which affect the status of the record as a reliable record Any change to the description of the record Copies of the record to create a new version 9 PRESERVING ACCURATE AND ACCESSIBLE ELECTRONIC RECORDS 9.1 Electronic records must be maintained to ensure that the content, context and structure is accessible, comprehensible and managed for as long as record keeping requirements laid out in the Retention Schedules in the Records Management Policy C020. CO63 Creation Filing and Retention of Electronic Records V4 Page 9 of 21

10 10. ELECTRONIC PENNINE CARE CLINICAL DOCUMENTATION The G Drive should not be used as a complete electronic patient record. Although points 3 9 listed above relate to documents that have become records and are therefore have corporate ownership, below is guidance relating to clinical documents which can be typed electronically but which should not become records i.e. should not be kept on the pc for longer than is necessary. New standardised documentation has recently been implemented within Pennine Care NHS Foundation Trust, including the Pennine Assessment Document (PAD), Mental Health Review and Review Summary, Trust Approved Risk Assessment (TARA), care plans and History Sheets (see Appendix 3) Other documents will be available shortly. As part of implementation, electronic copies of these documents have been provided to teams, for the purpose of amending certain aspects of the document, such as font size, field sizes; and for typing into where this is team practice. These electronic documents may be used as long as the following guidelines are adhered to: o When saving electronically Patient Data save onto the shared network drive which is backed up daily and has suitable protection measures for saving patient identifiable information. o Do not save any person identifiable data to the hard drive as this is not secure (see point 3.4) o Do not save any patient information onto the personal network drive even if the individual is on the person s caseload. This is so that other team members can carry on with patient care if the staff member is absent from work. o Do not copy and paste clinical information from one review / care plan etc to another as this can leads to incidents where another clients name is copied and pasted into the wrong document. o The naming convention of the files should be Surname / Forename / Identifier (RT or NHS Number) o If the record is entirely electronic this needs to be retained in line with the Records Management Policy retention schedule. Previous versions would not need to be deleted as they would CO63 Creation Filing and Retention of Electronic Records V4 Page 10 of 21

11 form part of the electronic record as long as version control was fully utilised including the date in the document name and version control sheets updated. (see point 8 above). o If a paper record is being maintained then a copy will need to be printed and retained in the client s records. Standardised Electronic History Sheets o Every page in the health record should include the service user s location, name and identification number and date of birth. Please complete the box provided o Every page should be dated and timed using the 24 hour clock. Please complete the column provided o To ensure uniformity Arial 12 point font should be used. Body text should be left aligned. Fully justified text, capitalisation and underlining should be avoided. o The entry should be written as soon as possible after an event has occurred, providing current information on the care and condition of the service user (if the date and time of the event differs from that of when the records are written up, this should be clearly noted under the signature, printed name and designation) o Once the client contact has been typed up on the relevant document it should be printed off, hole punched and filed in the correct section of the case notes in chronological order. o The entry would need to be signed, and your name and designation printed. o Any gaps within the history sheets should be crossed through o It is not necessary to keep the electronic version. To avoid any alterations or later amendments the electronic history sheet and clinical documentation must be deleted from the shared network drive 11. DIGITAL DICTATION Services that need to produce dictation for transcription currently do this using several methods: analogue (i.e. cassette tapes) digital (standalone devices) networked digital system (Bighand for Healthcare). CO63 Creation Filing and Retention of Electronic Records V4 Page 11 of 21

12 For services that are using Bighand digital dictation system (only accessible for authorised users) all files are stored securely on the Trust's network server until transcription and filing in the service users notes. Dictation is automatically deleted by the system once it's been transcribed/filed. 12. REVIEW 12.1 This procedure will be reviewed every two years (or sooner if new legislation, codes of practice or national standards are to be introduced). CO63 Creation Filing and Retention of Electronic Records V4 Page 12 of 21

13 Appendix 1 PERSONAL DATA REPORT FORM Please complete the following questionnaire for each new collection of data within your department containing personal identifiable information held either on a computer/laptop or manually and return to Jenny Spiers, Information Governance Manager, Pennine Care NHS Trust Headquarters, 225 Old Street, Ashton under Lyne, Lancashire, OL6 7SR. Department Name Address Contact Name Job Title Telephone No. 1. Title of Record 2. Format e.g. paper, electronic 3. Datasets collected (tick all that apply) Name Dob Racial/Ethnic origin Religion GP Health Professional Gender Address Diagnosis Treatment Physical or mental health or condition Financial Next of kin Personal circumstances Location Other (specify) 4. What is the purpose of collecting the data? E.g. statistical analysis, clinical information, research etc. 5. Who provides the information? Patient Staff Other (specify) CO63 Creation Filing and Retention of Electronic Records V4 Page 13 of 21

14 6. Are checks in place to ensure the information is kept up to date? 7. If yes, how will this be achieved? 8. Is the information disclosed internally? If so to whom and why? Yes/no 8a. If yes, to whom is it disclosed? 8b. Why is it disclosed? 9. Is the information disclosed externally? If so, to whom and why? Yes/no 9a. If yes, to whom is it disclosed? 9b. Why is it disclosed? 10. If the information is to be held on computer, where on the computer will it be held? (tick one that applies) Hard drive Network (specify) Other (specify) 11. What are the security arrangements for holding the information? Eg. Locked filing cabinet, keypad access area etc. CO63 Creation Filing and Retention of Electronic Records V4 Page 14 of 21

15 12. Who has access to the information? List all staff groups that apply e.g. admin staff, care workers, social services staff etc. 13. Who manages the information within the department? Name Job title. Contact no Has a retention period been identified for the data? Yes/no 15. If yes, how is this to be implemented? CO63 Creation Filing and Retention of Electronic Records V4 Page 15 of 21

16 Appendix 2 ASSESSMENT QUESTIONNAIRE FOR THE DEVELOPMENT OF SYSTEMS CONTAINING PATIENT/STAFF IDENTIFIABLE INFORMATION For office use only Date questionnaire received Approved / Refused - If refused reason for refusal... Signature of Caldicott Guardian.. Date authorised.. CO63 Creation Filing and Retention of Electronic Records V4 Page 16 of 21

17 1. Please state purpose for the collection of the data e.g., title of audit or research project. 2. Please state timescales for collection of the data. Start Date: End Date: 3. Please list the data items you intend to collect e.g., name, address, date of birth, NHS Number, diagnosis, attendance date etc. 4. Do you intend to store these data on a computerised system? CO63 Creation Filing and Retention of Electronic Records V4 Page 17 of 21

18 Yes No If you answered No please go to question Do you intend to use skills from within your department to develop and support a software application for managing this dataset? Yes No If you answered No to question 5, please go to question 6, otherwise please go to question Have you identified funding from your own budget to commission an external supplier to develop the software application on your behalf? Yes No 7. Please state the benefits (e.g. to the patient/client/clinician) of collecting this dataset. 8. Please state any risks associated with not collecting this dataset. Completed by: CO63 Creation Filing and Retention of Electronic Records V4 Page 18 of 21

19 Name:. Workplace:. Job Title:. Telephone No: Date:.. Return to: Information Governance Manager Pennine Care NHS Trust Headquarters 225 Old Street Ashton under Lyne Lancashire OL6 7SR CO63 Creation Filing and Retention of Electronic Records V4 Page 19 of 21

20 Appendix 3 NHS No: History Sheet RT2 No: Surname: First Names: Sheet No: Date DD/MM/YY Time (24 hr clock) D.O.B: Ward / Dept: Multi - Discliplinary Notes The signature bank must be completed on first entry. Every entry must be timed, signed, name and designation printed CO63 Creation Filing and Retention of Electronic Records V4 Page 20 of 21

21 NHS No: Surname: RT2 No: First Names: Date DD/MM/YY Time (24 hr clock) D.O.B: Ward/Dept: Multi - Disciplinary Notes The signature bank must be completed on first entry. Every entry must be timed, signed, name and designation printed. CO63 Creation Filing and Retention of Electronic Records V4 Page 21 of 21