What NHS staff need to know

Transcription

1 St George s Healthcare NHS NHS Trust Surrey Health Informatics Service Sussex Health Informatics Service Records Management Explained What NHS staff need to know A guide to Records Management

2 Contents Page Overview... 3 Roles and responsibilities... 7 Who monitors Records Management in the NHS... 8 A guide to Records Management... 9 Record creation Record quality Record keeping Record maintenance Scanning Disclosure and transfer of records Retention and disposal arrangements Appraisal of records Record closure Record disposal Further information Glossary RM HSC IG FOIA DPA Records Management Health Service Circular Information Governance Freedom of Information Act Data Protection Act 2

3 Overview Records Management Explained is based on Records Management: NHS Code of Practice that was published in March 2006 by the Department of Health. The RM: NHS Code of Practice is a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice. All NHS records are public records under the Public Records Act 1958 Records Management Explained has been produced as a set of three easy to read booklets conveying the key messages in the Records Management: NHS Code of Practice: What NHS staff need to know NHS Legal and professional obligations NHS Records retention schedule 3

4 Overview The RM: NHS Code of Practice replaces previous guidance HSC 1999/053: For The Record - Managing Records in NHS Trusts and Health Authorities HSC 1998/217: Preservation, Retention and Destruction of GP General Medical Services Records Relating to Patients HSC 1998/153: Using Electronic Patient Records in Hospitals: Legal Requirements and Good Practice The aims of the RM: NHS Code of Practice are to establish an IG framework for records management; to clarify legal obligations that apply to NHS records; to explain the actions required by the Chief Executive and managers to fulfil these obligations; to explain permanent preservation requirements; to set out recommended minimum retention periods for all types NHS records; to provide further information resources. Social Care records are not included in the scope of the RM: NHS Code of Practice but Social Care are encouraged to adopt similar standards of practice 4

5 Overview An NHS record is anything which contains information (in any media) which has been created or gathered as a result of any aspect of the work of NHS employees including consultancy, agency or casual staff. Information may be needed: to support patient care and continuity of care; to support the day-to-day business which underpins the delivery of care; to support evidence-based clinical practice; to support sound administrative and managerial decision making, as part of the knowledge base for NHS services; to meet legal requirements, including requests from patients under subject access provisions of the DPA or the FOIA; to assist clinical and other types of audits; to support improvements in clinical effectiveness through research; to support archival functions by taking account of the historical importance of material and the needs of future research; to support patient choice and control over treatment and services designed around patients. Records are a valuable resource because of the information they contain High quality information underpins the delivery of high quality evidence based healthcare Information has most value when it is - accurate - up to date - accessible when needed 5

6 Overview Types of records covered by the RM: NHS Code of Practice patient health records; - electronic and paper based - all specialties and GP medical records records of private patients treated by NHS; registers; - Accident & Emergency - birth - theatre and minor operations - other administrative records; - personnel - estates - financial and accounting records - complaint-handling notes X-ray and imaging reports; photographs, slides, and other images; microform (i.e. microfiche/microfilm); audio and video tapes, cassettes, CD-ROM etc; s; computerised records; scanned records; text messages (both outgoing from the NHS and incoming responses from the patient). 6

7 Roles and responsibilities Chief Executive The Chief Executive has overall responsibility for records management in the Trust. The Trust has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements. Local Managers The responsibility for local records management is devolved to the relevant directors, directorate managers and department managers for the management of records generated by their activities. Caldicott Guardian The Trust s Caldicott Guardian has a particular responsibility for safeguarding patients interests regarding the use of patient identifiable information. Records Manager/Records Management Steering Group The Trust s Records Manager/Records Management Steering Group is responsible for ensuring that: a RM policy is implemented; a RM system and processes are developed, co-ordinated and monitored. Health Records Manager The Health Records Manager is responsible for the overall development and maintenance of health records management practices throughout the Trust, including: best practice guidance for records management; promoting compliance with policies to ensure the easy, appropriate and timely retrieval of patient information. 7

8 Roles and responsibilities All staff All Trust staff, whether clinical or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they: keep appropriate records of their work in the Trust; manage those records; comply with the RM policy and guidance. Who monitors Records Management in the NHS? Healthcare Commission Audit Commission Department of Health NHS Litigation Authority Health Service Ombudsman Information Commissioner Assessing RM performance as part of the Annual health check Conducting studies into RM and information issues Collecting performance details as part of the Trust s annual IG toolkit submission Undertaking risk assessment surveys as part of the Clinical Negligence Scheme for Trusts Investigating complaints about poor service Investigating alleged breaches of DPA and FOIA 8

9 A guide to Records Management Records management Records management is the process by which an organisation manages all records from creation, all the way through their lifecycle to their eventual disposal. Each NHS organisation should have in place an overall policy statement on how it manages all of its records, including electronic records. The RM policy should be endorsed by the Board and made readily available to all staff at all levels of the organisation, both on induction and through regular update training. The aims of records management are to ensure that: records are available when needed; records can be accessed; records can be interpreted; records can be trusted; records can be maintained through time; records are secure; records are retained and disposed of appropriately; staff are trained; staff are aware of their responsibilities. 9

10 A Guide to Records Management Record creation Record quality Each operational unit (e.g. finance, estates, IT, healthcare) should have a process for documenting its activities, taking into account the legislative and regulatory environment in which it operates; All records should be complete and accurate: - to allow staff to undertake appropriate actions in the context of their responsibilities - to facilitate audit - to protect legal and other rights of the organisation, patients, staff and other people affected - to show proof of validity and authenticity Records should be arranged in a system to provide quick and easy retrieval. All NHS staff should be fully trained in record creation, use and maintenance, including having an understanding of: what they are recording and how it should be recorded; why they are recording it; how to validate information with the patient or carer or other records to ensure they are recording the correct data; how to identify, report and correct errors; the use of the information and record; what records are used for and the importance of timeliness, accuracy and completeness; how to update and add information from other sources. 10

11 A guide to Records Management Record keeping An effective information system to capture, manage and provide access to records through time must be implemented and maintained. The record keeping system (paper or electronic) should be easily understood and include a documented set of rules for recording the: Reference; Title; Index; Protective marking for security and privacy restrictions. Records maintenance The movement and location of records must be controlled to ensure that: - records are easy to retrieve - outstanding issues can be dealt with - there is an auditable trail of record transactions. Storage accommodation for current records should: - be clean and tidy - prevent damage to records - provide a safe area for staff to work in. For records in digital format, maintenance in terms of back-up and planned migration to new platforms should be designed and scheduled to ensure continuing access to readable information. 11

12 A guide to Records Management Records maintenance (continued) Equipment storing current records should: - provide safe and secure storage preventing unauthorised access - meet health, safety and fire regulations - allow appropriate accessibility. A business continuity plan to provide protection for all types of records is vital to the continued functioning of the organisation; Information security staff are likely to give expert advice on: - environmental hazards - assessment of risk - business continuity and other considerations. Scanning NHS organisations may consider the option of scanning paper records into electronic format for business efficiency and to address storage space shortage. Factors to take into account: the cost of the initial, and then later, media conversion to the required standard for the length of the retention period; the archival value may include the format in which the record was created; the need to protect the evidential value by copying and storing the record in accordance with British Standards. To realise the benefits of reduced storage organisations should consider disposing of paper records copied to electronic format and stored according to appropriate standards. 12

13 A guide to Records Management Disclosure and transfer of records There are a range of statutory provisions that limit, prohibit, permit or set conditions for disclosure of records to third parties. The RM Explained: Legal and professional obligations booklet provides the key statutory requirements: Caldicott Guardians or their support staff should be involved in any proposed disclosure of confidential patient information; In GP surgeries, the responsibility for making decisions about disclosure ultimately rests with the GP; Data Protection Officers may advise on subject access requests by members of the public; The transferring of records from one organisation to another should be tailored to the sensitivity of the contents of the record and the media on which they are held. Information Security Officers should advise on appropriate safeguards. Retention and disposal arrangements The RM Explained: NHS Records retention schedule booklet provides detailed guidance on retention periods for a full range of NHS records. It is particularly important under the FOIA that disposal of records is undertaken in accordance with clearly established policies adopted by the organisation and enforced by properly trained and authorised staff. 13

14 A guide to Records Management Appraisal of records Appraisal refers to the process of determining if records are: - worthy of permanent archival preservation - to be retained for a longer period as they are still in use - or destroyed NHS organisations should have procedures to ensure that appropriately trained personnel appraise records at the appropriate time; Refer to RM Explained: NHS Records retention schedule for recommended minimum retention periods for all types of NHS records; The national archives provide advice about records requiring permanent preservation; Organisations must have procedures in place for recording the disposal decisions following appraisal; The method used to destroy confidential records must be fully effective and ensure complete illegibility. Record closure Record closure is making a record inactive and transferring it to secondary storage; Records must be closed as soon as they have ceased to be in active use other than for reference purposes; All closed records (electronic or paper) must be marked closed and display a date of closure on the record itself as well as in the index or database of the files and folders; Information on the intended disposal of electronic records should be included in the metadata when the record is created, where possible; All closed records must be stored in accordance with accepted standards (relating to environment, security and physical organisation of the files). 14

15 A guide to Records Management Record disposal Organisations should have a retention/disposal policy based and linked to the retention schedules contained in the Records Management: NHS Code of Practice. Records selected for archival preservation should be transferred to an archival institution with adequate storage and public access facilities; Records (including copies) not selected for archival preservation and which have reached the end of their administrative life, should be destroyed securely and in a manner appropriate to the protective markings they bear; Non-active records should be transferred no later than 30 years from creation, as required by Public Records Act; The destruction process must provide safeguards against accidental loss or disclosure of the contents of the record; Contractors should sign confidentiality undertakings and produce written certification as proof of destruction; Destruction of confidential material should be in line with the British Standard Code of Practice for secure destruction of confidential material ; A destruction record serves as proof of destruction and must include the date of destruction, reference and description of the record; If a record due for destruction is the subject of a request for information or potential legal action, destruction should be delayed until disclosure has taken place or the legal process completed. 15

16 Further Information Audit Commission Connecting for Health Department of Health Healthcare Commission Health Service Ombudsman Information Commissioner (DPA & FOIA) Institute of Health Record and Information Management (IHRIM) National Archives NHS Litigation Authority Records Management Society of Great Britain This booklet, as part of a set of three, has been produced by Surrey Health Informatics Service and Sussex Health Informatics Service Published March