RECORDS MANAGEMENT POLICY

Transcription

1 RECORDS MANAGEMENT POLICY Document Reference No KIG014 Status Approved Version Number 3.0 Replacing/Superseded Policy or v2.9 Documents Number of Pages 52 (41 pages of appendices) Target Audience/applicable to All individuals carrying out work on behalf of Kent Community Health NHS Foundation Trust, Public. Author Information Governance Assurance Lead Acknowledgements Contact Point for Queries Information Governance Assurance Lead Date of Implementation/distribution October 2015 Circulation Policy dissemination process and on-line, Public Review date November 2017 Copyright Kent Community Health NHS Foundation Trust 2011

2 CONTENTS PAGE 1 EXECUTIVE SUMMARY 1 2 INTRODUCTION 4 3 EQUALITY, DIVERSITY AND INCLUSION 4 4 ROLES AND RESPONSIBILITY 5 5 AIMS OF THE RECORD MANAGEMENT SYSTEM 7 6 RECORD CREATION AND MAINTENANCE 8 7 NHS NUMBER 8 8 INFORMATION SHARING 9 9 STORAGE AND TRANSPORTATION 9 10 APPRAISAL, ARCHIVING AND DISPOSAL 9 11 ELECTRONIC RECORDS SCANNING PAPER RECORDS IMPLEMENTATION INCLUDING TRAINING AND AWARENESS 14 STAKEHOLDER, CARER AND USER INVOLVEMENT MONITORING COMPLIANCE AND EFFECTIVENESS OF THIS POLICY 16 EXCEPTIONS TO THIS POLICY APPENDICES Appendix A Procedure For The Creation, Content And Maintenance Of Records Appendix B Procedure For Clinical Diary Management 18 Appendix C Procedure for Obtaining and Using the NHS Number 19 Appendix D Process for Managing Requests for Access to Records (Subject Access Requests) Appendix E Procedure for information sharing (Caldicott Principles) 23 Appendix F Procedure for Ensuring the Security/Confidentiality of Records 26 Appendix G Procedure for the Transportation of Health and Staff Records 27 Appendix H Procedure for the Appraisal, Retention and Disposal of Records Appendix I Procedure on the Use of s 37 Appendix J Move Management Process 40 Appendix K Checklist for holding data at a non-kchft site 47 Appendix L Standard templates in SBAR format Version 3.0 October 2015

3 1 EXECUTIVE SUMMARY Information is the lifeblood of Kent Community Health Foundation Trust (KCHFT) and without it the organisation cannot function effectively. 1.1 Scope and Purpose of Policy In this policy, Records are defined as recorded information, in any form, created or received and maintained by the trust in the transaction of its business or conduct of affairs and kept as evidence of such activity This policy relates to all health and corporate operational records held in any format by KCHFT. These include: a. all administrative records including databases and s (e.g. personnel, estates, financial and accounting records, notes associated with complaints); and b. all patient health records (for all specialties, including x-ray, audio and video files, imaging reports, registers, diaries, team communication books, etc.) This policy and its appendices is also intended to provide standards against which records management procedures can be audited and monitored to inform risk management and identify areas for improvement Its implementation is part of KCHFT s Information Governance Management Framework, and supports Care Quality Commission Standard 21, MONITOR, Information Governance and NHSLA Risk Management Standards Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of KCHFT and preserving an appropriate historical record. The key components of records management are: a. record creation; b. record maintenance (including tracking of record movements); c. access and disclosure; d. appraisal; e. archiving; and f. disposal The purpose of this policy is to ensure that records management systems and practice throughout KCHFT comply with relevant legislation, professional and Information Governance standards Information is a corporate asset. KCHFT records are important sources of administrative, evidential and historical information. They are vital in supporting its current and future operations (including meeting the requirements of Freedom of Information legislation), for the purpose of accountability and for an awareness and understanding of its history and procedures. 1.2 Risks The process contained within the KCHFT Risk Management Strategy will be followed to manage any risks identified through the implementation of this policy. Risks will be monitored and reviewed through the risk register process. Version 3.0 Page 1 of 52 October 2015

4 1.3 Governance Arrangements Governance or Function Group responsible for developing Information Governance Assurance Group (IGAG) document Information Governance Assurance Group, Records Management Scrutiny Group, Corporate Assurance and Risk Circulation group Management Committee, Information Governance team, Clinical Service leads, nominated service records managers and all staff through Staffzone Policies Have your say Authorised/Ratified by Information Governance Assurance Group Authorised/Ratified On 6 February 2014 Review Date October 2017 This document will be reviewed prior to review date if a Review criteria legislative change or other event otherwise dictates. 1.4 Key References A guide to confidentiality in health and social care: references: Treating confidential information with respect Access to Health Records Act 1990 BS ISO / IEC 27001: 2005 Information Security Management Care Quality Commission Standards for Better Health Outcomes 6 and 21 Common Law Duty of Confidentiality Computer Misuse Act 1990 Data Protection Act 1998 Department of Health Caldicott Manual: NHS Code of Practice Department of Health Confidentiality: NHS Code of Practice 2003 Department of Health Information Security Management: NHS Code of Practice 2007 Department of Health Records Management: NHS Code of Practice 2006 Freedom of Information Act 2000 Health and Social Care Act 2012 HSCIC Information Governance Toolkit Human Rights Act 1998 ICO website for codes of practice Information: To Share Or Not To Share? The Information Governance Review Kent Police and Kent Health Sector Bodies: Joint Working Agreement NHS Care Record Guarantee 2011 NHS Constitution 2013 NHS Information Governance: Guidance on Legal and Professional Obligations (DH 2007) Public Records Act 1958 Regulation of Investigatory Powers Act 2000 Report on the Review of Patient Identifiable Information (Caldicott Committee 1997) SBAR Communications Tool Related Policies/Procedures Title Being Open Policy and Procedure Confidentiality and Data Protection Policy Confidentiality Code of Conduct Data Quality Policy Freedom of Information Act Policy Reference IML004 KIG002 KCRM005 RM008 KIG017 Version 3.0 Page 2 of 52 October 2015

5 Incident Reporting, Management and Learning Policy Information Risk Policy Information Security Policy Network Security Policy NHS Number Use Policy Registration Authority Policy Secondary Use Policy Transfer of Care Policy CQS016 KIG011 KIG009 KIG010 KIG012 KIG014 KIT003 KIG018 QC Document Tracking Sheet Policy & Procedure Drafting Arrangements Version Status Date Approved by Comments / summary of changes 0.1 Draft 29/07/11 IG Team 0.2 Draft 03/10/11 Risk Manager 0.3 Draft 24/10/11 Caldicott Guardian 0.4 Draft 09/11/11 IG Team 2.0 Ratified 07/08/12 CARM 2.1 Draft 24/10/12 All staff consultation 2.2 Draft 16/11/12 IGAG 2.3 Final 17/01/13 Ratification by Board 2.4 Final 03/04/13 Legal Services 2.5 Final 27/06/13 IGAG 2.6 Final 14/02/14 IGAG 2.7 Approved 04/04/14 IGAG 2.8 Approved 02/12/14 IGAG 2.9 Approved 30/04/15 IGAG 3.0 Approved 08/10/15 IGAG Format changes & inclusion of further procedures Changes to meet NHSLA requirements Inclusion of further information re SIRO Inclusion of further information relating to CQC requirements Additional guidance for staff seconded to multi-agency teams. Additional guidance with regard to photographs and identifying patient Incorporated NHS Number Policy, clarified the aims and deleted duplicate guidance Format/minor changes from consultation Safeguarding reference page 14. Changes to ensure NHSLA requirements are met Information redacted to allow publication on the public website. Changes to archiving flowcharts Move Manager Process added Checklist for records held at non-kchft sites Updated tracer card order code Updated Caldicott principles, added section 3, referenced Transfer of Care Policy & other minor changes SBAR communications tool for safe handover of patient care and updated References/Related Policies Trust logo updated and updated revised move management process Record consent to share information Revised archiving flowcharts Revised move management process Revised clinical diary procedure Version 3.0 Page 3 of 52 October 2015

6 2 INTRODUCTION 2.1 All NHS records are public records under the terms of the Public Records Act Each member of staff is responsible for the records they create or use. 2.2 Records Management is the process by which a trust manages all aspects of records whether internally or externally generated in any format or media type, from their creation to their eventual disposal. 2.3 Proper management of records is fundamental to the business of the organisation. KCHFT records are its corporate memory, providing evidence of actions and supporting decision making whilst supporting its daily functions and operation. Records support consistency, continuity, efficiency and productivity. The organisational benefits of sound records management are: a. control and availability of valuable information assets b. good utilisation of storage and server space c. compliance with legislation and standards d. efficient use of staff time e. reduced costs 2.4 Records and the information they contain are vital to the satisfactory treatment and care of patients. Sound records management and good record-keeping support: a. the day to day business that underpins delivery of healthcare b. clinical effectiveness and evidence based clinical practice c. continuity of healthcare provision d. effective and timely communication of care needs e. decision making f. legal requirements g. monitoring and audit 2.5 KCHFT has a responsibility to ensure that the healthcare each patient receives is recorded appropriately and that records are processed responsibly to support high quality care. There are professional standards for health record-keeping which are part of requirements for professional registration. For further information refer to Appendix A - Procedure for Creation, Content and Maintenance of Records. 3 EQUALITY, DIVERSITY AND INCLUSION 3.1 Communication and the provision of information are essential tools of good quality care. All patients, carers and staff should be given full assistance to ensure understanding. This assistance will take many forms and media. These principles should be enshrined in all formal documents. 3.2 Kent Community Health Foundation Trust is committed to ensuring that patients whose first language is not English receive the information they need and are able to communicate appropriately with healthcare staff. It is not appropriate to use children under the age of 16 to interpret for family members who do not speak English. There is an interpreter service available and staff should be aware of how to access this service. 3.3 The privacy and dignity rights of patients must be observed whilst enforcing any care standards e.g. providing same sex carers for those who request it. (Refer to Privacy and Dignity Policy). 3.4 All forms of communication (e.g. sign language, visual aids or other means) which ensures the patient understands should be considered. Publications in different languages or different formats can be produced through the Communications and Engagement Team and a translation service should be made available where required. Version 3.0 Page 4 of 52 October 2015

7 3.5 Staff must be aware of personal responsibilities under Equality legislation, given that there is a corporate and individual responsibility to comply with Equality legislation. This also applies to contractors when engaged by the Trust, for NHS business. 3.6 Kent Community Health NHS Foundation Trust is committed to promoting and championing a culture of diversity, fairness and equality for all our employees, potential employees, service users, as well as members of the public. 3.7 Understanding of how policy decisions and services can impact on protected groups under the Equality Act 2010 is key to ensuring quality and productive environments for patient care and also the workforce. Protected groups' are: Race Disability Sex Religion or belief Sexual orientation (being lesbian, gay, bisexual or any ) Age Gender Re-assignment Pregnancy and maternity Marriage and civil partnership 3.8 All forms of communication (e.g. sign language, visual aids, interpreting and translation or other means) which ensures the patient understands should be considered. (See the Big Word pages for help) The privacy and dignity (human rights) of patients must be considered alongside any care standards and identify the fundamental links between good health care and equality The Equality Analysis for this policy is located on the public website: 4 ROLES AND RESPONSIBILITY 4.1 Chief Executive The Chief Executive has overall responsibility for records management in KCHFT. As accountable officer he/she is responsible for the management of KCHFT and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is readily available as required. 4.2 Information Governance Department KCHFT has responsibility for ensuring that it meets its legal and corporate responsibilities, and internal and external governance requirements, including the secure transfer of personal confidential data. The Information Governance Department will be responsible for the records management function, assured within the Integrated Governance framework. The Department will report records management and governance arrangements via the Information Governance Assurance Group to the Corporate Assurance and Risk Management Group. 4.3 Caldicott Guardian The Caldicott Guardian is responsible for reflecting patients interests regarding the use of personal confidential data. They are responsible for ensuring personal confidential data is shared in an appropriate manner. Version 3.0 Page 5 of 52 October 2015

8 4.4 Senior Information Risk Owner The Senior Information Risk Owner (SIRO) will ensure that the organisation s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff. The SIRO will provide a focal point for the resolution and/or discussion of information risk issues and ensure the Board is adequately briefed on information risk issues. 4.5 Directorate and Department Managers Directorate and departmental managers have overall responsibility for records generated by their activities and are responsible for ensuring that their staff receive training, are aware of the requirements of this policy and apply the correct procedures and controls. Managers will also be responsible for ensuring the implementation of any agreed audit action plans. 4.6 Team Records Leads Members of staff within services identified as Records Leads will be responsible for promoting the principles within this Policy and its procedures amongst colleagues across KCHFT. 4.7 Staff members Each member of staff has individual responsibility for managing the records they create and handle in accordance with this policy and keeping appropriate records of their work. Registered professionals are responsible for complying with their relevant codes and standards of professional practice for record-keeping and for supervision of unqualified members of the team making entries in health records. Record keeping and records management responsibilities will be included in staff job descriptions. Staff must attend any records management training appropriate to their role detailed in KCHFT s training needs analysis. Health records must be complete and accurate and healthcare staff must adhere to the record keeping standards in Appendix A 4.8 Information Governance Assurance Group The Information Governance Assurance Group (IGAG) is responsible for ensuring that KCHFT achieves compliance with the Standards in the Information Governance Toolkit as defined by Connecting for Health and any other standards or assessments. 4.9 Clinical Audit Group The Clinical Audit Group is responsible for the co-ordination and management of clinical audit within KCHFT. The group will oversee an annual audit of record keeping standards Learning and Development Department The Department will commission and provide record keeping training as defined in the organisation training needs analysis and notify managers of staff who fail to attend mandatory training or any other event Transformation Team The Transformation team are responsible for the role out of the SBAR (Situation, Background, Assessment and Recommendation) Tool across all clinical services within the organisation to embed a culture of safe transfer of patient care. They are also responsible Version 3.0 Page 6 of 52 October 2015

9 for ensuring standard templates for communicating patient information are available on the shared intranet (Staffzone) and within the community information system (see appendix L) Legal and Professional Responsibilities KCHFT will take actions as necessary to comply with the legal and professional obligations set out in the Record Management Code of Practice All NHS records, and those of NHS predecessor bodies, are public records under the terms of the Public Records Act The Act sets out broad responsibilities for everyone who works with such records, and provides guidance and supervision by the Keeper of Public Records The Freedom of Information Act 2000 applies to all public records. Requests for information must be met within 20 days of the receipt of a request. Personal confidential data is exempt from disclosure under Freedom of Information (FoI). For further information refer to the organisations Freedom of Information Policy The Data Protection Act 1998 applies to both computerised and paper records. It requires that records should be kept no longer than necessary for the purpose of the business of KCHFT. It also gives data subjects the right to see or receive a copy of their own information within 40 days of receipt of a request (reduced by Department of Health guidance to 21 days for NHS records) and for factual errors in that information to be corrected. Any requests for access to information must be directed to Legal Services at Trinity House. For further information please refer to the trusts Data Protection and Confidentiality Policy The Common Law Duty of Confidentiality requires that unless there is a statutory requirement to use information that has been provided in confidence, it should only be used for purposes that the subject has been informed about and consented to. The duty is not absolute but should only be overridden if the holder of the information can justify disclosure as being in the public interest i.e. to protect others from harm The Access to Health Records Act 1990 gives the legal representative or anyone having a claim resulting from the death of a deceased person the right to apply to see that person s health records and stipulates the time within which records must be available KCHFT will address any new legislation affecting records management as it arises Any member of staff in breach of records management contained within this policy, or other Information Governance policies supporting it, may be subject to KCHFT disciplinary procedure and dismissed from employment if deemed necessary Advice Standards and Guidance from the various professional bodies/organisations should be read in conjunction with this policy e.g. Nursing & Midwifery Council; General Medical Council; Health Professions Council; Chartered Society of Physiotherapists It is the duty of all staff to record and report any incidents or near misses involving records or data using the KCHFT Incident Reporting procedures. 5 AIMS OF THE RECORD MANAGEMENT SYSTEM The aims of KCHFT records management system are to ensure: 5.1 Accountability Records are adequate to account fully and transparently for all actions and decisions, in particular to: a. protect legal and other rights of staff or those affected by those actions; b. facilitate audit or examination; Version 3.0 Page 7 of 52 October 2015

10 c. provide credible and authoritative evidence 5.2 Availability KCHFT is able to service its business needs and comply with legislative requirements. 5.3 Accessibility Those with a legitimate right can access records, and the information within them is located and displayed in a way consistent with its initial use, and the current version is identified where multiple versions exist. 5.4 Interpretation the context of the record can be interpreted i.e. identification of staff who created or added to the record and when, during which business process, and how the record is related to other records. 5.5 Quality Records are complete and accurate and reliably represent the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated. The SBAR tool and standard documentation should be used by all clinical staff for the safe handover of patient care. 5.6 Maintenance through time so that the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format. For records in digital format, maintenance in terms of back-up and planned migration to new platforms must be designed and scheduled to ensure continuing access to readable information. 5.7 Security from unauthorised or inadvertent alteration or erasure, access and disclosure are properly controlled and there are audit trails to track all use and changes in order to ensure that records are held in a robust format which remains readable for as long as records are required. 5.8 Retention and disposal using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservations of records with archival value. 5.9 Performance measurement the application of records management procedures are regularly monitored against agreed indicators and action taken to improve standards as necessary Staff training all staff are made aware of their responsibilities for records management. 6 RECORD CREATION AND MAINTENANCE 6.1 Records created by KCHFT should be arranged in a record-keeping system that will enable quick and easy retrieval of information to support the business of the organisation, ensure informed care of patients and in order to respond to requests for information under the Freedom of Information Act, Data Protection Act, Access to Health Records Act and Environmental Information Regulations. 6.2 High quality information underpins the delivery of high quality evidence based healthcare. Health records must therefore be complete and accurate and healthcare staff must adhere to the record keeping standards in Appendix A. 6.3 Further guidance can be found in Appendix A - Procedure for Creation, Content and Maintenance of Records and Appendix B - Procedure for Clinical Diary Management. 7 NHS NUMBER Version 3.0 Page 8 of 52 October 2015

11 7.1 The NHS Number is the only national unique patient identifier used to help healthcare staff and service providers match the patient to their healthcare records. Almost everyone registered with the NHS in England and Wales has their own unique NHS Number. 7.2 The NHS Number should be used as the prime identifier for all KCHFT patients. It should be included on electronic records, wristbands, notes, forms, letters, documents, reports and onward referrals which include personal confidential data and are used for that person's care. Sexual Health is an exception since the data is kept separate from other healthcare information. 7.3 The NHS Number should be captured at the earliest point that a patient presents to a KCHFT service; as soon as possible after first contact and before or at the start of an episode of care. Where the NHS Number is not available then tracing should be performed as early as possible in the episode either at point of contact or as a back-office process. The Personal Demographics Service (PDS) or Demographics Batch Services (DBS) should be used to trace NHS Numbers. 7.4 Further guidance can be found in Appendix C - Procedure for Obtaining and Using the NHS Number 8 INFORMATION SHARING 8.1 KCHFT will take all necessary steps to ensure the security of its records. Appropriate physical security measures will be put in place to control access to work areas where records are stored. In areas where health and corporate records are stored, such as wards, departments, clinics and offices, there must be security procedures and working practices in place to safeguard the records (i.e. Offices should be locked when unoccupied). 8.2 Whilst health records and/or staff records are in use, the person using them is responsible for maintaining the security of the record whilst it remains in their custody. 8.3 Further guidance can be found in Appendix D process for managing requests for access to records (subject access requests) and Appendix E procedure for information sharing (Caldicott principles). 9 STORAGE AND TRANSPORTATION 9.1 For legal and practical reasons records must be stored and transported securely. Paper records must be stored and handled securely to maintain confidentiality and integrity. 9.2 Physical storage must also conform to Fire and Health and Safety regulations to protect staff and maintain records in good condition. 9.3 The security of electronic records must also be assured through robust procedures. 9.4 Further guidance can be found in Appendix F - Procedure for ensuring the security/confidentiality of records and Appendix G - procedure for the transportation of health and staff records. 10 APPRAISAL, ARCHIVING AND DISPOSAL 10.1 All records will be reviewed, archived and destroyed in accordance with Appendix H Procedure for appraisal, retention and disposal of records Archived manual records must be stored in appropriate filing systems and kept clean, dry and free from contaminants, they should be stored so they are easily accessible, in an order to facilitate retrieval and must comply with current security and health and safety requirements. Version 3.0 Page 9 of 52 October 2015

12 10.3 Records which have reached their minimum retention period and have not been selected for permanent preservation or transfer to secondary storage should be destroyed in a secure and confidential manner; normally this will involve shredding, pulping, or incineration. If a record due for destruction is known to be the subject of a request for information, or potential legal action, destruction should be delayed until disclosure has taken place. 11 ELECTRONIC RECORDS 11.1 KCHFT will consider electronic records management systems to improve the efficiency and accessibility of its records The principles within this policy apply equally to the lifecycle of an electronic record. However, the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format. It is, therefore, crucial that the format of any electronic record is considered in any new record management system to ensure the accessibility of it for as long as it s required There are essentially two types of electronic records: a. those that are created electronically e.g. reports, spreadsheet and s b. those that are copied or scanned from paper format 11.4 Documents (or data files) may also be created by an electronic records management system (ERMS) itself, by its users or may be imported into it KCHFT must have a documented and approved operating procedure manual for each ERMS it uses. This manual will provide the evidence that the processes for ensuring authentic documents are robust. If an electronic document is ever challenged this manual will demonstrate that the processes are precise, secure and approved. 12 SCANNING PAPER RECORDS 12.1 The need to reduce costs across KCHFT has seen a move in some teams to consider scanning paper records to both free up valuable storage space and reduce the cost of archiving paper records for years. Before a decision is made to scan records into an electronic medium and destroy the originals, consideration must be given to: a. the costs of the initial set up, ongoing scanning and then any later media conversion, bearing in mind the relevant retention period for the record; b. the need to protect the evidential value of the record by copying and storing the record in accordance with British Standard Code of Practice for Legal Admissibility and evidential weight of information stored electronically (BIP0008); and c. whether the records are of any archival value and there needs to be consultation prior to destruction In the event that scanning is discussed within your Service, please contact the Information Governance team for details of scanning service options. Advice should also be sought from the Head of IT. All contact details can be found on StaffZone. 13 IMPLEMENTATION INCLUDING TRAINING AND AWARENESS 13.1 KCHFT will ensure all staff receive regular mandatory Information Governance training. This will cover awareness and personal responsibilities for Information Governance, Data Protection, Confidentiality, Information Security, Freedom of Information, Data Quality and Records Management. Staff will be made aware of all Information Governance policies via their annual mandatory training. Version 3.0 Page 10 of 52 October 2015

13 13.2 All health staff will attend mandatory health record-keeping training as defined in the organisation s Training Needs Analysis Further training needs will be identified through the appraisal process The Information Governance department will ensure that all staff are informed promptly about changes to records management policy and procedures Records of training will be kept by the Learning and Development Department The Transformation team will be responsible for the roll out of the SBAR communications tool and ensure this is incorporated into the record keeping training. 14 STAKEHOLDER, CARER AND USER INVOLVEMENT 14.1 Consultation with the following groups has been undertaken: Information Governance Assurance Group Records Management Scrutiny Group Corporate Assurance and Risk Management Committee Information Governance team Clinical Service leads Staffzone Policies Have your say 15 MONITORING COMPLIANCE AND EFFECTIVENESS OF THIS POLICY What will be monitored? How will it be monitored? Who will monitor? Frequency Creation and Maintenance (including Health Record Keeping Standards) Storage and Transportation of records Health Record Keeping Documentation Audit Corporate Record Audit IG Audits and Site visits Clinical Audit Dept Clinical Audit Group IG Team IGAG IG Team IGAG Annual Annual Quarterly Appraisal, Archiving and Disposal of records Staff awareness and personal responsibilities Records Management incidents IG Audits and Central Archiving Service Training statistics Incident and trend reports IG Team IGAG Learning & Development Governance Group Information Governance Assurance Group Quarterly Monthly Quarterly 16 EXCEPTIONS TO THIS POLICY None Version 3.0 Page 11 of 52 October 2015

14 APPENDIX A - Procedure For The Creation, Content And Maintenance Of Records Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 Nov 12 IG Assurance lead Ratified Simplified What you need to do section The Department of Health (DOH) recommends that records are arranged, created and maintained in a system that will enable the organisation to benefit from the quick and easy retrieval of information. The record keeping system should include a documented set of rules for referencing, titling, indexing and, if appropriate, the protective marking of records. These should be easily understood to enable the efficient retrieval of accurate information when it is needed. The DOH also recommends that health records should be complete and accurate. Records are a valuable resource because of the information they contain. High quality information underpins the delivery of high quality evidence based healthcare. (Records management NHS Code of Practice) Health records must be indexed using a file referencing system that can be easily understood by staff members with an individual unique identifier e.g. alpha/numeric/alphanumeric so that the patient/client can be identified and their records can be easily retrieved. What you need to do for both HEALTH records and CORPORATE records: 1. Give each record a unique name that reflects the record s contents. 2. Use naming convention standards that can be easily understood by staff members. 3. Use a file referencing system that can be easily understood by staff members. The most common of these is alphanumeric, as it allows letters to be allocated for a business activity, e.g. HR for Human Resources followed by a unique number for each electronic record or document created by the HR function. 4. Group and file records in a logical structure to enable the quick and efficient filing and retrieval of information. 5. Employ version control whereby any changes to a document are logged. This must consist of a version number, author and date. Those coming after you can see what has been done and any decisions made can be justified or reconsidered at a later date. 6. Clearly mark paper confidential records and those containing personal confidential data as private and confidential. Confidential electronic records must be password protected. Electronic records must be stored on the shared network drive or relevant clinical system and not on personal drives (H drive) or desktops - this ensures that routine security, disaster recovery and business continuity measures are in place to safeguard the information. The approach also promotes a culture of sharing information as an organisational resource and reduces the proliferation of duplicate copies of documents. The personal drive should be used for information which should not be shared on the directorate shared drive (such as information relating to individual personnel issues). For further guidance please contact the Head of IT, contact details can be found on StaffZone. The organisation s intranet site will become the repository of all documents that are available to the public under the Freedom of Information Act, (subject to the exemptions in the Act) to maintain organisational transparency and to avoid unnecessary formal requests. Version 3.0 Page 12 of 52 October 2015

15 What you need to do for HEALTH records 1. Ensure that any previous records for the person/patient are retrieved (including retrievals from archive see Appendix H) and that any new interaction is linked with any previous records that exist this must only be done when the service is able to reliably identify the person/patient. 2. Every provider service must have a standard Order of filing which provides clear instructions regarding the structure of its health records. 3. The Order of filing must be held in every health record. It may also be printed on the inside of the record itself or on any dividers. 4. The documents within the health record must be ordered in such a way that the relevant information is readily accessible for health staff, and follows a logical health order / chronology. 5. Each component of the health record, e.g. contact details (including NHS Number), records of treatment, correspondence, test results, reports, or other types of documentation relevant to that service/patient, must be kept in individual sections and the documents filed in date order within those sections. 6. Labelled dividers must be used for each component. If the divider is labelled with a code, e.g. colour, alphabetical or numerical, then the code and the component to which it relates must be set out in the Order of Filing. 7. All documents within the health record must be securely fastened, to avoid loss, damage or destruction. 8. Staples should not be used to secure the health record but may be used, for example, to secure two pages of a letter or other document. If holes need to be punched they should be uniformly positioned and care taken to ensure that no information is destroyed. 9. Plastic wallets (sleeves) must not be placed or used within the health record to hold information. All information must be securely fixed. Only identification labels may be contained within the plastic wallet at the back of the health record. Information relating to others acting on behalf of service users should be noted if provided. 10. Any personal confidential data held on other media must be labelled correctly and held securely within the record. 11. Any investigations which have been produced by machines and are in the format of long paper strip recordings e.g. ECG reports should be stored in an A5 manila envelope, with the service user s name and NHS number clearly recorded on the front of the envelope. It should then be hole punched and filed securely in the health record. 12. Filing service user documents incorrectly potentially creates a clinical risk. It is therefore vital that all staff take particular care in ensuring the order of filing is adhered to. 13. If a Health Record is damaged whilst in use, the cover must be repaired or replaced as soon as possible. 14. Where more than one service or professional is involved in a service user s care and they do not have immediate access to the Health Record due to distance between locations, a temporary record must be made and collated with the patient s health record as soon as possible. 15. Temporary records must only be used as a last resort and in consultation with the appropriate clinicians. 16. Temporary Records must only be used until the service user s Health Records have been retrieved, or a set is issued for a newly registered patient, at which point they must be amalgamated. Version 3.0 Page 13 of 52 October 2015

16 17. Temporary Records must be clearly identifiable as such and only used for this purpose, otherwise there is a danger of information and clinical details becoming misplaced or lost. 18. When amalgamating the contents of the Temporary Folders, it must be ensured the correct set of permanent Health Records has been obtained. All the personal details of the service user must correspond, e.g. name, date of birth, address, GP and NHS Number. 19. Amalgamation of Health Records can be particularly problematic where they may be more than one service user with the same name; for example, with service users from ethnic groups with complex family name structures, careful checking is needed in such instances. 20. Where sets of Health Records become too large, these must be separated into numbered volumes and marked appropriately on the front of the files, e.g. Volume I, Volume II etc. 21. Only those items from the most recent service user episode and any ongoing concerns must be retained in the current health record. 22. A supply of tracer cards must be available to all teams transporting paper health or staff records (this does not apply to services that use PAS for tracking the movement of paper health records). Cards can be ordered via: Agresso code WRU Health Record Keeping Standards Standard: a. All entries must be: i. legible ii. iii. iv. written in black ink signed and initialled (the use of rubber stamps is not acceptable) dated v. timed b. All entries must be written consecutively. c. All entries must be written in a way that text cannot be added, altered or erased (i.e. no blank lines between entries. d. All entries must be written contemporaneously. e. All known allergies must be recorded. f. All paperwork must be filed in chronological order and securely attached within the record. g. Only abbreviations on the approved service lists should be used. All other text must be written in full or qualified immediately within the text. h. Records must include next of kin details (NMC standard). N.B Where service users are seen in an out patient setting, Minor Injury Unit (MIU) or Walk In Centre this may be excluded, if appropriate. i. Records must include service user address and contact details as well as emergency contact details. Information relating to others acting on behalf of service users should be noted if provided. j. All page headings should include the service user s full name (surname and first name) and date of birth, NHS number and unique identifier. k. All new sheets should include the service user s full name and date of birth, unique identifier and NHS number. l. A service user s equality monitoring data should be collected at the first contact. m. All entries must be signed and the author s name printed. Version 3.0 Page 14 of 52 October 2015

17 n. All signatures must be traceable through a signature sheet or with a printed name. o. A signature register of all healthcare professionals who make entries in health records must be available in each team. p. All mistakes should be crossed through with a single line and initialled by the author (No correction fluid should be used in any records). q. Records should not contain any comments which could be interpreted as derogatory they should only contain clear, factual and accurate information which maintains the dignity and confidentiality of people using the service. r. All healthcare records must be marked Private and Confidential. s. All entries made by unregistered staff (unless deemed competent to make entries) must be countersigned and dated by registered staff. t. Any health notes contained in a diary/message book must be transferred to the service user s health record as soon as possible this includes verbal communications. u. Patients must be made aware that the information they give may be recorded and shared in order to provide them with care and may be used to support clinical audit and other work to monitor the quality of care provided. Dissent must also be recorded. Please see the Being Open Policy and Procedure which can be found on Staffzone, and the Procedure for obtaining consent to share information Appendix B to the Data Protection and Confidentiality Policy. Integration Patients/Professional Partnership Standard: a. All history sheets/admission/initial contact/information and assessments must be completed. b. All problems/risk assessments must be identified and interventions planned. c. All care/treatment options should be discussed with the service user (if appropriate) and documented in the service user s records. d. All re-assessments and changes in care/treatment must be documented. e. Care/treatment plans should give a clear picture of the care/treatment that will be given to the service user. f. Service users must be actively involved in continuously negotiating and influencing their care. g. Carers must be involved at the request of the service user or if the service user is unable to communicate/participate in planning and negotiating their own care. h. Service users must consent to treatment/care and this must be documented in the notes. i. If there are concerns about a person s capacity to consent, a capacity assessment must be completed. j. Details of advance decision(s) must be clearly visible in the service user record. k. At every third visit by a healthcare assistant (HCA) who is providing care to a patient documentation should include confirmation of a joint visit with a registered nurse. l. Copies of letters, referrals and other correspondence sent to or received from the service user, carer or other professionals involved in the service user s care must be contained within the record (excluding correspondence regarding complaints). Version 3.0 Page 15 of 52 October 2015

18 High Quality evidence based practice Standard: a. Service users care must follow evidence based guidance or supporting documents describing best practice. b. Evidence guidance such as NICE; clinical policies/procedures etc must be available in the department. c. Staff must have access to the latest information i.e. journals, Internet access, intranet access, research and developmental information, resource information. d. Staff must be up-to-date with the latest practices. Integration of Records across professional and organisational boundaries Standard: a. Service users must have a structured multi-professional record which supports integrated care, where applicable. b. All professionals involved in the patient / service user s care are identified in the records, where applicable. c. Where an integrated patient / service user record cannot be created, each organisation must keep their records separately and strict confidentiality and information security measures must apply. If there are any queries please contact a member of the IG team on [email protected]. d. Where care is transferred to another team it is clearly documented and contact details available if required in the future. Patient / home held notes Before leaving KCHFT notes in patient homes, patients must be assessed as competent, and made aware that the notes must be kept securely. The following wording can be explained to the patient, and a copy of this wording should be held prominently in the patient notes so that they are aware of the responsibility of keeping them safely: Kent Community Health NHS Foundation Trust will be leaving this set of notes in your home so that our nursing staff can treat you efficiently and safely. Having these notes available means that all our staff will have the information that they need to treat you. These notes are the responsibility of the Kent Community Health NHS Foundation Trust and we ask that you keep these safe whilst they are in your home. These records are to be returned to our nursing staff when your treatment finishes. Our nurses will normally take them out of your home on their last visit, or may arrange with you to come and pick them up at a later date. Alternatively, please send them to Kent Community Health NHS Foundation Trust at the address below: Kent Community Health NHS Foundation Trust Trinity House Version 3.0 Page 16 of 52 October 2015

19 Upper Pemberton Eureka Business Park Ashford, Kent TN25 4AZ Safeguarding vulnerable children, young people and adults KCHFT s Safeguarding Strategy sets out how all staff will proactively safeguard vulnerable children, young people and adults by effective identification, assessment, holistic care planning and multi agency working/information sharing. Maintaining accurate, contemporaneous records and other information, in line with organisational policy is key to effective safeguarding decisions. All staff in the organisation have access to the Kent and Medway Safeguarding Children/Vulnerable Adults multi-agency procedures. In addition to this, internal supporting procedures, protocols and policies relating to safeguarding children/vulnerable adults are in place and updated in line with national guidance. Attention must be paid to the guidelines relating to the management and follow up of attendances for children and young people at A&E departments. Recordings and Still Pictures Photographs (where the photograph refers to a particular service user it should be treated as part of the health record) NB In the context of the Code of Practice a photograph is a print taken with a camera and retained in the patient record. Photographs should be identified with the patient by way of a paper strip held next to the wound or area that is being photographed. The paper strip should include: The patients NHS number (or if not available the patients name and date of birth) The date that the photograph was taken Cameras cannot be encrypted so if the patients name and date of birth are used instead of the NHS number then staff must be aware of the increased risk of unauthorised access if the camera is mislaid before the images are uploaded to the organisational secure network. Therefore, all KCHFT equipment must be transported in a secure container. If KCHFT equipment is being transported by car, it must only be transported in the boot of the car. Video records/voice recordings relating to patient care/video records/videoconferencing records related to patient care/dvd records related to patient care Wherever possible still pictures and recordings voice and/or DVD should be stored alongside the health record of the service user and archived with the paper record thus ensuring a complete record. If it is impracticable to store recordings and still pictures with the paper records they must be stored in appropriate storage areas and an inventory of those records must be made. The existence of these records must be referenced in the paper records. Version 3.0 Page 17 of 52 October 2015

20 APPENDIX B - PROCEDURE FOR CLINICAL DIARY (PAPER OR ELECTRONIC) AND PRINTED CASELOAD TOOL MANAGEMENT Document Control Version Date Author Status Comment 1.0 Nov 12 IG Assurance Lead Ratified 2.0 Nov 15 IG Compliance Manager Ratified What you need to do: 1. All patient or service user related data is kept safe and secure at all times at the office and in transit. 2. With immediate effect, patient or service user data labels (which include patient s name, address, date of birth, NHS number and GP details) are not to be used in paper clinical diaries 3. Only patient or service user s name and address should be recorded in the paper or online diary or on the printed caseload tool. Clinicians need to consider the minimum amount of information to be recorded which allows for continuity of service delivery. For instance, if the service user file is with the member of staff, there is no need to record the name and address in the diary. 4. Key Code numbers should be recorded in a paper or online diary in a way that cannot be related in any way to an address. 5. The paper clinical diary or printed caseload tool must include the words Private and confidential with a return address for the team s work base. This should be placed on the front of the diary and the information is also written on the inside of the diary. 6. All staff have undertaken the mandatory annual Information Governance training. 7. All staff will remind themselves of the contents of the Code of Confidentiality and ensure a signed copy of the back page has been returned to their team lead, for inclusion in their personal file. 8. When transporting personal confidential data, ensure it is kept securely i.e. in a secure bag. In certain circumstances it can be locked in the boot of a car, but never overnight. Under no circumstances leave on the front/back seats or in view to others. 9. Under no circumstances should confidential/personal confidential data be left in a car overnight. For further information see Appendix G. The Procedure for the Transportation of Health and Staff Records. 10. Expired paper diaries must be held securely for 2 years after end of year to which the diary relates, after which they must be disposed of according to the Procedure for Retention, Appraisal and Disposal of Records. Healthcare information should be transferred to the patient record. Any notes made in the diary as an `aide memoire` must also be transferred to the patient record as soon as possible. 11. Remember that all staff diaries are the property of the Trust and are not personal. Version 3.0 Page 18 of 52 October 2015

21 APPENDIX C - PROCEDURE FOR OBTAINING AND USING THE NHS NUMBER Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 Nov 12 IG Assurance Lead Ratified Combined two NHS Number procedures into one Introduced in 1996, the NHS number is a unique 10 character number assigned to help healthcare staff and service providers match the patient to their healthcare records. Almost everyone registered with the NHS in England and Wales has their own unique NHS Number. The Department of Health recommends that use of the NHS number will allow linkage of patient records across systems and organisations. It is envisaged that record linkage will improve effectiveness and efficiency of health care to patients. Use of the NHS number also supports the concept of a lifelong record. (Records Management: NHS Code of Practice). Sexual Health is an exception since the data is kept separate from other healthcare information. What you need to do 1. The NHS Number should be used as the prime identifier for all KCHFT patients. 2. The NHS Number should be captured at the earliest point that a patient presents to a KCHFT service; as soon as possible after first contact and before or at the start of an episode of care. 3. Referrals received by KCHFT services should include the NHS Number. Joint working must be established with GPs and other referring NHS organisations to ensure wherever possible NHS Numbers are included in the referral. 4. Where the NHS Number is not available then tracing should be performed as early as possible in the episode either at point of contact or as a back-office process. The Personal Demographics Service (PDS) or Demographics Batch Services (DBS) should be used to trace NHS Numbers. 5. The NHS Number should be included on electronic records, wristbands, notes, forms, letters, documents, reports and onward referrals which include personal confidential data and are used for that person's care. 6. The NHS Number should be used in the first instance to search for an electronic record. 7. Minimum datasets on information systems recording personal confidential data should include the NHS Number. This includes Excel spreadsheets and access databases. 8. KCHFT services should encourage their patients to know their own NHS Number and raise awareness by use of patient literature that explains the NHS Number, its uses and advantages and how patients can use it to increase safety. Patients can find out their NHS Number by asking their GP practice, because it will be written on their medical history notes, or if their GP does not have their NHS Number on file, they can write to the Kent Primary Care Agency at: 11 Station Road Maidstone Kent ME14 1QH Version 3.0 Page 19 of 52 October 2015

22 What you need to do to Trace an NHS Number using the Personal Demographics Service (PDS) 1. Team Managers must identify those staff to be trained in on-line tracing of patient NHS Numbers. 2. All staff requiring access to PDS must first register for a smartcard via the Registration Authority Manager, contact details can be found on StaffZone. As part of the registration process staff need to provide proof of identity. Once the smartcard has been registered the access level needs to be authorised by your sponsor (normally your line manager). 3. Once the above process has been completed access to PDS is obtained by first logging on the NHS CRS (the Spine) using the smartcard and pass code, and then selecting the Launch Summary Care Record option. 4. PDS must only be used for checking patient information. It cannot, under any circumstances, be used to check private information. 5. Passwords must be kept secure and not divulged to anyone else. 6. All personal confidential data must be kept confidential and only disclosed to other members of staff who have a need to know in the course of their work. 7. If a patient cannot be found/traced on PDS, then contact should be made with the GP Practice to enquire if they know the NHS Number of the patient. If first contact was made within the last 6 weeks the NHS Number may still be pending. 8. If a PDS user finds data quality issues such as duplicate entries on PDS or incorrect patient information, they are to advise to contact the Head of Applications. They will be able to log the details of the call and pass it to the appropriate team to resolve. 9. There are some patient s NHS Number which cannot be traced. This may be because: PERSON TRACING the person has not changed their GP or address for many years the person has been in long term inpatient care the person has been in prison for a length of time the person is, or has recently been, in the armed forces the person is an asylum seeker, currently in a detention centre the person is not registered with a GP There are two options available for patient tracing, basic search and advanced search. The most appropriate function will be determined by the level of information available to check a patient. Basic Search If at least the gender, surname and DOB is known, the basic search should be used. Enter as much information onto the basic search screen that is available and click the find button. The results will be displayed on the screen. By clicking on the patient name (in bold blue lettering) the screen will be expanded to include further information which is split into four tabs; Key demographics, GP & Care providers, Contact & next of kin, Historical information. Click on the relevant tab to obtain the information required. Advanced Search If there is limited information available regarding a patient the advanced search will enable wider searches to be carried out using ranges of information rather than specific information. The search results will be displayed in the same way as described for the basic search. Version 3.0 Page 20 of 52 October 2015

23 APPENDIX D - PROCESS FOR MANAGING REQUESTS FOR ACCESS TO RECORDS (SUBJECT ACCESS REQUESTS) Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 November 2012 IG Lead Assurance Ratified New flowchart clarifying service role in SARs Patients/clients are able to access all their current records if and when they choose to do so. Health care professionals must take account of guidance available relating to the process for managing subject access requests. What happens to personal information held about you? leaflets must be available in each area/ward/department. A copy of the leaflet can be found on Staffzone. Specified within the Data Protection Act 1998, principle six, are timeframes within which data controllers must comply when dealing with requests for information (subject access request), valid applications must be processed within a maximum of forty calendar days following receipt. Subject Access Requests Pricing Structure Please see below for pricing/charging structure which must be applied to all Access to Health Records Requests. Elements of charging structure 1.Retrieval from Archiving costs 2.Royal Mail Special Delivery costs 3.Photocopying costs (incl. paper, toner etc) 4.Processing time (Administration costs) 5.Clinician time (checking) Elements Included: Cost: 1, 2, 3, 4, 5 (No upper or lower limits on sheets provided) ex VAT 2, 3 (less than 10 sheets), 4, ex VAT 2, 3 (more than 10 sheets), 4, ex VAT Electronic Records (transferred electronically) Viewing of Records (on site) ex VAT ex VAT Non Health Requests Viewing of Records No charge Copy of Records What you need to do The following diagram sets out what you need to do if you receive a subject access request. Version 3.0 Page 21 of 52 October 2015

24 Handling a request for access to health records (subject access request) When the request is received by the service SERVICE LEGAL SERVICES Service receives records request Service alerts Legal Services by faxing request to (safe haven) with completed form SAR1. OR Service scans and s request and completed form SAR1 to [email protected] (DAY 1) Service locates and retrieves relevant records. If necessary, records are requested from archive via the Information Governance Team in line with the Trust s procedure by ing [email protected]. Records and form SAR3 sent to Legal Services in one of the following two ways: (1) Copy records and completed form SAR3 sent by internal/special delivery post or scans and s to [email protected] OR (2) Original records and completed form SAR3 sent by internal/special delivery post or by hand delivery. Service monitors where the records were sent and if necessary arranges return of box to archive. Legal Services considers comments on form SAR3 and redacts harmful and third party information in the records. Legal Services discloses copy records to requester Legal Services sends invoice request to Finance Team (DAYS 7 TO 20) Upon receipt of original records, service returns the file to original location in accordance with the Trust s Service completes and faxes form SAR4 to Legal Services Legal Services returns original records to service (if necessary) by internal/special delivery post with form SAR4. (WITHIN 5 WORKING DAYS OF RESPONSE) (UPON RECEIPT OF RECORDS) Version 3.0 Page 22 of 52 October 2015

25 APPENDIX E - PROCEDURE FOR INFORMATION SHARING (CALDICOTT PRINCIPLES) Document control Version Date Author Status Comment 1.0 Feb 12 Data Protection Manager Ratified 1.1 Nov 2012 IG Assurance Lead Ratified Replaced with procedure from DPA Policy for consistency All employees working for KCHFT are bound by a legal duty of confidence to protect all personal confidential data they may come in contact with during the course of their work. This is not just a requirement of your contractual responsibilities but also a requirement within the Data Protection Act 1998 and, in addition, for health and other professionals through their own professions Code/s of Conduct. Routine disclosure - a routine disclosure of personal confidential data is one that happens as a matter of course and is relevant to the direct care or treatment of the individual. For example: a) a multi-professional ward round or case conference b) a heath visitor discussing a family s circumstances with their GP c) a routine referral to another department Non-routine disclosure - a third party may also request disclosure of personal confidential data for purposes other than direct healthcare, such as from the Nursing and Midwifery Council (NMC), Police, Coroner, Solicitors, Court, researchers (this list is not exhaustive). For example: a) police requesting information from A&E about injuries sustained by a patient suspected of being involved in an affray (unless under a statutory exemption); b) a solicitor requesting information in a personal injury claim; c) the NMC requesting a staff and/or patient file to investigate a possible incident d) Court when prosecuting an offender The request must be made in writing (for audit purposes) and if you are unsure whether to release the information seek advice from a Senior Manager, the Caldicott Guardian or the Legal Services Department. What you need to do Staff are regularly asked to provide information about patients and prior to disclosing any information staff must ensure that, if necessary, patients are aware that their information may be shared, please see the Procedure for obtaining consent to share information. When sharing information you must take into account the security of the information being sent, please refer to the Safe Haven Procedures. Version 3.0 Page 23 of 52 October 2015

26 Caldicott Principles (to be applied prior to releasing patient identifiable information): 1. Justify the Purpose(s) Individuals, departments and organisations must justify the purpose(s) for which information is required. This includes being able to justify the purposes to the individual as well as to the Caldicott Guardian within Community Health. Every proposed use or transfer of patient identifiable information within or from Community Health should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate manager within the practice. 2. Don t use patient identifiable information unless it is absolutely necessary This means assessing information flows and uses, and ensuring that patient identifiable information is removed unless a genuine case can be made for its inclusion and there is no alternative. 3. Use the minimum necessary patient identifiable information Where use of patient identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability. This includes the use of the NHS number rather than any other identifier where possible. 4. Access to patient identifiable information should be on a strict need to know basis Only those individuals who need access to patient identifiable information should have access to it, and they should only have access to the information items that they need to see. Never give out information on patients or staff to persons who do not need to know or if it is not to provide healthcare and treatment. If the information requested is not to provide healthcare and treatment, the requests should be with a justified need and may also need to be agreed by the Caldicott Guardian, Legal Services or the Information Governance team. 5. Everyone should be aware of their responsibilities Action should be taken to ensure that those handling patient identifiable information both health and non-health staff are aware of their responsibilities and obligations to respect confidentiality. 6. Understand and comply with the law See Other sources of information below 1. The duty to share information can be as important as the duty to protect patient confidentiality Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies Remember: You cannot withdraw information once it has been disclosed, so decide carefully and seek advice before providing confidential information to any third party The fact that an individual has visited a site, or is a patient of the clinic/practice or healthcare professional is confidential. If in doubt, consult with your manager. Specific statutory restrictions apply to the disclosure of information regarding HIV and AIDS, sexually transmitted disease, assisted conception and abortion. Version 3.0 Page 24 of 52 October 2015

27 The Police do not have any automatic right of access to information see Procedure for information sharing with the Police If you have any concerns about disclosing or sharing patient identifiable information you must discuss this with your manager or the most senior member of staff available before releasing the information. Version 3.0 Page 25 of 52 October 2015

28 APPENDIX F - PROCEDURE FOR ENSURING THE SECURITY/CONFIDENTIALITY OF RECORDS Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 Nov 2012 IG Assurance Lead Ratified Simplified and combined with previous Appendix H The Department of Health recommends that equipment used to store current records on all types of media should provide storage that is safe and secure from unauthorised access and which meets health and safety and fire regulations, but which also allow maximum accessibility of the information commensurate with its frequency of use. (Records Management: NHS Code of Practice) What you need to do 1. All patients and staff records must be kept in lockable filing cabinets, drawers or cupboards. 2. All records must be stored in a tidy and orderly manner. 3. Records may only be destroyed/disposed of by approved methods outlined in Appendix H. 4. Patients must be made aware that other agencies/professionals may need to share information about them (including written documentation and reports) and that they have the right to exercise choice in that process. 5. Patient and staff records must be transported securely and confidentially as outlined in Appendix G. 6. Where a record is maintained at a patient s home the patient must be made aware of their role in maintaining the security and confidentiality of the record. 7. In the event of a patient s death or at the end of an episode of care/treatment staff must ensure that patient held records are returned to the department/base by a named professional. 8. Health and/or staff records must not be left unattended in areas used by the public. This applies to wards, outpatient departments, offices and also to staff vehicles. 9. Staff must be aware of their role in the Confidentiality Code of Conduct. 10. Desks must be left clear of health and/or staff/corporate records and other confidential information at the end of the working day. 11. Regular risk assessments should be undertaken on all record storage areas to ensure that information security standards are strictly maintained. 12. Electronic Records must be protected at all times from unauthorised disclosure, access or corruption and must have appropriate titles, security markings, and/or confidentiality markings to prevent accidental deletion or access. Version 3.0 Page 26 of 52 October 2015

29 APPENDIX G - PROCEDURE FOR THE TRANSPORTATION OF HEALTH AND STAFF RECORDS Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 Nov 2012 IG Assurance Lead Ratified Simplified procedure It is recognised that healthcare professionals find it necessary to remove and transport health records from their team base/department, to either facilitate their daily practice of seeing patients in community settings or to transfer records between sites. The organisation will ensure that mechanisms for transferring information will be tailored to the sensitivity of the material contained within the records and the media on which they are held. Only the minimum required data should be transferred and staff should ensure that they take every reasonable precaution to safeguard its safe arrival at the correct destination. Manual records must only be removed from the organisation if absolutely necessary - the transportation of original records and particularly those of high importance (such as patient records) should be avoided wherever possible. If records are requested from another NHS organisation only copies of the records should be sent. Original records must never be sent. If transfer is deemed essential, each record should be tracked on its onward dispatch and inward receipt, and the records should be returned to their permanent storage location as soon as possible. Please also refer to the Transfer of Care Policy. What you need to do 1. When health/staff records are removed from the team base/department, a tracer card must be completed: a. the information on the tracer card must be sufficient to identify the borrower and locate the record should it be required at a later date; b. all health records removed / borrowed from the filing system should be immediately replaced in the filing cabinet with an accurately completed tracer card; c. the tracer card should also be accurately completed when the health record is returned to the filing system; d. borrowers of health records are personally responsible for the security and subsequent return to the filing system of every set of records they borrow; e. borrowers who take or send health records to another location are personally responsible for ensuring the tracer card is updated immediately; and f. the tracer card should remain in the record once the record is closed and archived. 2. When tracking the movement of health records using PAS, you should refer to the Casenote Tracking and Moving Patient Casenotes section of the PAS Administrative Guidance Notes for further information. Version 3.0 Page 27 of 52 October 2015

30 3. Records must be stored and carried in a secure container. Piles of health/staff record folders should not be carried loosely. 4. Healthcare professionals must return all records to team base/department at the end of the working day, or at the earliest opportunity. 5. In exceptional circumstances when a healthcare professional is not returning to their team base/department at the end of the working day, the health records should remain in a secure/ lockable case in the safest location available, e.g. home, and must not be left in the car boot overnight. In these circumstances the questionnaire on page 296 below should be completed. 6. Care must be taken to ensure that family members or visitors to the house do not gain access to the health records, and that confidentiality and Caldicott Principles are upheld. As soon as an episode of care is completed by KCHFT service providers the service user s records must be collected from the service user s address. If, for any reason, the records are not obtained an incident form must be completed and processed according to the Trust incident reporting policy. 7. On return to the team base/department, records must be taken back to their usual secure storage place. A system must be in place to check that all of the records previously tracked/traced out have all been safely returned, or accounted for. 8. Health records, clinic lists or any other papers containing personal confidential data must not be left on car seats visible to passers by. 9. Ideally, only the health record of the current patient being seen should be taken into the house/building. The remaining records should be locked in the car boot out of sight. 10. However, if it is considered that it would be safer from a theft and/or risk management point of view to take all records into the house/building, then these should be taken in and kept in a secure/lockable case. Staff may find it useful to document any risk management decisions. 11. If staff are moving offices extreme care should be taken to ensure that all records, on whatever media they are held, are (including paper records, CD s, videos etc) safely and securely transported to their destination. Cupboards, desks, filing cabinets and any other local storage areas (archiving boxes, basements etc) must be checked to ensure no records remain once the service/department has moved to a new area. Please refer to the Move Manager process for further advice. Version 3.0 Page 28 of 52 October 2015

31 Risk assessment for transportation and storage of personal confidential or business sensitive information off-site Name Job Title Base Tel No Mobile Please ensure all sections are completed and the form is authorised by your manager. In the event the type of record or media removed changes or the reason for doing so, you will need to revisit this form and ensure the appropriate authorisation is given. 1. What information is to be transported? (tick all that apply) Personal confidential (patient or staff) Confidential Business sensitive 2. Media to be transported? (tick all that apply) Paper records (clinical or corporate) Encrypted media (laptop, memory stick etc.) Camera or other unencrypted device please specify Other (please specify) 3. Why are you removing the information? 4. How will the records be transported (e.g. secure bag in the boot of the car etc.) and how will they be held securely at your destination? (e,g, locked filing cabinet) By signing this form you and your manager are providing absolute assurance that the records / devices will not be accessed by any other person and the records / devices will be securely transported and protected at all times, in line with the Data Protection Act 1998, the Confidentiality Code of Conduct and your contract of employment. Please tick to confirm you have completed your annual Information Governance Training and signed your Confidentiality Code of Conduct Signature Date To be completed by line manager Manager s Name Job Title Signature Tel No Base Risks identified and noted on departmental risk register? Please retain one copy on the staff file Version 3.0 Page 29 of 52 October 2015

32 APPENDIX H - PROCEDURE FOR THE APPRAISAL, RETENTION AND DISPOSAL OF RECORDS Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 June 2012 Information Governance Coordinator Ratified Changes to archiving procedure 1.2 Nov 12 IG Assurance Lead Ratified Simplified and deleted duplicate flowcharts 1.3 Oct 15 IG Assurance Lead Ratified Updated flowcharts and added end of TNT box example Appraisal of records should be undertaken by staff with appropriate training and understanding of the operational area to which the record relates. Retention dates will be determined with reference to the Records Management: NHS Code of Practice Part 2 Annex D1 (For electronic records, good-housekeeping of both shared and personal drives is essential to remove material that should no longer be retained this includes (which should be deleted on a regular basis). Permanent preservation of records will be undertaken in consultation with the Information Governance team, Information Governance Implementation Group and in conjunction with KCHFT s approved place of deposit. What you need to do 1. Staff must use the Records Management: NHS Code of Practice Part 2 to determine how long each record should be retained for. If you are not sure please contact the Information Governance team. 2. If the records are to be retained but are no longer required on site they should be archived see point 12 below. If records are to be retained by KCHFT for research, historical or litigation purposes, please contact the Information Governance team, details on StaffZone. 3. If confidential corporate records are to be disposed of, they must either be placed within the designated confidential waste bins, shredded on site or placed in confidential shredding bags. 4. A record must be made of the destruction of confidential records, showing their reference, description and date of destruction. Such disposal schedules must be retained indefinitely. 5. Should there be a time delay between the collation of confidential waste for shredding and shredding the waste, then the waste must be stored in a locked area to prevent disclosure of the information it contains. 6. Cross shredders are the trust preferred type of shredder for the complete destruction of confidential waste. 7. The disposal of records which have been placed in archive but have exceeded their retention period must only be authorised by the Head of Service. A list of archive boxes which are due for destruction and have been checked, using the content log, will be made available on the staff intranet for archivists and Heads of Service to suggest material which should not be destroyed. 8. Where a record due for destruction is known to be the subject of a request for information, or potential legal action, destruction must be delayed until disclosure has taken place or, if Version 3.0 Page 30 of 52 October 2015

33 KCHFT has decided not to disclose the information, until the complaint and appeals provision have been exhausted or the legal process completed. 9. Adequate controls must be put in place throughout the destruction process to protect against accidental loss or disclosure of the contents of the records. 10. The destruction of records must be undertaken by an approved contractor. All approved contractors must be required to sign confidentiality undertakings and to produce written certification as proof of destruction. 11. A record must be made of the destruction of records, showing their reference, description and date of destruction on the health record archive database. Such disposal schedules must be retained indefinitely. 12. For all records (deposits, retrievals and disposals) to be archived at KCHFT s off site storage provider(s) follow the flowcharts below. New Deposits prior to archiving Records to be archived should be sorted into one of the following categories (this is general information and you must check the Records Management NHS Code of Practice Part 2 relevant to your Service prior to sorting): year of last contact with the service year of birth if children s records year of death financial year end year of leaving employment closure of a file e.g. complaint file Diaries DO NOT MIX ITEMS WITHIN BOXES i.e. you must have separate boxes for children s date of birth year group, e.g. 2010, 2011 etc. Draw up a list of the contents of each box (names and dates of birth, year of death/discharge etc.) and place a copy in the box. Keep this list in your Service shared drive or in a secure area within your base. If archiving diaries please list the owners and the year of the diary. A Contents List template is available from [email protected]. Services can then use their contents lists to identify which box needs to be retrieved for any re-referrals to the service or subject access requests. The following flowcharts show the process for new deposits, retrievals, return deposits and disposal of KCHFT information. Version 3.0 Page 31 of 52 October 2015

34 New Deposits Service to requesting boxes and barcode labels ensuring contains: Full address with postcode of where boxes are to be collected from Contact name and telephone number Service to complete contents list. The template can be located on the IG webpage or found at the end of this document. Contents List MUST include the BARCODE NUMBER PLUS Your Site, Service and destruction date Where indicated on the end of the box, ensure that the following is inserted; Bar Code Label (KCHT01- ) Service Name & Site Date of Destruction Brief Description of Box contents See TNT Box Example below Contents list to be ed to [email protected] along with collection request Please remember to list the barcodes in the text of the NOTE: S MUST BE FROM AN NHS.NET Upon receipt of Contents List [email protected] will arrange for collection. Service to retain receipt / work order given by driver when boxes are collected. This should be attached to relevant contents list. Version 3.0 Page 32 of 52 October 2015

35 TNT Box Example Version 3.0 Page 33 of 52 October 2015

36 Retrievals To retrieve a box(es) from archive, Service to [email protected] With ALL of the following information: Barcode Number Full Postal Address and Contact Details Upon receipt of the above information [email protected] will make arrangements for the retrieval and delivery of the specified box(es) NOTE: If your request is URGENT please flag up to archiving Returns To return a box(es) to archive, Service to [email protected] With the following information: 1. Barcode Number 2. Full Postal Address and Contact Details of Collection 3. Upon receipt of the above information [email protected] will make arrangements for the collection of the specified box(es) Version 3.0 Page 34 of 52 October 2015

37 Destruction of Boxes When your box(es) reach their destroy date please Please supply the barcode(s) of the box(es) to be destroyed Ensuring that you CC your Head of Service into the , and request that your H o S sends written authorisation to [email protected]. Every year a list of all boxes held within archive that are due for destruction will be published on Staffzone. Local Archivists are to review the list to identify any boxes that should not be destroyed. If there are box(es) that should not be destroyed on the list, please [email protected] detailing the barcodes of those box(es) not to be destroyed. KCHT Archiving will check the boxes in January of each year prior to the contract destroying them. Version 3.0 Page 35 of 52 October 2015

38 Permanent Archival Preservation The National Archives defines archives as those records that are appraised as having permanent value for evidence of ongoing rights or obligations, for historical or statistical research or as part of the corporate memory of the organisation. Documents relating to the history of Kent Community Hospitals are an example of records which may be deemed worthy of permanent preservation. What you need to do a. You must identify those records likely to have permanent research and historical value with reference to the retention schedules set out in the Records Management: NHS Code of Practice Part 2. In particular registers (where they exist in paper format) such as admission books, deaths, births and mortuary registers are examples of health records which may be deemed as worthy of permanent preservation. The Health Archives Group can advise on the current and potential research uses of NHS archives, including patient records. b. The National Archives should be consulted where a longer period than 30 years is required, or for any pre-1948 records. c. Public records over thirty years old and selected for permanent preservation must be transferred to the National Archives or kept in a place of deposit approved by them. A list of these approved sites can be viewed in Annex E of the Records Management: NHS Code of Practice Part 2. d. It should be kept in mind that the National Archives expects the standards of storage and access to records in places of deposit to match those found in the National Archives itself. The relevant standards are spelt out in the National Archives own guidance Beyond the NA: Public Records in Places of Deposit. If advice is required about permanent preservation of records please refer to the [email protected]. Version 3.0 Page 36 of 52 October 2015

39 APPENDIX I - PROCEDURE ON THE USE OF S Document Control Version Date Author Status Comment 1.0 Feb 12 Records Manager Ratified 1.1 Nov 2012 IG Assurance Lead Ratified Simplified and deleted duplicate flowcharts All s which you compose should only contain business information and be written in a professional manner, stored appropriately and deleted when no longer needed. To find out how long documents need to be kept, see Appendix A. s may have the same legal status as any other written document such as a letter or fax. Information contained in an is subject to disclosure under the Data Protection Act 1998 (DPA) and the Freedom of Information Act 2000 (FOI). What you need to do: Sending an a. Consider why you are sending an o What am I hoping to achieve by sending this ? o If I need an urgent response will the be picked up in time? o Could I talk face to face with the individual(s) or perhaps by phone? b. Consider what you are ing: o Articulate the purpose of the in the subject line/first line use Action required, For Information or Response required o Do you need to explain the context of the ? o Confidential or personal confidential data must only be sent from an NHS.net account to another secure address, e.g. another NHS.net account or kent.gcsx.gov.uk (Social Services in Kent). For further secure addresses, see page 46. c. Consider who you are ing: o To those who need to take action or those who need to be aware of the information contained in the o CC only copy those into an who really need to see it o BCC should only be used when sending out an to multiple recipients. This is to prevent the huge recipient list being shown on every . Content of d. All s which you compose must be written in a professional manner with care and discretion. e. Remember an agreement formed by can be legally binding. f. s should be concise and action focused. g. Language and formatting (bullets, paragraphs, etc.) should be used to ensure clarity see KCHFT Style Guide. h. Keep the use of abbreviations to a minimum. i. Key points should be emphasised in bold. Version 3.0 Page 37 of 52 October 2015

40 j. Articulate the purpose (including any action required and any timescales if necessary) in the subject line and/or the first line of the e.g. For Action: Staff Satisfaction Survey: Complete by 01/11/10. k. Use an electronic signature with contact information as per KCHFT s Style Guide. l. Avoid sending attachments where possible by: o Sending a link to a document on a shared server if the recipient has access o Sending a link to the intranet/internet page where the document is stored o Copying and pasting a section of the document into the o Offering to send the document if requested m. Proof read the before sending to check it is clear and concise. n. Try to avoid sending an in the heat of the moment or with a negative purpose. o. Ensure that the correspondence trail does not contain any sensitive content. p. As the contents of s are legally admissible you should not alter the original content of the previous . Receiving an q. Consider the following principles to make time spent reading, dealing and filing s more productive: o o o o Do it if it is possible to respond/action within the time you have, do it Delegate it to another colleague or member of your team giving clear instruction on next action required Diarise it schedule time to action the if you cannot deal with immediately Delete it delete the either immediately or once actioned, ensuring you save any attachments or text in your relevant filing system. Storing an r. Set up appropriate folders in your inbox (right click inbox and select New Folder then drag (s) to folder) for s you cannot action immediately or delete. Have a regular tidy up of your s, check the Records Management Code of Practice (see appendix A) to see if you can delete s or save them on your shared drive. s. If information in an (or an attachment) needs to be retained it should be saved on your relevant shared drive. t. When dealing with long strings, provided that the string has not been edited and all previous are part of the string, it is sufficient to keep the last in the string and delete the others (click save as and find the appropriate place on your shared drive attachments have to be saved separately using the same process). Secure Addresses Below is a list of the domain extensions that you should look out for when sending s of a confidential nature as these are identified as being Government Government Secure Social Services in Government Police Version 3.0 Page 38 of 52 October 2015

41 Criminal If any confidential cannot be sent to/received from either NHS.net or one of the above then the organisation should be contacted to arrange a secure method of transfer. Version 3.0 Page 39 of 52 October 2015

42 APPENDIX J MOVE MANAGEMENT PROCESS Are you on the move? Move Management Process Moving at home or work can be a stressful event. Sometimes we move through choice and other times due to personal or business reasons. Either way having a plan and getting support makes the whole experience easier to manage. Any office move requires a great deal of planning, commitment and careful thought before, during and after the move. This document has been prepared to support your move at work and will hopefully provide all of the information you need to ensure it happens smoothly and without too much disruption to service delivery. Firstly, it will help for you to complete the following boxes so you are clear on the support available to you. Action Details Notes Our service is currently located at Our service is moving to Our move manager* is The Estates/Sites Department lead is The Estates/Sites contact number is The IG team lead is The IG team contact number is [email protected] The HR OD Business Partner is The OD Business Partner number is Confirmed move date *A move manager is the person who has been delegated the authority by the Head of Service / Director to lead on the move programme and to ensure compliance with Trust policy and the law. They have ultimate responsibility for providing assurance that the room / area / building has been cleared of all items (outlined in the list attached). Why is this process and checklist important? Firstly, we have an obligation to our patients and staff to manage their information appropriately and we do not want to be a headline in the newspaper if things should go wrong, and of course we do not want to have a 500,000 fine if we significantly breach data protection legislation. Secondly, we have a responsibility to ensure that all other legal obligations are met and carefully managed in accordance with the lease or licence to occupy buildings. Version 3.0 Page 40 of 52 October 2015

43 OK, so let s start planning There are several checklists to help with identifying the actions needed to make sure the process is as easy as possible. The timeframes have also been identified to ensure you have adequate time to get everything arranged. Sometimes your timeframes are shorter so prepare your plan in line with the time you have available. Please do not underestimate how long some of these tasks will take. Three months before Attend the meetings organised by the Estates Team as this will provide you with all the information you need to ensure the process runs smoothly and you understand the support available to you. Sort and spring clean. Go through every area you accommodate, including all storage areas and decide what you d like to keep and what you can get rid of. Use this checklist to keep track of everything you need to do and create an inventory of all the items you re moving. This will give you a really good idea of the space needed at the new location. Does the new location have adequate storage? Plan ahead. Think about your patients, if you are frontline staff and your colleagues internally and externally, to decide on a communication campaign to ensure everyone knows where you will be after your move date. If your service is being disbanded make sure there is someone appropriately senior to hand information over to in order to preserve an auditable trail of activity. Two months before Use it or lose it. Don t be tempted to move with more than you have to. Not only will it cost money to transport things you don t need but you will clutter up your new environment with things you don t need. Check out the Records Management Code of Practice (part 2) on Staff Zone to see how long documents must be retained for before confidentially destroying them. Alternatively start to box the documents up ready to be sent to the organisations archive contact the Archiving Team. If advice and/or support relating to Records Management is required prior to or during a move contact or [email protected] Decide on your furniture requirements for your new office - will you utilise existing furniture or do you require new? Remember to schedule the date for delivery of any new office equipment or furniture. Arrange for the removal or disposal of any unwanted furniture through your Estate Department lead, to coincide with your move date. Don`t release any furniture without thoroughly checking all drawers first (including under the bottom drawers). One month before Start thinking about a packing plan start with the things that you use most infrequently. Crates will be provided by the removal company, organised by your Estates Lead. These will arrive approximately 2 weeks before the move date. Version 3.0 Page 41 of 52 October 2015

44 Care should be taken to ensure that all media and portable devices are accounted for when site moves are taking place (see the Media and Portable Device Checklist ) 3 weeks before Notify everyone! Alert all those people your service interacts with, whether they are patients, colleagues other organisations. At this stage you must have a clear communication plan which will help you ensure everyone who needs to know, does. The Communications Team can support you in preparing a communications plan. If the entire building is relocating the Estates Lead will inform Royal Mail. If it is only your service relocating you will need to work with the Estates Lead to advise Royal Mail of your forwarding address and date of occupancy. 2 weeks before Check your plan is everything on schedule? Have your crates been delivered. Clearly label and number each box with its contents and the room it s destined for. Keep a note of this inventory as this will help you track your belongings. Pack and label a box of essentials which will be items you ll need right away. Computers, printers, faxes and photocopiers make sure all of these are ready to be moved to ensure full business operational capability at the new office. If your service no longer needs the fax machine contact the IG lead who can arrange for collection and disposal. If you have surplus IT equipment contact the IT team to arrange collection. If you have surplus telecommunication equipment contact the Telecom Team to arrange collection. Contact IT to make sure they are scheduled to move the computers and associated hardware. Contact the archiving service to make sure all boxes are scheduled for collection prior to your move date (allow a min of 5 working days). Contact the procurement team to ensure the photocopier, if you have one, is scheduled for collection and move. Notify internal mail that you are moving to a new location via your Estates Lead. Notify NHS Logistics of your change of location via the Procurement Team. If there are meeting rooms on site, make sure all those affected are aware the meetings will need to be rescheduled. The Estates team will advise all facilities management providers of the change in location. 1 week before Double-check the details. Version 3.0 Page 42 of 52 October 2015

45 Reconfirm the moving company s arrival time and other specifics and make sure you have prepared exact, written directions to your new office for the staff. Include contact information, such as your mobile number. Make sure all personal confidential information is kept secure at all times. Do not transfer it from a secure cabinet into a crate and then leave the crate in an unsecure location. Plan ahead. The Estates team will arrange for a final clean and inspection of the site for damage. Please note any repairs will be recharges to the departing service. Day of the move Ensure all rooms, areas and buildings occupied by your teams are clear of rubbish and of all items that will not be taken with you. Once all the crates have been collected and the furniture which is being transported has been taken you should be left with an empty space, if everything has gone according to plan. If not, there is more work to do. Firstly, is the furniture left behind not fit for purpose? Will it be disposed of? If so, by whom? Check. Do not just leave it. Thoroughly check all cupboards and drawers and under the bottom drawers too you will be surprised at what you may find! Ensure all door keys have been returned your Estates Lead. The Estates Lead will ensure all meters are read e.g. gas, electric and water. All staff must return all passes, swipe cards and fobs and any anomalies must be reported to the Estates Lead who will arrange to deactivate them all. The Site Operations manager will request the alarm codes are changed once the premises, where applicable, are fully vacated. Important notes Waste management Do not, under any circumstances, place any items listed in the Media and Portable Device Checklist (see below) in a skip or land fill waste bin. Confidential waste must be shredded or placed in a blue confidential bin or placed in special confidential waste sacks and securely stored pending collection by the Trust s contracted waste management provider. The bags must be collected before you vacate the site. Do not leave confidential waste vulnerable to inappropriate disclosure. All electrical waste must be collected in accordance with the WEEE regulations under the Environmental Protection act; duty of care regulations and Trust policy. Please contact your Estates Lead to arrange collection. All furniture waste must be collected in accordance with the Environmental Protection act; duty of care regulations and Trust policy & standard operating procedures. Please contact your Estates Lead to arrange collection. Version 3.0 Page 43 of 52 October 2015

46 All clinical waste & hazardous waste (clinical & non clinical) must be collected in accordance with the Environmental Protection act; duty of care regulations and Trust policy. Please contact your Estates Lead to arrange All general [trade] waste must be collected in accordance with Waste Regulations & Environmental Protection act; duty of care regulations and Trust policy. Please contact your Estates Lead to arrange. All Recycling waste must be collected in accordance with Waste Regulations & Environmental Protection act; duty of care regulations and Trust policy. Please contact your Estates Lead to arrange. If you are unsure which waste stream you should use please contact your Estates Lead before removal/disposal. If advice and/or support relating to Records Management is required prior to or during a move contact or [email protected] Media and Portable Device Checklist This list is not exhaustive. There are many different ways of recording information and care needs to be taken to ensure ALL media and portable devices are considered during the move. They may contain person identifiable data (staff and patients), corporate and business sensitive information. Please use the following checklist to account for the equipment used within your service. Should you identify any information which could be archived or confidentially destroyed please [email protected]. If you have any mobile devices which need to be returned due to them being surplus to requirement or broken please contact the KMHIS Service Desk DO NOT discard any media or device without checking the correct process first and NEVER put any media or portable device in an open waste receptacle, such as a skip or waste bin. Ensure all waste is disposed of appropriately and legally. Name of Media / Device Mobile telephones including smart phones Mobile devices laptops, tablets, notebooks, ipads Audio recording devices and associated equipment e.g. tapes, SD cards. Memory sticks / USB devices Compact Discs (CD s) DVD s Floppy discs Cameras (digital, Polaroid or film) Video recording devices and associated equipment e.g. tapes, SD cards. Sat Nav / GPS systems Desktop computers (including VDU) Keyboards (integral and wireless) Computer mouse (integral and wireless) Desktop printers Office printers Fax Machines (please call IG if you would prefer the fax machine is collected and disposed of in line with the recent guidance) Desk top telephones and answerphones VPN Tokens Paper notebooks Action taken Version 3.0 Page 44 of 52 October 2015

47 Diaries Case-notes Health records Clinical data Images / Photographs X-rays Telephone message pads Appointment books Any other media / mobile device or asset containing data relating to the Trusts business including corporate and clinical information (please list) Contacts list Service Responsible for Telephone address number Estates Estate rationalisation Planning Crate delivery First responders for You will be advised of the contact details for your Estates Lead at the first Estate Rationalisation Group (ERG) queries Waste management Information Records management [email protected] Governance Data protection Information security IG training Archiving Records management [email protected] Archive support Retention guidance Archive box issue/collection Communications Public consultation Support with communications for patients and stakeholders Updating your details [email protected] Human Resources (HR) IT/KMHIS on the website Staff consultation Collection and reinstallation of IT equipment (supported by the KMHIS this may not include your copier/mfd) Your OD Business Partner Depending on your service and location this will be your usual OD Business Partner Register a call via the KMHIS Portal (see the link on your desktop) Telecoms Collection of redundant equipment Mobile telephones, fax lines and other telephony equipment [email protected] Version 3.0 Page 45 of 52 October 2015

48 Procurement Photocopier removal / [email protected] relocation Change of delivery address for NHS Logistics Assurance Statement Move Management Process Once the move is complete the Move Manager must sign this assurance statement and send it to the IG team within 24-hours of the move being finalised. It can be scanned and ed to [email protected] or printed and sent to The Information Governance Team, Trinity House, Upper Pemberton, Trinity Road, Ashford, Kent TN25 4AZ Directorate Service Moved from Moved to Date of move Move Manager s name Move Manager s signature Date assurance provided Move Manager s telephone number Budget Code for repairs, if needed I confirm that the area vacated by the above team has been cleared of all items as listed in the Move Management process and all the actions listed have been undertaken. I understand that if any items are found after vacation I am responsible for them, and will accept accountability for the incident. I also acknowledge that any damage on site will be the responsibility of the service vacating that area. Additional notes: Version 3.0 Page 46 of 52 October 2015

49 APPENDIX K CHECKLIST FOR HOLDING DATA AT A NON-KCHFT SITE If your service holds data at a non-kchft site such as a school, college, university, GP surgery or other site, from which you provide health services, you will need to ensure the information is adequately secured and protected when you are not on site. Protocols for the suspension, cancellation or deferment of services must include records management, as well when access to the other sites is prohibited such as during refurbishment, school holidays or perhaps even a disaster at the site. Information Governance has prepared a checklist for you to refer to. However, all services run in a slightly different way so we would ask that you put in place a protocol which works for your individual service. An up to date record must be kept of the information not at your base and the filing cabinet must be marked as property of the Kent Community Health NHS Foundation Trust with a contact number and name. Ideally your service will identify someone at the site who can act as guardian for the information when you are not there, but we recognise this is not always possible so it is important to be able to provide adequate assurance at all times. Version 3.0 Page 47 of 52 October 2015

50 APPENDIX L STANDARD TEMPLATES IN SBAR FORMAT Date: To: Department Address Address Address Address Address Telephone: Fax: Dear Doctor Re:... Date of birth... Address... NHS No.... Situation: Identify yourself (I am X Nurse) I am from (the site/unit/team you are calling from) I am contacting because and the reason for your contact. I am concerned that (describe your concern) Background: Give the patient's reason for being in your care (patient X was admitted on XX date for rehabilitation following XX) Explain significant medical history (e.g. they have diabetes, heart failure, infection status) Inform the person of the patient's background: diagnosis, date of referral to your service, prior procedures, current medications, allergies, pertinent laboratory results and other relevant diagnostic results. For this, you need to have collected information from the patient's medical records. Version 3.0 Page 48 of 52 October 2015

51 Assessment: I think the problem is or I am not sure what the problem is but patient X is deteriorating or I don t know what is wrong but am really worried. Recommendation: I need you to or Come and see the patient or Have a look at or Transfer her to or Take over the care of Important include what is going to happen in the mean time to ensure continuity of care i.e. Is there anything I need to do in the meantime until that happens? Yours sincerely Title Chairman David Griffiths Chief Executive Marion Dinwoodie Trust HQ The Oast, Unit D, Hermitage Court, Hermitage Lane, Barming, Nr Maidstone, Kent ME16 9NT V1 Oct 2014 Version 3.0 Page 49 of 52 October 2015

52 Date: Report: Subject matter Department Address Address Address Address Address Telephone: Fax: Situation: What is the current issue/ concern/ problem Background: What was the background leading up to the current situation? Who was/is involved? What action has been taken? Are there any mitigating circumstances? Is there any local/national guidance to be adhered to? How long has this been an issue? Version 3.0 Page 50 of 52 October 2015

53 Assessment: What is your assessment of the current situation? Have you any facts or figures to present? Identify the current risks for the organisation. Identify any key individuals involved Recommendation: What do you recommend? What resources do you require? Who needs to be involved? What are the timescales? How do we manage any residual risks? Important include what you recommend is in place in the mean time to ensure continuity of care/ service provision/ organisational risk reduction/ meet recommended local or national guidance. Name Title Chairman David Griffiths Chief Executive Marion Dinwoodie Trust HQ The Oast, Unit D, Hermitage Court, Hermitage Lane, Barming, Nr Maidstone, Kent ME16 9NT V1 Oct 2014 Version 3.0 Page 51 of 52 October 2015

54 No. Date action added What is the issue or problem identified? What action is to be taken? Who is responsible for the action? Date action to be completed by CQC Outcome action relates to? What was actually done? (Update by service / any evidence to be provided?) Version 3.0 Page 52 of 52 October 2015