THE ROYAL COLLEGE OF RADIOLOGISTS



Similar documents
West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

What NHS staff need to know

Scotland s Commissioner for Children and Young People Records Management Policy

CCG: IG06: Records Management Policy and Strategy

EMRAD PACS & RIS Procurement. Kishamer Sidhu. Andrew Gill/Ketan Lad N/A

An Approach to Records Management Audit

Information Security Policy

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

Greater London Authority Records Management Policy

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

QIPP Digital Technology. Online Meeting Services: Information Governance Guidance

The Medical and Dental Defence Union of Scotland Protecting you since Essential guide to medical and dental records

Scottish Rowing Data Protection Policy

BIG LOTTERY FUND Document archive and retention policy

NHS Business Services Authority Records Management Audit Framework

This note provides general guidance for NOTES RETENTION OR DESTRUCTION OF FILES. Technology Committee AND OTHER PAPERS AND ELECTRONIC STORAGE

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Sustainable future for diagnostic radiology: working for alternative and/or multiple providers

National Statistics Code of Practice Protocol on Data Management, Documentation and Preservation

Information Governance Policy

Corporate Policy and Strategy Committee

Records Management plan

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Records Management Plan. April 2015

Records Management: NHS Code of Practice. Part 1

SCOTTISH GOVERNMENT RECORDS MANAGEMENT: NHS CODE OF PRACTICE

Scope and Explanation

The legal admissibility of information stored on electronic document management systems

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Merthyr Tydfil County Borough Council. Data Protection Policy

GCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS

Information Governance Strategy & Policy

Clinical Record Management Guidelines. For Pre-Hospital Health Information Records

Information Sharing Policy

Data Protection Policy

Life Cycle of Records

Information Sharing Protocol

RECORDS MANAGEMENT POLICY

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Data Protection Act Guidance on the use of cloud computing

RECORDS MANAGEMENT POLICY

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

CORPORATE RECORDS MANAGEMENT POLICY

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement

INFORMATION GOVERNANCE STRATEGY NO.CG02

Information Governance Policy

Record keeping. Guidance for nurses and midwives

Electronic Health Records (EHR): Guidance for Community Pharmacists and Pharmacy Technicians. November 2012

CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

Patient Group Directions. Guidance and information for nurses

The Manitowoc Company, Inc.

UK data retention requirements

How To Share Your Health Records With The National Health Service

IS INFORMATION SECURITY POLICY

Information Governance Policy

The Royal College of Radiologists

MINNESOTA. Downloaded January 2011

A new innovation to protect, share, and distribute healthcare data

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Summary of the role and operation of NHS Research Management Offices in England

Faster, better, safer communications

Records Management Policy & Guidance

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

How To Protect Your Personal Information At A College

Caedmon College Whitby

Privacy Policy. January 2014

Records Management Policy

SCHEDULE OF THIRD PARTIES WITH WHOM THE TRUST HAS A DUTY OF CO-OPERATION

Records Management Policy

Information Management Policy CCG Policy Reference: IG 2 v4.1

Study-wide considerations: identifies the areas of the criterion the lead reviewer should consider when conducting the review

Information Security Policies. Version 6.1

DOCUMENT AND RECORDS CONTROL PROCEDURE

Policy Document RECORDS MANAGEMENT POLICY

Information Management Policy

EX GRATIA PROVISION OF XYREM TO PANDEMRIX AND NARCOLEPSY PERSONAL INJURY CLAIMANTS BY THE DEPARTMENT OF HEALTH

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Newcastle University Information Security Procedures Version 3

Transcription:

THE ROYAL COLLEGE OF RADIOLOGISTS TEL: 020-7636-4432 FAX: 020-7323-3100 38 PORTLAND PLACE LONDON W1B 1JQ BFCR(06)4 (updated February 2008) Retention and Storage of Images and Radiological Patient Data This guidance attempts to draw together recommendations and legal requirements from various sources (as referenced) for the retention and storage of images. The Royal College of Radiologists recognises that the technical constraints of most Picture archiving and communication systems (PACS) preclude the preferential storage of some specific imaging studies over others, and do not permit prospective determination on how long a particular imaging study should be stored. Most institutions are therefore obliged to store studies long enough to cover the requirements for those studies which have to be kept the longest (for example, paediatric images). As technology progresses, it will undoubtedly become possible to set up PACS archive storage rules in an intelligent manner, and at that point the implications of the guidance offered in this document should have a practical realisation. This document replaces previous advice Retention of X-Ray Film- Resume of the Issues [FCR/2/91] 1 and Notes on Access to, Transfer and Storage of Patient Records Created in Radiology Departments [BFCR(00)3], 2 which are now withdrawn. 1. Introduction 1.1 Radiological request information, images and reports are part of the patient record; their management is governed by a range of statute and advice. The Department of Health issued a guidance document in 2006 Records Management: NHS Code of Practice (RMCoP). 3 RMCoP has replaced previous advice For the Record [HSC 99/053, WHC 00/71] 4 and Using Electronic Patient Records in Hospitals: Legal Requirements and Good Practice [HSC 98/153]. 5 The advice will incorporate relevant aspects of the Data Protection Act 1998, 6 Freedom of Information Act 2000, 7 Limitation Act 1980 8 and British Standards PD 0008 9 and PD 5000, 10 relating to admissibility of evidence. These guidelines have been prepared for use in the NHS but should also apply to independent and private practice. They should also be considered as best practice for other practitioners using radiology; eg, chiropractors and dentists. In Scotland, current guidance is contained in Guidance for the Retention and Destruction of Health Records (MEL (1993) 152. 11 This guidance is due to 1

be updated and a consultation paper Retention and Disposal of Health Records was issued in September 2005, followed by a consultation report in January 2007. Formal guidance has not yet been published. There is an intention to reflect a consistent approach to minimum retention periods across the UK. 12 2. Records Management: NHS Code of Practice (RMCoP) 3 2.1 Previous advice in For the Record 4 regarded the radiological report as the permanent record, and images and request information of a transitory nature. In For the Record, the published retention schedules referred to the report of the radiological examination. The length of time for retention of images was not specified and was based on local determination and policy. The balance lies between the costs of additional storage, versus the needs of the clinical service, whether the original examination has been reported (either within radiology or by clinicians), and the costs of failed litigation due to the inability to produce the image evidence. 2.2 With the development of electronic records and the increasingly integrated nature of the radiological record, the traditional separation between the images and the associated request and report has changed. It is now considered that best practice should move towards retention of image data for the same duration as report and request data. The integrated nature of the radiological record is providing greater cohesion between report and image data. This will have important implications for the configuration of storage systems. This change is reflected in the new advice given in RMCoP. 3. Recommended Retention Schedules 3.1 The minimum retention schedules for radiological records are as follows: 3.1.1 General Patient Records 8 years after the conclusion of treatment (England, Wales and Northern Ireland). [RMCoP 7 years but see 3.4 below] 6 years after the date of the last entry or 3 years after death (Scotland) 3.1.2 Children and young people Until the patients 25th birthday, or if the patient was 17 at conclusion of treatment until their 26 th birthday, or until 8 years after the patient's death if sooner. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period. Scotland - until the patient reaches the age of 25, or three years after death if earlier. 3.1.3 Maternity records 25 years after the birth of the child, including stillbirths. 3.1.4 Clinical trials 15 years after the completion of treatment. 2

3.1.5 Litigation Records reviewed 10 years after file closed. NB: Once litigation has been notified (or a formal complaint received) images should be stored until ten years after the file has been closed. 3.1.6 Mental health 20 years after no further treatment considered necessary; or 8 years after death. Scotland - for the lifetime of the patient and three years after death. 3.1.7 Oncology records 8 years after conclusion of treatment Scotland - for the lifetime of the patient and three years after death 3.2 Screening Mammography 13 3.2.1 The UK Breast Screening Programmes specify minimum retention periods for both screening mammograms and associated reports: Normal packet 9 years after date of final attendance [RMCoP 8 years (but see 3.4 below)] Screen detected cancers Indefinitely Interval Cancers Indefinitely Interesting Cases Indefinitely Research cases 15 years after date of final attendance Age trial cases 9 years after date of final attendance Deaths 9 years after date of final attendance 3.2.2 Screening Mammography (Scotland) 14 Mammograms and reports should be retained as follows Normal packet 9 years following last attendance, or 9 years from date of death Screen detected cancer Indefinitely Interval cancer Indefinitely Clinical trial Indefinitely Anonymised cases Indefinitely (educational purposes) 3.3 Product Liability Involved 11 years (Consumer Protection Act 1981) 15. 3.4 Minimum retention periods should be calculated from the end of the calendar year following the conclusion of treatment or the last entry in the record. 4. Long-term digital storage 4.1 Long-term digital storage of images raises a number of issues. The image data to be stored should be that which is normally sent to the archive. For some modalities which produce large volumes of raw data (e.g. multi-slice CT) the stored product will be less than the raw data. Where compression is used it is important that the images stored are clinically useful. 3

4.2 Differential retention requirements will require differential storage periods. Information systems linked to the data storage archives will need to be refined to a degree that all relevant patient history and events (such as cancer diagnosed) will trigger the appropriate message to manage the patients current and prior image data. Until this can be achieved, then data will have to be stored for longer periods and the use of image data compression considered as a means of increasing storage capacity. 4.3 Compression may be used to reduce the storage space required for digital images. Standard compression algorithms can achieve lossless image compression up to a ratio of approximately 3:1. More dramatic space savings may be obtained with lossy compression, where some image data is lost permanently, but to a degree that may not be significant in clinical practice. In circumstances where it is impractical to store lossless images indefinitely, such lossy compression is clearly preferable to the deletion of images. Where lossy compression is applied it is important to ensure the levels chosen are appropriate so that images remain clinically useful. The compression algorithm must be approved and supported by DICOM (Digital Image Communications in Medicine). 16 The RCR expects to produce more detailed advice in due course. 4.4 Any PACS implementation must include robust technical solutions and contractual safeguards that data stored in the long-term archive can be accessed and retrieved over the entire retention period specified above. This may require occasional transfer of such data to new storage media and archive devices before the original storage and retrieval technologies become obsolete. The obligations of the PACS supplier or Service Provider in this respect, should be clearly specified in the original contract and costs identified for the initial support period. Once the original contract lapses, it is the responsibility of the PACS user to put alternative contractual arrangements in place. Storage should be in a secure environment which takes account of the potential risks of theft, flooding and fire. Appropriate backup policies should be developed. 5. Record destruction 5.1 The NHS Organisation has a duty to ensure confidentiality is maintained during the destruction of health records, including when this task is given to a third party contractor. 6. Data Security & Access to Records 6.1 Information Technology security policies are a necessary part of electronic data storage management. They are also necessary to conform with British Standards pertaining to legally admissible evidence. The principles are those of: Identification and authentication access control audit and accountability integrity. 4

6.2 Access control requires a robust password policy. An audit trail should recognise user identity, date and time, patient identification, details of transaction and a sequence number. This should be kept in a backup format, as should unsuccessful transactions. More detail of compliance with standards accepted for legal admissibility of evidence is to be found in: BSI PD 0008 Legal Admissibility and Evidential Weight of Information Is Stored Electronically 9 BSI PD 5000 Electronic Documents and E-Commerce Transactions As Legally Admissible Evidence 10 6.3 The Data Protection Act 1998 6 establishes a set of principles with which users of personal information must comply. Two of the principles are as follows: Personal data shall not be kept for longer than is necessary for its purpose(s) and Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. This sets out clear responsibilities. 6.4 The Data Protection Act 1998 6 gives an individual various rights in relation to the information held about them. Individuals have right of access to obtain a permanent copy or view a record. Such requests must be complied with within 40 days of receipt. The Secretary of State has issued guidance indicating that health care organisations should aim to meet such requests within a 21 day timescale. 6.5 The Freedom of Information Act 2000 7 lays down requirements for public bodies (including the NHS) to make information available on request. These requirements are additional to other access requirements (e.g. the Data Protection Act 6 ). From the perspective of records management the organisation should undertake a records audit to determine the location of records and whether or not they should be retained. A system of work for compliance with the Act should be developed. 6.6 Data Protection and Freedom of Information should be managed as part of the Trust's Information Governance structure. Radiology departments should have written protocols for their retention and disposal policies as well as methods for compliance with the Data Protection Act 1998 6 and the Freedom of Information Act 2000. 7 There should be compliance with Duty of Confidentiality according to Caldicott Principles. 17,18 7. Summary 7.1 The radiological archive is one of text and image data. It is recommended that the retention period for text and image data are equal and comply with the published retention schedules. Compliance with the Data Protection Act, 6 Freedom of Information Act 7 and Principles of Confidentiality are required. If electronic image and text data is to be used as evidence then compliance with the appropriate British Standards is necessary. 5

8. Acknowledgements 8.1 The Royal College of Radiologists would like to thank the IT Sub- Committee and, in particular, Dr Stephen Davies for producing this publication. BFCR(06)4 Approved by Board of Faculty on 24 February 2006 [note RMCoP introduced on 05 April 2006] Updated February 2008 6

References 1. Royal College of Radiologists FCR/2/91. Retention of X-ray Film Resume of the Issues 2. Royal College of Radiologists (BFCR(00)3). Notes on Access to, Transfer of and Storage of Patient Records created by Radiology Departments 3. Department of Health 2006. Records Management: NHS Code of Practice. http://www.dh.gov.uk/publicationsandstatistics/publications (accessed on 30 April 2006) 4. For The Record: Managing records in NHS Trusts and Health Authorities. HSC 1999/053 5. Using Electronic Patient Records in Hospitals: Legal Requirements and Good Practice [HSC 98/153] 6. Data Protection Act 1998 7. Freedom of Information Act 2000 8. The Limitation Act 1980 9. British Standards Institute BSI PD 0008 (1999). Legal Admissibility and Evidential Weight of Information Stored Electronically 10. British Standards Institute BSI PD 5000 (1999). Electronic Documents and E- Commerce Transactions as Legally Admissible Evidence 11. Guidance for the Retention and Destruction of Health Records. MEL(1993)152 12. Retention and Disposal of Health Records: Consultation Report http://www.scotland.gov.uk/publications/2007/01/05115751/0 13. Retention, Storage and Disposal of Mammograms and Screening Records. NHSBSP January 2001 14. Guidance on the Retention and Destruction of Screening Records. Scottish Breast Screening Programme, 2005 15. Consumer Protection Act 1981 16. DICOM (Digital Image Communications in Medicine) 17. http://www.dh.gov.uk/policyandguidance/informationpolicy/patientconfiden tialityandcaldicottguardians (accessed 28/10/2005) 18. http://howis.wales.nhs.uk/microsite/documents/305/generalinformation.pdf (accessed 28/10/2005) 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information