RECORDS MANAGEMENT/ INFORMATION LIFE CYCLE POLICY

RECORDS MANAGEMENT/ INFORMATION LIFE CYCLE POLICY Version: 6 Policy Number: 12851 Policy Lead/Author & position: Chief Information Officer Ward / Department: Information Governance Replacing Document: 5 Ratifying Committee: Policy Development, Monitoring and Review Group Date Approved/Ratified: January 2004 Previous Reviewed Dates: December 2007, August 2009, November 2010,November 2015 Date of Current Review: August 2015 Date of Next Review: August 2018 Relevant NHSLA Standard(s): Standard 1, Criterion 7 Standard 1. Criterion 8 Target Audience All Staff & Contractors 1

EQUALITY STATEMENT Barnet, Enfield and Haringey NHS Trust aims to design and implement services, policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. It takes into account the Equality Act (2010) including the Human Rights Act 1998 and promotes equal opportunities for all. This document has been assessed to ensure that no employee receives less favourable treatment on the protected characteristics of their age, disability, sex (gender), gender reassignment, sexual orientation, marriage and civil partnership, race, religion or belief, pregnancy and maternity. Members of staff, volunteers or members of the public may request assistance with this policy if they have particular needs. If the member of staff has language difficulties and difficulty in understanding this policy, the use of an interpreter will be considered. Barnet, Enfield and Haringey NHS Trust embraces the four staff pledges in the NHS Constitution. This policy is consistent with these pledges. 2

Version Control Summary Version Date Section Author Comments 1.0 January Several Director of New Policy 2004 Strategy and Performance 2.0 December No changes 2007 3.0 August 2009 4.0 November 2010 5.0 November 2011 6.0 November 2012 Duties Director of Strategy and Performance Several Lead Nurse Education and Practice Development Several Director of Strategy and Performance Several Chief Information Officer 7.6 Workforce Development Department Update to new approved policy format Reviewed to meet 2011/12 NHSLA guidance and ensure the policy is fit for purpose for the merged organisation with Enfield Community Services Points 7.5, 8.8.4, 8.12.2. 8.13.1 & appendix 1 reviewed to meet NHSLA 2013/14 guidance. Several documents replaced with links. Point 8.16.2 -Reference to appendix 5. Appendix 5 added Protecting the Privacy of Transgender Patients, Meeting Your Legal Obligations. Changes to accountabilities 7.0 August 2015 Several Information Governance Manager 2.2 information related to Public Records Act included. 8.2.1 types of records includes staff diaries. 8.3.3 added reference to Records Management Code of Practice. 8.4.1 Removed reference to Audit Commission. 8.7.4 removed reference to two types of Rio. 8.10.2 included reference to records taken off site. 8.11.1 removed reference to Connecting for Health. Removed reference to paper discharge summaries. 9.1 updated reference to training mechanism. 13 amended list of related Trust documentation. Appendices amended appendix one removing links to service lines. Removed reference to St Anns records library. Amended 1.7 Health Records Management & 1.8 health record keeping standards. Added guidelines related to the management of staff diaries. 3

Table of Contents Section Page 1 Policy Statement 5 2 Introduction 5 3 Aim 5 4 Scope 5 5 Purpose and Outcome 5 6 Definitions 6 7 Duties 6 8. Records management 7 8.1 Overview of Records Management 7 8.2 Types of Records 8 8.3 Rationality for Managing Records 8 8.4 Monitoring Performance in Records Management 9 8.5 Legal and Professional Obligations 9 8.6 Record Creation 9 8.7 Record Keeping 9 8.8 Record Maintenance 10 8.9 Archiving 11 8.10 Disclosure of Records 11 8.11 Standard Issues Specific to Health Records 12 8.12 Tracking and Storage of Paper Records 14 8.13 Disclosure 15 8.14 Retention and Destruction 15 8.15 Confidentiality and Information Sharing 16 8.16 Access to Health Records 17 8.17 Electronic Records 18 9. Training 18 10. Incident Reporting 19 11. Monitoring Compliance and Effectiveness 19 12. Dissemination and Implementation 19 13. Trust s related Documentation 19 14. References 19 15. Appendices 19 Appendix 1: Links to Health record-keeping audits 20 Appendix 2: Record Management Retention and Destruction 20 schedule Appendix 3: Health Records management standards 22 Appendix 4: Protecting the Privacy of Transgender Patients 23 Appendix 5: Diary Management guidelines 25 16. Annexes 26 Annex A: Records Management Code of Practice, part 1 17. Annex B: Records Management Code of Practice, part 2 26 Equality Impact Assessment 27 4

1 Policy Statement 1.1 Barnet, Enfield & Haringey Mental Health NHS Trust (the Trust) is committed to a systematic and planned approach to the management of its records, from their creation to their ultimate disposal. This will ensure that the Trust can control both the quality and quantity of the information that it generates, that it can maintain information effectively and dispose of it efficiently and securely when no longer required. 2 Introduction 2.1 Each NHS organisation is required to have in place an overall policy statement on how it manages all of its records, including electronic records. The statement should be endorsed by the Board and made readily available to all staff at all levels of the organisation, both on induction and through regular update training. 2.2 All NHS records are public records under the terms of the Public Records Act 1958. Until 2000, the Public Records Act 1958 had been substantially amended once (by the Public Records Act 1967) and in detail many times by other statutes and statutory instruments. Most of these minor changes brought bodies within the scope of the Act. In 2000, however, the Freedom of Information Act 2000 introduced very significant changes, which came into force in January 2005. The Secretary of State for Health and all NHS organisations have a duty under the Public Records Act to make arrangements for the safe keeping and eventual disposal of all types of their records. This is carried out under the overall guidance and supervision of the Keeper of Public Records, who is answerable to Parliament. 3 Aim 3.1 The aim of this policy is to establish good practice in the Trust in the handling of records 4 Scope 4.1 This policy relates to all clinical and non-clinical operational records held in any format by the Trust. These include: All administrative records (e.g. personnel, estates, financial and accounting records, notes associated with complaints); and All patient health records (for all specialties and including private patients, including x-ray and imaging reports, registers, etc). 5 Purpose and Outcome 5.1 This document sets out a framework within which the staff responsible for managing the Trust s records and to develop specific policies and procedures to ensure that records are managed and controlled effectively, and at best value, commensurate with legal, operational and information needs. The Records Management of this process is by the management all the aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through to their lifecycle to their eventual disposal. The variance of record keeping can raise issues related to risk to the employees and also users of the Trusts facilities. Other purposes are to: 5

establish an information governance framework for NHS records management in relation to the creation, use, storage, management and disposal of all types of records clarify the legal obligations that apply to NHS records explain the actions required by Chief Executives and other managers to fulfil these obligations explain the requirement to select records for permanent preservation indicate where further information on records management may be found. 6 Definitions: 6.1 Records Management is a discipline which utilises an administrative system to direct and control the creation, version control, distribution, filing, retention, storage and disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the Trust and preserving an appropriate historical record. The key components of records management are: record creation; record keeping; record maintenance (including tracking of record movements); access and disclosure; closure and transfer; appraisal; archiving; and disposal. The term Records Life Cycle describes the life of a record from its creation/receipt through the period of its active use, then into a period of inactive retention (such as closed files which may still be referred to occasionally) and finally either confidential disposal or archival preservation. In this policy, Records are defined as recorded information, in any form, created or received and maintained by the Trust in the transaction of its business or conduct of affairs and kept as evidence of such activity. Information is a corporate asset. The Trust s records are important sources of administrative, evidential and historical information. They are vital to the Trust to support its current and future operations (including meeting the requirements of Freedom of Information legislation and Data Protection Act 1998), for the purpose of accountability, and for an awareness and understanding of its history and procedures. 7 Duties 7.1 The Chief Executive and senior managers 7.1.1 They are personally accountable for records management within the Trust. They are required to take positive ownership of, and responsibility for, the records legacy of predecessor organisations and/or obsolete services. They are also responsible for clinician s adherence to the Health record keeping standards outlined in this policy 6

7.2 Chief Information Officer 7.2.1 The Chief Information Officer has lead responsibility for records management in the Trust 7.3 Managers 7.3.1 They are responsible for the records management function in their services and should work in close association with the manager or managers responsible for freedom of information, data protection and other information governance work areas. They are responsible for ensuring that there are local arrangements in place to quality assure the standards of health record keeping. 7.4 Employees 7.4.1 All staff, whether clinical or administrative have a delegated responsibility for health records, those staff who manage the records libraries and other storage areas where health records are kept, must have an up-to-date knowledge of, or access expert advice on, the laws and guidelines concerning confidentiality, data protection (including subject access requests) and freedom of information and also adhere to this policy. 7.4.2 This responsibility also includes managing any records that they create or use in the course of their duties. Thus any records created by an employee of the Trust are public records and may be subject to both legal and professional obligations. There are particular duties for health professionals accessing and sharing health records (see below). A description of the legal and professional obligations can be found in Annex B. 7.4.3 Clinicians are responsible for adhering to the standards of health record keeping specified in this policy. 7.5 Clinical Audit Department 7.5.1 The Clinical Audit Department reports on a monthly audit of health record keeping standards carried out by clinicians in all services of the Trust. Findings are disseminated through the Trusts governance systems. 7.6 Workforce Development Department 7.6.1 The Workforce Development Team manage and monitor mandatory training and provide regular reports on compliance to senior management. Record keeping is included within the e-learning training package 7.6.2 Information Governance Forum The Information Governance forum will be responsible for monitoring and reviewing the implementation of the Trust s Records Management lifecycle policy 8 Records Management 8.1 Overview of Records Management 8.1.1 A systematic and planned approach to the management of records within an organisation, from the moment the need for a record to be created is identified, through its creation and maintenance to its ultimate disposal ensures that the organisation has ready access to reliable information. 7

An organisation needs to maintain that information in a manner that effectively serves its own business needs, those of Government and of the citizen, and to dispose of the information efficiently when it is no longer required. 8.2 Types of Records 8.2.1 This policy applies to Trust records of all types (including records of Trust patients treated on behalf of the Trust in the private healthcare sector) regardless of the media on which they are held. These may consist of: health records, electronic or paper based records of private patients seen on Trust premises registers administrative records (including, for example, human resources, estates, financial and accounting records; notes associated with complainthandling) X-ray and imaging reports, output and images photographs, slides, and other images microform (ie microfiche/microfilm) audio and video tapes, cassettes, CD-ROM etc e-mails computerised records scanned records text messages (both outgoing from the Trust and incoming responses from the patient) Staff diaries which includes any paper based organiser, notebook or loose-leaf organiser used to manage and record time and activity in relation to their work. 8.3 Rationality for Managing Records 8.3.1 Records are a valuable resource because of the information they contain. Highquality information underpins the delivery of high-quality evidence-based healthcare and many other key service deliverables. Information has most value when it is accurate, up to date and accessible when needed. An effective records management service ensures that information is properly managed and is available whenever and wherever there is a justified need for that information and in whatever media it is required. Information may be needed: to support patient care and continuity of care to support day-to-day business which underpins the delivery of care to support evidence-based clinical practice to support sound administrative and managerial decision making, as part of the knowledge base for NHS services to meet legal requirements, including requests from patients under subject access provisions of the Data Protection Act or the Freedom of Information Act to assist clinical and other types of audits to support improvements in clinical effectiveness through research and also to 8

support archival functions by taking account of the historical importance of material and the needs of future research or to support patient choice and control over treatment and services designed around patients 8.3.2 This policy, together with the supporting annexes, identifies the specific actions and managerial responsibilities for the effective management of all types of Trust records (ie both corporate and health records) from creation, as well as day-to-day use of records, storage, and maintenance to ultimate disposal procedures. 8.3.3 The Records Management NHS Code of Practice should be consulted for retention periods of various documentations and advised methods of destruction. 8.4 Monitoring Performance in Records Management 8.4.1 A number of bodies monitor our performance in respect of records management. The Care Quality Commission monitors a core governance standard relating to broad records management as part of its annual assessment of performance. The NHS Litigation Authority also undertakes a risk assessment survey as an integral part of its regulatory function. Other bodies likely to comment on records management performance include the Health Service Ombudsman when investigating a complaint, and the Information Commissioner when investigating alleged breaches of Data Protection or Freedom of Information legislation or in promoting the Lord Chancellor s Code of Practice on Records Management under section 46 of the Freedom of Information Act. 8.5 Legal and Professional Obligations 8.5.1 All individuals who work for an NHS organisation are responsible for any records which they create or use in the performance of their duties. Furthermore, any record that an individual creates is a public record. The key statutory requirement for compliance with records management principles is the Data Protection Act 1998. It provides a broad framework of general standards that have to be met and considered in conjunction with other legal obligations. The Act regulates the processing of personal data, held both manually and on computer. It applies to personal information generally, not just personal files held by employers, for example in finance, personnel and occupational health departments. All NHS records are Public Records under the Public Records Acts. The Trust will take actions as necessary to comply with the legal and professional obligations set out in the Records Management: NHS Code of Practice, in particular: The Public Records Act 1958; The Data Protection Act 1998; The Freedom of Information Act 2000; The Common Law Duty of Confidentiality; and The NHS Confidentiality Code of Practice. 8.5.2 Personal data is defined as data relating to a living individual that enables him/her 9

to be identified either from that data alone or from that data in conjunction with other information in the data controller s possession. It therefore includes such items of information as an individual s name, address, age, race, religion, gender and physical, mental or sexual health. Processing includes everything done with that information, i.e. holding, obtaining, recording, using, disclosing and sharing it. Using includes disposal, i.e. closure of the record, transfer to an archive or destruction of the record. More information on the application of the Data Protection Act is contained in Annex B.) 8.5.3 Other legislation relating to personal and corporate information and the records management function generally can also be found in Annex B. Additionally, health professionals are under a duty to meet records management standards set by their professional regulatory bodies. 8.6 Record Creation 8.6.1 Each service (for example finance, estates, people and organisational development, nursing) should have in place a process for documenting its activities in respect of records management. 8.6.2 Records of operational activities should be complete and accurate in order to allow employees and their successors to undertake appropriate actions in the context of their responsibilities, to facilitate an audit or examination of the Trust by anyone so authorised, to protect the legal and other rights of the Trust, its patients, staff and any other people affected by its actions and provide authentication of the records so that the evidence derived from them is shown to be credible and authoritative. 8.6.3 Records created by the Trust should be arranged in a record-keeping system that will enable the Trust to obtain the maximum benefit from the quick and easy retrieval of information. 8.7 Record Keeping 8.7.1 Implementing and maintaining an effective records management service depends on knowledge of what records are held, where they are stored, who manages them, in what format(s) they are made accessible and their relationship to Trust functions (for example finance, estates, human resources, healthcare). An information survey or record audit and a corporate filing system is essential to meeting this requirement. This survey will also help to enhance control over the records, and provide valuable data for developing records appraisal and disposal policies and procedures. 8.7.2 Paper and electronic record keeping systems should contain descriptive and technical documentation to enable the system to be operated efficiently and the records held in the system to be understood, The documentation should provide administrative context for effective management of records 8.7.3 The record keeping system, whether paper or electronic, should include a documented set of rules for referencing, titling, indexing and, where appropriate, the protective marking of records. These should be easily understood to enable 10

the efficient retrieval of information when it is needed and to maintain security and confidentiality. 8.7.4 Service users will have a single clinical record on Rio and where considered necessary a secondary paper record within the service working with them; with a maximum of one paper record per service. Any records kept at the service users homes must be retrieved upon discharge. The location of the record at a service users home as well as its retrieval must be recorded in Rio 8.8 Record Maintenance 8.8.1 The following should be taken into consideration: The movement and location of records should be controlled to ensure that a record can be easily retrieved at any time, that any outstanding issues can be dealt with, and that there is an auditable trail of record transactions. Storage accommodation for current records should be clean and tidy, should prevent damage to the records and should provide a safe working environment for staff. For records in digital format, maintenance in terms of back-up and planned migration to new systems should be designed and scheduled to ensure continuing access to readable information. Equipment used to store current records on all types of media should provide storage that is safe and secure from unauthorised access and which meets health and safety and fire regulations but which also allow maximum accessibility of the information in accordance with its frequency of use. A contingency or business continuity plan should be in place to provide protection for all types of records that are vital to the continued functioning of the organisation. 8.9 Archiving 8.9.1 When records are no longer required for the conduct of current business, their placement in a designated secondary storage area is a more economical and efficient way to store them. Procedures for handling records should take full account of the need to preserve important information and keep it confidential and secure. Health Records in paper format will be moved to off-site storage within three years after the patient last attended. For further information on archiving procedures for electronic records consult the Trust s IT provider, for physical health records contact local records department managers 8.10 Disclosure of Records 8.10.1 There are a range of statutory provisions that limit, prohibit or set conditions in respect of the disclosure of records to third parties and similarly a range of provisions that require or permit disclosure. The key statutory requirements can be found in Annex B. There are also a range of guidance documents (for example the Information Commissioner s Use and Disclosure of Health Information) that interpret statutory requirements and there are staff within the Trust who have special expertise in, or can advise on, particular types of disclosure. Caldicott Guardians, Health Records Managers or Caldicott Advisors should be 11

involved in any proposed disclosure of confidential patient information, informed by the Trust policy Confidentiality Code of Practice. 8.10.2 Other points of consideration are: The mechanisms for transferring records from one organisation to another should also be tailored to the sensitivity of the material contained within the records and the media on which they are held. Health Records Managers and/or Information Security staff should be able to provide advice on appropriate safeguards. Records taken off site - All members of staff taking records off site are responsible for their safekeeping. Staff should be made aware of their responsibilities and ensure that adequate security arrangements are made. On no account should a record containing personal information be left in an unattended car overnight. Arrangements should be made to ensure records are not visible when left unattended. Retention and Disposal Arrangements. Detailed guidance on retention periods for a full range of NHS records is included in the Trust Retention and Disposal Policy. It is particularly important under freedom of information legislation that the disposal of records which is defined as the point in their lifecycle when they are either transferred to an archive or destroyed is undertaken in accordance with clearly established policies which have been formally adopted by the organisation and which are enforced by properly trained and authorised staff. A record of the destruction of records, showing their reference, description and date of destruction should be maintained and preserved by the Records Manager, so that the organisation is aware of those records that have been destroyed and are therefore no longer available. Disposal schedules would constitute the basis of such a record. If a record due for destruction is known to be the subject of a request for information, or potential legal action, destruction should be delayed until disclosure has taken place or, if the authority has decided not to disclose the information, until the complaint and appeal provisions of the Freedom of Information Act have been exhausted or the legal process completed. 8.11 Standard Issues Specific to Health Records 8.11.1 Quality of the written record: The following applies: The Health and Social Care Information Centre, is working towards ensuring that all NHS health records will be kept in electronic format in the future. The NHS number has been adopted as the unique identifier for all Health records. Use of the NHS number will allow linkage of Health records across systems and organisations. It is envisaged that record linkage will improve effectiveness and efficiency of clinical care to patients. Use of the NHS number also supports the concept of a lifelong record. RIO is the electronic health record which has been implemented by the Trust, 12

it has been acknowledged that for the foreseeable future a paper record will still have to be kept for supplementary information. Please refer to Rio Procedural guidelines for documents identified to be retained in paper format In the mixed economy of paper and electronic records which will exist as the NHS CRS is developed it is essential that paper and electronic records are managed consistently to ensure that a complete health record is available at the point of need. This transitional period, during which the balance of paper and electronic records will change, will generate significant challenges, for example before patient data is migrated to the national data spine the data must be validated to ensure that duplicate registrations are eliminated and measures put in place in local systems to ensure that duplicate registrations are not created in the future. 8.11.2 Standards of Record keeping The following standards of record keeping are expected in all health records: All paper documentation must be clearly written and legible All entries into a health record must be concise, objective and accurate and will relate only to the healthcare episode All progress notes added by clinical staff will be classed as validated From the 1 st April 2013 progress notes added by students must be validated within 48 hours No entry must contain subjective or judgmental statements All entries must be clearly defined as to the date they were made and the time the entry was made using the 24 hour clock All entries in paper documentation must be signed with the signature printed alongside the first entry All entries in paper records must be made in black ink The use of terminology and jargon must be avoided wherever possible If abbreviations are used for the sake of speed, the full meaning must appear the first time the abbreviation is used Any alterations or additions in the paper records must be dated and timed, and must be made in a way which ensures that the original entry can still be read All entries must be in chronological order Every document in the record must contain the patient s name and record number Records should be written wherever possible with the involvement of the patient/carer and in terms that the patient can understand Parental responsibility must to be identified where the records relate to a child. Patient agreement/restrictions on information sharing must be documented Validation rights 13

The Trust have agreed on the following with regards to which staff will be provided with validation rights to sign off their own progress notes: All qualified members of staff All Healthcare Assistants (HCA s) Administrative staff, on the request of the department to facilitate the entry of non-clinical information when required. All clinical information is to be entered by a clinician, or, where arrangements are put in place, entered in the name of the clinician by administrative staff, and validated by the clinician. 8.11.3 Filing It essential that paper health records are filed away in the right place in the relevant case note as soon as reasonably practicable. Loose materials can be easily be mislaid and present a significant risk to the quality and safety of patient care as well as jeopardising patient confidentiality. Documentation should be uploading onto Rio as per the Rio procedural guidance which is available on the intranet http://staff.beh-mht.nhs.uk/clinical/rio/procedural-guides.htm The following applies: All documentation in the paper health record must be filed in the body of the case note in the appropriate section in a contemporaneous order. All staff using the paper health record have a responsibility to ensure that filing of all documentation is carried in accordance with this policy. Investigation results must be signed and dated by the medical staff and attached to the appropriate mount sheet with the most recent result on top Complaint and litigation correspondence must not be filed in the health record. This information must be filed separately so as to ensure that the complainant s ongoing care is not compromised and to assure them that concerns about treatment can be raised without prejudiced. All other patient related paper documentation must be uploaded onto Rio and/or filed as specified above in the health record. 8.11.4 Process for Ensuring a Contemporaneous Complete Record of Care In the mixed economy of paper and electronic records, staff must demonstrate one clear and contemporaneous record of the care being provided is available to those involved in the patient s treatment. Trust services are provided with scanners which are to be used to aid in this process. Paper documents relevant to an individual s care and treatment should be scanned and uploaded to the patient s electronic record where appropriate. Specific guidance as to how/where this uploaded documentation is to be filed on the electronic record is available on the Trust Intranet Procedural guides. In the event the document cannot be uploaded, a note is to be placed in the patient s progress notes (on the electronic system) identifying where the paper document can be found. 14

8.12 Tracking and Storage of Records 8.12.1 All paper health records must be traceable at all times. When not in use for inpatient or outpatient care, all paper health records must be held in the Records Libraries or other designated storage areas: The Records Libraries and other designated storage areas will maintain an : Individual tracer system for each set of health records The tracer form/system will be used for all movement of health records from the Records Libraries Each relevant department will use a tracer system for recording the movement of health records in and out of that department. Health records must only be transported between sites by approved transport methods. Where health records need to be taken off Trust premises (e.g. for a home visit or for a multi-professional meeting), this should be documented through the tracer system and approved by the relevant service manager/team leader. Records that are taken off site must never be left unattended and must be returned to the work base as soon as possible. If it is necessary to retain them overnight, they must be securely stored. Records must never be left in a car. Health records must never be taken home except with the prior agreement of a senior manager, in addition data shall be relevant, adequate and not excessive in relation to the purpose/s that it s required. If a health record cannot be found for any period of time despite a full search, the Health Records Manager must be informed, who will then make a document all efforts made to locate the record. It should be noted that the permanent loss of a health record is a serious event therefore an incident form must be completed and the incident management process followed which should include a full investigation into the circumstances around the loss of the record. The Caldicott Guardian must be informed of all permanently lost health records. All staff are responsible for the safe custody of patient records in their use and all records must be accessible and/or track able 24 hours a day The Records Libraries and other designated storage areas will provide security of patient paper records. Where these records are in clinical use outside of the designated areas, they must be held securely. Where rooms containing case notes are unattended, they must be locked. 8.13 Disclosure 8.13.1 Original health records are legal documents and belong to the Trust. From time to time requests may be made from other health care organisations, agencies or individuals for access to the records. The main original paper records should never be sent in response to such a request. Such requests should be dealt with by providing copies and sub-copies and summaries as necessary and bearing in mind legal requirements and Trust policy around access to health records and information sharing (see section below). Original patient records may not be sent to hospitals outside of the Trust. Photocopies of relevant sections must be made by the person sending the notes. In the case of electronic health records, relevant print-outs will be made. All requests for patient records from outside the Trust must be referred to the 15

relevant administration Managers. provide advice upon request. The Trust Health Records manager can 8.14 Retention and Destruction 8.14.1 All records will be retained in accordance with The Records Management NHS Code of Practice. In summary, this is as follows: Mental Health 20 years after no further treatment considered necessary or 8 years after death Children and young people until the patient s 25th birthday, or 26th if the young person was 17 at conclusion of treatment Adults and older people (ECS) 8 years following discharge from treatment or death If records are required to be kept for a longer period than stated, e.g. in cases of litigation and for research purpose, they must be clearly marked as such on the outside of the patient record folder. See Appendix 2. 8.14.2 Destruction of patient records must be carried out by an approved contractor who will provide written confidentiality undertakings and written certification of destruction. Health records pertaining to deceased patients or to patients who have not attended for more than four years will be archived off site to an approved third party contractor to ensure that those arrangements meet all legal and best practice requirements. It is the responsibility of the Records Libraries to undertake regular archiving as required for records stored through the libraries. Where records are stored and managed in community based or other designated stores, it is the responsibility of the manager of that service to ensure that there are suitable archiving arrangements in place. Reference should be made to the Health Records Manager in respect of all archiving arrangements. Archiving and destruction of electronic records will be carried out on behalf of the Trust by the IT service provider in consultation with the Trust. 8.15 Confidentiality and Information Sharing 8.15.1 The following are required: The information that patients provide to the NHS about themselves is confidential information. All staff are subject to the duty of confidence which is a term of their contract and part of all professional codes of conduct. All staff working within the NHS are also subject to the Trust Confidentiality Code of Conduct. A copy of this is on the intranet. One of the key requirements is the need to inform patients, service users and clients about how we will use their personal information, both paper and electronic and to provide wherever possible choice about the use of that information. All services must have in place an auditable process for demonstrating that patients have been informed and that patient agreement/choices have been documented. Where patients have placed any restrictions on the use of information, this should be noted clearly on the file and on any electronic database/system used to record information in that service area. Patients must also be informed of the risks and benefits associated with the use and restriction of use of any information. Provided that these arrangements are in place, health professionals do not as 16

a matter of course need to seek expressed consent to share patient information on an ongoing basis where this information is being used for the purposes of providing care to the patient in question. 8.15.2 Staff should always be able to justify the purpose and extent of sharing the information within this context. Where care is being provided by a number of agencies, relevant patient information may be shared with those involved in providing that care but subject to the provisos set out in relevant Information Sharing Agreements. (see Trust policies on Confidentiality and Information Sharing). Protecting the Privacy of Transgender Patients- The Gender Recognition Act Under the Gender Recognition Act, transgender people who experience severe gender variance, and have medical treatment for the condition, may apply to the Gender Recognition Panel (GRP) for a Gender Recognition Certificate (GRC). The GRC then entitles them to recognition of the gender stated on that certificate for all purposes. In addition to protection under the Data Protection Act, the law provides extra privacy protection under the Gender Recognition Act for those transsexual people who are applying for, or who already have, a Gender Recognition Certificate (GRC). see appendix 5 briefing note for clinical leaders 8.16 Access to Health Records 8.16.1 The following are required: Under the Data Protection Act 1998, subject to certain exemptions, patients have right of access to personal data about themselves, irrespective of when it was created, whether this is held in computerised or manual form, personal representatives of deceased patients have right of access under the Access to Health Records Act 1990. All requests for access to patient records other than from health professionals involved in the care of the patient concerned must be referred to the local manager. All requests for access to health records within these provisions should dealt with in accordance with the access arrangements set out in local procedures. All health professionals should have access to the electronic record using the Trust s security arrangements. The range of access is defined by the health professionals role (role based access). The system will ask for a reason for accessing a record outside of the agreed access level. Viewing a health record without a legitimate reason will be treated as a breach of confidentiality and be viewed as gross misconduct (see the Trust s confidentiality policy). 8.16.2 With regard to supplementary paper records there are arrangements for access during and outside office hours: During office hours (Monday to Friday 9am to 5pm) paper records may be accessed by contacting the relevant Records Department. If the record is not there an individual tracer system is in place which records 17

the last destination of the record. It is essential that the tracer system used is regularly updated. Outside office hours all records held in the records libraries are accessible - local procedures apply which should be made familiar to all staff see appendix 3 (a-c). Key principles are: that notes will only be accessible to authorised professionals; that this is a responsibility on those professionals to access only those notes relevant to the case they are dealing with; that a record is made of any notes removed and that notes are returned when no longer required. With regard to access to personnel records (see separate policy on the Trust s intranet) 8.17 Electronic Records 8.17.1 The Trust s electronic health records system Rio, is the primary health record which is linked to the National Spine. Health records information will be uploaded onto Rio using appropriate agreed methods, for example scanning. Access to Rio is available via smartcard which has strict access control levels. Access to records is routinely monitored and in accordance with the Trust s confidentiality and records policies viewing a record without a legitimate reason will result in disciplinary action and may be considered as an act of gross misconduct. Health records that pre-date Rio are kept in paper format in records libraries or off site at the Trust archive data warehouse company, and are available via records staff. Staff guidance/policies and procedures on the use of Rio are available on the following link on the Trust intranet. RiO All scanned records should adhere to the need to protect the evidential value of the record, by copying and storing the record in accordance with British Standards, in particular the Code of Practice for Legal Admissibility and evidential weight of information stored electronically (BIP 0008) and the Document Scanning: Guide to Scanning Business Documents (PD 00 16) which provides guidance to evaluate scanners to user requirements. Further guidance available at: http://www.bs10008.com/ The management of all electronic records should not differ from the management of paper records, with regard to retention periods, access, retrieval, availability, confidentiality. 9 Training 9.1 All staff are required to undertake mandatory annual Information Governance training via the Trust approved e-learning system and should include records management. The Trust acknowledges there will be a very small cohort of staff who this may not be appropriate. Alternative arrangements can be made upon request and with agreement from their line manager. Trust Employees must be appropriately trained so that they are fully aware of their 18

personal responsibilities in respect of record keeping and records management, and that they are competent to carry out their designated duties. Training should also include guidance for staff in the use of electronic records systems. It should be done through both generic and specific training programmes, complemented by organisational policies and procedures and guidance documentation. Local induction should include basic record keeping requirements such as: what they are recording and how it should be recorded why they are recording it how to validate information with the patient or carers or against other records to ensure they are recording the correct data ` how to identify and correct errors so that they know how to correct errors and how to report errors if they find them the use of information so they understand what the records are used for (and therefore why timeliness, accuracy and completeness of recording is so important) and how to update information and add in information from other sources confidentiality 10 Incident Reporting 10.1 All incidents are to be reported in accordance with the Trust Incident Reporting Policy using the on-line DATIXWEB reporting system. Serious harm to an employee s health or dangerous occurrences may require the Head of Non-clinical Risk to complete a RIDDOR report form. 11 Monitoring Compliance and Effectiveness 11.1 See appendix 3 12 Dissemination and Implementation 12.1 This document will be made available to all Trust staff on the Trust Intranet and through line management cascade and brought to the attention of new staff via the induction process. This policy supersedes all previous policy implementation. 13 Related Trust Documentation 13.1 Confidentiality and Information Sharing) policy Personnel records Policy Human Resources Policies Annual training needs analysis Information Governance Policy Data Protection Policy Information Sharing Policy Risk Training Policy 14 References 14.1 Please refer to Appendix 2 19

15. APPENDICES Appendix 1 The link below is used by staff to provide information for monthly quality assurance audits. The audits are developed for individual Boroughs and teams and subject to change where quality needs are addressed. https://www.oc-meridian.com/beandhmht/completion/custom/default.aspx?slid=49&did= Appendix 2 RECORDS MANAGEMENT RETENTION AND DESTRUCTION SCHEDULE 1. BACKGROUND The destruction of records is an irreversible act, while the cost of preserving records worthy of permanent preservation is high and continuing. The criteria which follow are intended to give guidance on how long records should be kept for business purposes and on the identification of records of permanent value. 2. REFERENCES Records Management: NHS Code of Practice 2006 Data Protection Act 1998 Freedom of Information Act 2000 Many of the retention periods set out below are carried forward unchanged from the previous circular on this topic. The periods recommended thus reflect long-standing good practice and established thinking about the usefulness of the records for business and periods during which the records support necessary accountability. In the case of some records, especially ledgers, some contracts and certain financial records, statutory authorities apply; where this is known to be the case, the relevant legislation or regulation is mentioned in the Notes column of the table. 3. ACTION Corporate records managers and all those with a responsibility for holding records, both manual, computerised (including emails) and in any other format must ensure that records no longer required for business use are reviewed as soon as practicable under the criteria set out below so that ill-considered destruction is avoided. This schedule identifies minimum retention periods. The review will determine whether records are to be selected for permanent preservation, destroyed or retained by the Trust for research or litigation purposes. Whenever the schedule is used, the guidelines listed below should be followed: I.Local business requirements/instructions must be considered before activating retention periods in this schedule. ii. Decisions should also be considered in the light of the need to preserve records whose use cannot be anticipated fully at the present time but which may be of value to future generations. iii. Recommended minimum retention periods should be calculated from the end of the calendar or accounting year following the last entry on the document. Records Management /Information Life Cycle Policy V6 August 2015 20

iv Where the period of retention column is marked with an asterisk*, the documents described must be considered for permanent preservation and the advice of the chief archivist of an appropriate place of deposit obtained. A list of these approved places of deposit, with telephone and fax numbers which were fully up-to-date in the autumn of 1998, can be found in Appendix B3 of HSC 1999/053 For the Record. In cases where there is any doubt about the most appropriate place of deposit, advice should be sought from Archive Inspection Services, National Archives, Kew TW9 4DU (tel: 0208 392 5262; fax: 0208 392 5284). v. The selection of files for permanent preservation is partly informed by precedent (the establishment of a continuity of selection) and partly by the historical context of the subject (the informed identification of a selection). General rules should be drawn up locally, using the profile of material which has already been selected, and the history of the institution or organisation (including pioneering treatments and examples of excellence) within the context of its service to the local and wider communities. vi. The provisions of the Data Protection Act 1998 must also be complied with. The schedule does not seek to cater for all eventualities: the responsible records managers need to consider whether exceptional circumstances (e.g. events of local or national significance reflected in the records) require the long-term preservation of the records. By their nature these schedules are long and the following links are to guidance given in Schedule D of the Department of Health Records management: NHS code of practice: 1. Notes to accompany the NHS Records Retention and Disposal Schedules Annex D https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/200139/records_management_- _NHS_Code_of_Practice_Part_2_second_edition.pdf 2. Health Records Retention Schedule - Annex D1 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/200139/records_management_- _NHS_Code_of_Practice_Part_2_second_edition.pdf This retention schedule details a Minimum Retention Period for each type of health record. Records (whatever the media) may be retained for longer than the minimum period. However, records should not ordinarily be retained for more than 30 years. Where a retention period longer than 30 years is required (eg to be preserved for historical purposes), or for any pre-1948 records, The National Archives should be consulted. Organisations should remember that records containing personal information are subject to the Data Protection Act 1998. 3. Business and Corporate records (non-health) retention schedule Annex D2 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/200139/records_management_- _NHS_Code_of_Practice_Part_2_second_edition.pdf 4. Electronic/ audit trails - Annex D3 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/200139/records_management_- _NHS_Code_of_Practice_Part_2_second_edition.pdf Records Management /Information Life Cycle Policy V6 August 2015 21

Appendix 3 Criterion: Criterion lead: 1.7 Health Records Management & 1.8 Health Record Keeping Standards Doreen Todd Criterion details The organisation has an approved documented process for ensuring the local induction arrangements for all temporary staff that is implemented and monitored. a) basic record-keeping standards, which must be used by all staff b) how health records are tracked when in current use Minimum requirement to be monitored Process for monitoring e.g. audit Responsible individual/ group/ committee Frequency of monitoring Responsible individual/ group/ committee (plus timescales) for: Review of results Development of action plan Monitoring of action plan and implementation Basic record keeping standards which must be used by all staff. Monthly quality assurance audit Ward managers and clinical leads Clinical audit dept Monthly Borough deep dive meetings Managers cascading results to front line clinical staff Ward managers and team leads Borough base clinical governance meeting Borough base deep dive meeting How health records are tracked when in current use Audit of tracer cards and tracer book Missing record data base audit Assistant Directors and Managers. Medical Records Manager. Caldicott Guardian Quarterly Information governance group / Medical Records Manager Information governance group / Medical Records Manager Information governance group / Medical Records Manager Records Management /Information Life Cycle Policy V6 August 2015 22

Appendix 4 Protecting the Privacy of Transgender Patients, Meeting Your Legal Obligations A briefing note for clinical leaders Introduction All staff need to be aware that legislation gives transgender individuals the right to have their gender change recognised as their legal identity. The law also prohibits the disclosure of information about a transgender person s change of gender. Only doctors, nurses, pharmacists (plus dentists, paramedics and operating theatre practitioners) are allowed to access this information for medical purposes in a professional capacity. They are legally prohibited from sharing it with other types of staff in team without the consent of the patient. This is an interim briefing note. As we get more clarification on the information governance issues, further advice will be made available. In the meantime please share this with all members of your healthcare teams as appropriate. Sharing information about the previous medical history of a transgender patient Doctors, pharmacists or nurses, who pass on information about a transgender patient s previous gender to others without the patient s permission, risk committing a criminal offence, which in turn would trigger a referral to the General Medical Council, Nursing and Midwifery Council or General Pharmaceutical Council. This is because the information is protected under the Gender Recognition Act as it has been acquired in an official capacity. Section 22 of the GRA prohibits the disclosure of information about a trans person s change of gender. http://www.legislation.gov.uk/ukpga/2004/7/section/22 Detailed guidance is set out in secondary legislation -The Gender Recognition (Disclosure of Information) (England, Wales and Northern Ireland) Order 2005 If it is reasonable for you to know that a patient has applied for, or obtained, a GRC, you are only allowed to break the privacy rule in very particular circumstances. It is not an offence under section 22 of the Act to disclose protected information if: the disclosure is made to a health professional (see definition of which groups this includes); the disclosure is made for medical purposes; and the person making the disclosure reasonably believes that the subject has given consent to the disclosure or cannot give such consent. Medical purposes includes the purposes of preventative medicine, medical diagnosis and the provision of care and treatment. Health professional means only one of the following: a registered medical practitioner; a registered dentist within the meaning of section 53 of the Dentists Act 1984; a registered pharmaceutical chemist within the meaning of section 24(1) of the Pharmacy Act 1954 or a registered person within the meaning of article 2(2) of the Pharmacy (Northern Ireland) Order 1976; a registered nurse; a person who is registered under the Health Professions Order 2001 as a paramedic or operating department practitioner; a person working lawfully in a trainee capacity in any of the professions specified in this paragraph. Records Management /Information Life Cycle Policy V6 August 2015 23

Please note the definition does not include other members of the multidisciplinary team such as; psychologists, other allied healthcare professionals, any non-registered healthcare workers, any social workers or admin support staff. So doctors, nurses, pharmacists and dentist (and paramedics/operating department practitioners) can gain access to a person s previous medical history for medical purposes, but they cannot share that with any other types of health professionals without the permission of the patient. If they do they would be committing a criminal offence. Discussing patients gender status It is therefore very important that at the first point of contact with a patient staff ask them about their protected characteristics (age, disabilities, sex, ethnicity, marital status, religion or beliefs, sexual orientation, pregnancy/maternity and of course gender re-assignment) and this is recorded. If the patient discloses that they are transgender, then staff can tactfully discussing if the patient has received or applied for, a certificate of gender recognition. Managing Patients records At the moment the precise process for managing this relatively rare occurrence in relation to RiO and the national patient record system is evolving. Patient records can be hidden for a number of reasons; adoption, witness protection, donor anonymity etc, so it cannot be assumed it is due to possession of a certificate of gender recognition. If you are a member of one of the health professions listed in the Act and you need to access RiO or physical records of any patient who is transgender you should assume that they already have or have applied for a CGR and so treat sharing their information accordingly Do not share information about previous gender with non listed professionals Ensure access to clinical notes and records indicating previous gender is restricted Do no record or allude to previous gender in clinical notes which can be seen by other types of care staff At an appropriate or opportune point in the therapeutic dialogue, seek permission to share information. Records Management /Information Life Cycle Policy V6 August 2015 24

Appendix 5 Diary Management Guidelines Information recorded in diaries as part of BEHMHT staff work belongs to BEHMHT and, as such should be maintained as described within these guidelines. These guidelines also apply to the use of electronic diaries and PDA s. 1. Issue of Paper Diaries Line Managers determine, on an annual basis, who, within their teams, will require diaries and order the appropriate number of diaries for issue. 2. Information recorded in diaries Following the principles of good record keeping, entries in paper diaries should be legible, made in indelible black ink and be free from the use of correction fluid. Entries in electronic diaries should not be deleted but annotated in event of changes ie: meeting cancelled, patient visit confirmed/cancelled. As a minimum, and depending upon the role of the member of staff, the information recorded in diaries by staff should contain the following information: Patient visits (using minimum amount of detail) Meeting details (name of meeting, venue, time) Mileage information (must be kept by each member of staff) this can be held in diaries unless an alternative method of recording mileage has been agreed with line managers. Mileage should be recorded at the beginning and end of each shift and identified if this is home or base. Annual leave Sickness leave/absence Record if student or passenger working/travelling with you It is acceptable for telephone numbers to be recorded within the diaries. It is not acceptable for staff to carry loose paper containing identifiable patient details. It is known that staff note keysafe numbers in their diaries but any such numbers should not be noted next to the patient name or address. 3. Audit Staff may be required to audit diary entries as part of a Trust documentation audit. 4. Storage of Paper Diaries Diaries of all clinicians must be destroyed under confidential conditions, no earlier than 2 years after end of year to which diary relates and in accordance with the Information Security Management, NHS Code of Practice. 5. References Information Security Management, NHS Code of Practice https://www.gov.uk/government/publications/information-security-management-nhs-code-of-practice Records Management /Information Life Cycle Policy V6 August 2015 25

16. ANNEXES Records Management Code of Practice parts 1 & 2 https://www.gov.uk/government/publications/records-management-nhs-code-of-practice Part one - Annex A: Resources to Support Improvement Part two- Annex B: Legal and Professional Obligations Relevant Standards and Guidelines Professional Codes of Conduct Records Management /Information Life Cycle Policy V6 August 2015 26

EQUALITY IMPACT ASSESSMENT AND ANALYSIS FORM Name of the policy/service development, strategy or plan being analysed Records Management Information Lifecycle Policy Name and job title of the manager responsible for carrying out this analysis: Doreen Todd, Information Governance Manager Please summarise your policy/service development, strategy or plan To ensure that the Trust can control both the quality and quantity of the information that it generates, that it can maintain information effectively and dispose of it efficiently and securely when no longer required. What are the main objectives or intended outcomes of the policy/service development, strategy or plan? Promote good data quality Maintain a high standard of processing information To adhere to National standards To facilitate adherence to local and National policies Records Management /Information Life Cycle Policy V6 August 2015 27

1. Please indicate the expected impact of your proposal on people with protected characteristics Characteristics Significant +ve Some +ve Neutral Some -ve Significant -ve Age: x Disability: x Ethnicity: x Gender re-assignment: x Religion/Belief: x Sex (male or female) x Sexual Orientation: x Marriage and civil partnership x Pregnancy and maternity x The Trust is also concerned about key disadvantaged groups event though they are not protected by law Substance mis-users The homeless The unemployed x x x 2. Consideration of available data, research and information Monitoring data and other information should be used to help you analyse whether you are delivering a fair and equitable service. Social factors are significant determinants of health outcomes. Please consult these types of potential sources as appropriate. There are links on the Trust website: Joint strategic needs analysis (JSNA) for each borough Demographic data and other statistics, including census findings Recent research findings (local and national) Results from consultation or engagement you have undertaken Service user monitoring data (including age, disability, ethnicity, gender, religion/belief, sexual orientation and) Information from relevant groups or agencies, for example trade unions and voluntary/community organisations Analysis of records of enquiries about your service, or complaints or compliments about them Recommendations of external inspections or audit reports Reference data, research and information that you have Records Management /Information Life Cycle Policy V6 August 2015 28

Key questions 2.1 How does this change/development/plan relate to the Trust s corporate equality objectives and the public sector duty? reviewed which you have used to form your response This policy supports the Trust s data quality improvement plan 2.2 What are the relevant equalities characteristics of the staff involved or affected? None 2.3 What are the relevant equalities characteristics of the service users and carers involved or affected? None 2.4 What other relevant data do you have in terms of service users or staff? (e.g. results of customer satisfaction surveys, consultation findings, census data, and health needs assessments etc). Results from customer satisfaction surveys Clinical audit reports 3. It is Trust policy that you explain your proposed development or change to people who might be affected by it, or their representatives. Please outline how you plan to do this. Group Information Governance Forum Methods of engagement Bi-monthly meeting Records Management /Information Life Cycle Policy V6 August 2015 29

4. Equality Impact Analysis Improvement Plan If your analysis indicates some negative impacts, please list actions that you plan to take as a result of this analysis to reduce those impacts, or rebalance opportunities. These actions should be based upon the analysis of data and engagement, any gaps in the data you have identified, and any steps you will be taking to address any negative impacts or remove barriers. The actions need to be built into your service planning framework. Actions/targets should be measurable, achievable, realistic and time framed. Issues identified Actions required By who 6. Sign off and publishing Once you have completed this form, it needs to be approved by Service Director, Clinical Director or an Executive Director or their nominated deputy. If this Equality Impact Analysis relates to a policy, procedure or protocol, please attach it to the policy and process it through the normal approval process. Following this sign off by the Policy Review and Monitoring Committee your policy and the associated EqIAn will be published by the Trust s policy lead on the website. If your EqIAn related to a service development or business /financial plan or strategy, once your Director or the relevant committee has approved it please send a copy to the Equalities Team (equalities@beh-mht.nhs.uk), who will publish it on the Trust s website. Keep a copy for your own records. I have conducted this equality Impact analysis in line with Trust guidance Your name: Doreen Todd Position Information Governance Manager Signed: Date: 18/08/15 Records Management /Information Life Cycle Policy V6 August 2015 30

Approved by: Your name: Melanie Ingham Position: Deputy Director of Nursing and Governance Sign: M.Ingham Date 18/08/15 Records Management /Information Life Cycle Policy V6 August 2015 31