RECORDS MANAGEMENT POLICY (Non-Clinical Records) Version 6 Name of responsible (ratifying) committee Information Governance Steering Group Date ratified 12 November 2014 Document Manager (job title) Information Governance Manager Date issued 03 February 2015 Review date 30 November 2016 Electronic location Management Policies Related Procedural Documents Records Management Strategy, Records Retention and Disposal Policy, Health Records Management Policy Key Words (to aid with searching) Records Management, Corporate Records, Retention and Disposal, Filling Version Tracking Version 6 Title of Policy: Issue Number: Issue Date: Review date: Date Ratified Brief Summary of Changes Author 12 November 2014 Update to Training Requirements (section 7) to reflect Essential Skills Handbook and e-assessment Update to Monitoring Compliance section (9) to reflect requirements of the Information Governance Compliance Framework Information Governance Manager Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 1 of 14 CONTENTS QUICK REFERENCE GUIDE ............................................................................................................. 3 1. INTRODUCTION.......................................................................................................................... 4 2. PURPOSE ................................................................................................................................... 4 3. SCOPE ........................................................................................................................................ 4 4. DEFINITIONS .............................................................................................................................. 4 5. DUTIES AND RESPONSIBILITIES .............................................................................................. 4 6. PROCESS ................................................................................................................................... 5 6.1. What is a Record? .................................................................................................................... 5 6.2. What is Records Management? ............................................................................................... 5 6.3. Electronic Records Management Requirements ....................................................................... 5 6.4. Effective Electronic Records Management ............................................................................... 6 6.5. Creating a Document or File ..................................................................................................... 6 6.6. Naming Folders, Files and Documents ..................................................................................... 6 6.7. Version Numbers...................................................................................................................... 7 6.8. Structuring Folders and Files .................................................................................................... 7 6.9. Disclosure of Information about Staff ........................................................................................ 7 6.10. Document Properties ............................................................................................................ 9 6.11. Creating a Paper Document.................................................................................................. 9 6.12. Filing Paper Documents...................................................................................................... 10 6.13. Storage of Paper Records .................................................................................................. 10 6.14. Electronic Document Imaging ............................................................................................. 10 6.15. Disposal of Documents ....................................................................................................... 10 6.16. Destruction of Records ....................................................................................................... 10 6.17. Retention of Records .......................................................................................................... 10 6.18. Retention Schedules ........................................................................................................... 11 6.19. E-mails ............................................................................................................................... 11 6.20. Confidentiality and Security of Records............................................................................... 11 6.21. Access to Records .............................................................................................................. 11 6.22. Sharing Records ................................................................................................................. 11 7. TRAINING REQUIREMENTS .................................................................................................... 12 8. REFERENCES AND ASSOCIATED DOCUMENTATION .......................................................... 12 9. EQUALITY IMPACT STATEMENT ............................................................................................ 12 10. MONITORING COMPLIANCE WITH PROCEDURAL DOCUMENTS ........................................ 14 Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 2 of 14 QUICK REFERENCE GUIDE This policy must be followed in full when developing or reviewing and amending Trust procedural documents. For quick reference the guide below is a summary of actions required. This does not negate the need for the document author and others involved in the process to be aware of and follow the detail of this policy. 1. The purpose of this policy is to guide staff towards a systematic, consistent and planned approach to the management of non-clinical records 2. This policy will outline the specific requirements for management paper and electronic records, although there will be similarities between these media 3. All staff have responsibility for managing records they create or use, which are public records and may be disclosed under legal or professional obligations. Records belong to the Trust and not the individual who created them 4. A record is any recorded information created or received in the course of the Trust’s business and which needs to be retained in order to provide evidence of business activity, transaction or decision-making. 5. Records can exist in any media including paper, electronic, photographs and images, and audio and visual recordings 6. Electronic records must be filed in appropriate locations (not the hard drives of PCs) and should follow consistent naming conventions to ensure ease of retrieval. Folders should also be logically structured 7. Paper records should follow similar naming conventions to electronic records and be filed in suitable environmental conditions 8. Good ‘house keeping’ means records should only be held for the minimum necessary time (further information can be found in the Records Management: NHS Code of Practice via the Department of Health website / Information Governance intranet pages) 9. Destruction of records should be undertaken appropriately, e.g. use “Shred-It” bins for confidential records 10. E-mails can be considered as valuable records and should be managed and filed accordingly (e.g. use network folders rather than relying on Outlook) 11. Records shared across the Trust should ideally be merged or effectively cross-referenced to ensure information can be ‘collected once and used many times’ Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 3 of 14 1. INTRODUCTION All NHS records are public records under the terms of the Public Records Act 1958. Chief Executives and senior managers of all NHS organisations are personally accountable for records management within their organisation. The Secretary of State for Health and all NHS organisations have a duty under the Public Records Act to make arrangements for the safe keeping and eventual disposal of all types of their records. In addition, NHS organisations need robust records management procedures to meet the requirements set out under the Freedom of Information Act 2000, Standards for Better Health, The Information Governance Toolkit, CNST record keeping standards, and the National Programme for IT. Records are a valuable resource because of the information they contain. High quality information underpins the delivery of high quality, evidence-based health care, and other service deliverables. Information is of greatest value when it is accurate, up to date and accessible when it is needed. Currently, within the Trust, we all have our own personal or directorate methods of managing records, which, whilst they may be effective at a local level, are not consistent across the Trust. 2. PURPOSE To provide guidance to all staff within the Trust to ensure there is a systematic and planned approach to the management of non-clinical records. 3. SCOPE This policy covers all corporate / administrative records within the Trust. The Health Records Management Policy covers the management of health and clinical records. Both policies underpin the Information and Records Management Strategy. This policy will be a dynamic document, which will evolve as further NHS guidance becomes available, and should be read in conjunction with the Records Management: NHS Code of Practice (2006) Part 1 and Part 2. This policy will be divided into 2 sections: the management of electronic records and the management of paper records, although some areas will overlap. ‘In the event of an infection outbreak, flu pandemic or major incident, the Trust recognises that it may not be possible to adhere to all aspects of this document. In such circumstances, staff should take advice from their manager and all possible action must be taken to maintain ongoing patient and staff safety’ 4. DEFINITIONS C drive is the data storage area in your (specific) PC P drive is your personal area on the server G drive is the shared network storage area on the server 5. DUTIES AND RESPONSIBILITIES The records management function of the Trust should be recognised by the Chief Executive as a specific corporate responsibility as it provides a managerial focus for records of all types, in all formats, throughout their lifecycle, from planning and creation through to ultimate disposal. The Chief Executive should support the clearly defined responsibilities and objectives, and support adequate resources to achieve this. Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 4 of 14 The Information Governance Manager has lead responsibility for records management within the organisation. Managers with directorate and departmental responsibility for records management must work with the Information Governance Manager to ensure that there is compliance with this policy. All staff, whether clinical or administrative, must ensure that they are fully aware of their responsibilities in respect of record keeping and management. Under the Public Record Act, all NHS employees have a degree of responsibility for any records that they create or use. Thus, any records created by an employee of the NHS are public records and may be subject to both legal and professional obligations. 6. PROCESS 6.1. What is a Record? A record is any recorded information created or received in the course of Trust business, which needs to be retained to provide evidence of a business activity, transaction or decision. Records can exist in any format or media, including paper, electronic, photographs and images, and audio and visual recordings. Records capture the information about transactions, decisions and business activity, which needs to be retained as evidence. Not all documents and files used in a business process will necessarily need to be captured into record keeping systems. Only those required to provide an adequate, accurate record of the work carried out or decisions made. The capture of relevant records into appropriate record keeping systems should be an integrated part of all Trust business processes. The content of a record will primarily be determined by the purpose for which it is being created. Record keeping is a tool of professional practice and one, which should facilitate the care process. It is not separate from the process and it is not an optional extra to be fitted in. 6.2. What is Records Management? Records management is the activity of managing records throughout their lifecycle from creation to disposal or permanent archiving. It includes the capture, maintenance, use, storage, review and transfer of records. 6.3. Electronic Records Management Requirements Electronic records within the Trust are to be clearly identified. They must be able to be preserved and stored for the required period. In order to ensure that the information constitutes a record the Trust is required and endeavours at all times to ensure that: Title of Policy: Issue Number: Issue Date: Review date: The record is present – the information needed to reconstruct activities and transactions that have taken place is recorded The record can be accessed – it is possible to locate and access the information The record can be interpreted – a context for the information can be established showing when, where, and who created it The record can be trusted – the information and its representation exactly matches that which was actually created and used, and its integrity and authenticity can be demonstrated beyond reasonable doubt The record can be maintained – the record can be deemed to be present and can be accessed, interpreted and trusted for as long as necessary and on transfer to other approved locations, systems and technologies Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 5 of 14 6.4. Effective Electronic Records Management Effective electronic records management supports: Efficient joint working and information exchange both internally and with other NHS organisations Evidence-based policy making by providing reliable and authentic information for the evaluation of past actions and decisions Administration of data protection principles and effective implementation of Freedom of Information and other information policy legislation, through good organisation of records 6.5. Creating a Document or File Each department within the Trust shall keep adequate records to document its activities. When determining what records are to be kept, managers shall take into account public accountability, operational, legal and regulatory requirements. Records shall be complete and accurate enough to meet accountability, operational, legal and regulatory requirements. As far as possible, there shall be no unwarranted duplication of records. Records should be placed within designated record keeping systems that enable them to be accessed quickly and easily e.g. shared folders. Corporate record keeping systems shall classify and group records according to business function and activity, so that there is sufficient context to relate records to the business activities that they document. Wherever possible, records which have been created or received electronically shall be captured and stored in electronic record keeping systems i.e. not printed and stored in paper form. Electronic records shall be managed like any other record, in accordance with this policy. When creating a new document (or any other file type), the use of templates and document marking (corporate logo) will help us to create documents with a corporate look. The Trust logo should always be placed in the top right hand corner of the document and the recommended font is Arial size 11. 6.6. Naming Folders, Files and Documents Naming conventions are standard rules to be used for naming both documents and electronic folders and are used to make it easier to find documents. Corporate standards must be followed in the naming of record files and folders. It is unacceptable for any documents to leave the Trust without having either a logical file name or format for presentation that shows the Trust as being the owner of such documents. This corporate approach to the naming of electronic files will ensure that current and future staff will be able to create, update and search for files in a much easier manner than the current system. Basic file naming practices: Give a unique name to each record, which is clear and simple Give a meaningful name which closely reflects the records contents Use standard terms for organisations, roles, projects, activities and other types of document (e.g. agenda / report / board paper) Express elements of the name in a structured and predictable order Locate the most specific information at the beginning of the name and the most general at the end Give a similarly structured and worded names to records which are linked (for example, an earlier and later version) Electronic file names should not include excessive wording or inconsistent referencing formats. Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 6 of 14 A file name description (normally the document title). Long words such as, management, organisation and department, should be shortened to ‘mgt’, ‘org’ and’ dept’. The file name must represent the content of the document. The document status is appropriate if the document is in preparation e.g. labelled ‘draft’. A version number in the format of e.g. v1 A date reference may also be used to enable documents with the same titles but different dates to be distinguished. The file extension. This is normally allocated by the application i.e. ‘doc’ or ‘xls’. In general, if you cannot see a file extension, there is no need to add one as it will be assigned automatically by the application you are using. All file names must exclude illegal characters. These include \ / *? “ ‘ < > . : Filenames should also replace a space with an underscore as this allows transfer to other computer systems keeping the file name in tact. 6.7. Version Numbers Where the record is likely to be replaced in the future by a new version, e.g. a policy, a version number should be included, both in the filename and also the document itself (usually via a template). The format to be used is v1, v2. The key objective with version numbers is that the most current version is obvious and that there is an audit trail of previous versions. 6.8. Structuring Folders and Files A well thought out structure of folders (also known as directories or classification schemes) for filing documents is a key element to efficient electronic record keeping. There is a balance to strike between having many levels of folders and having a very ‘flat’ folder structure with everything under one major heading. Also, if the user needs to trawl through levels of folders to find the document they are likely to give up. Folder titles should be clear and concise and adequately describe the contents. Access to folders can be set up with varying degrees of permissions / controls, depending on the nature of the contents and who requires access. The organisation should use a clear and logical filing structure that aids retrieval of records. Ideally, the filing structure should reflect the way in which paper corporate records are filed to ensure consistency. However, if it is not possible to do this, the names allocated to files and folders should allow intuitive filing. Filing of corporate records to local drives on PCs and laptops is not an acceptable practice. 6.9. Disclosure of Information about Staff There are generally two main areas where documents can be saved – either shared or personal folders. Both of which are located on the network. The use of shared folders should be adopted wherever possible to facilitate the sharing of Trust information and to improve access to the information during absences of individuals. Folder structure should allow logical access to data and should typically be set out around department, activities or projects, rather than the work of individuals. Examples of documents that should be stored in shared areas include; reports, training materials or staff rotas. The ICT helpdesk will be able to advise Trust staff on setting up shared folders and providing mechanisms to control access where required. Private work-related documents, for example APDR preparation or HR documents, should be stored in personal folders (P Drive), where they will only be accessible by the relevant Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 7 of 14 individual. This area can also be used by staff to store a limited amount of personal items such as CVs or exam results. No documents should be stored on the local hard disk drive of your computer (C Drive) as only information that is stored on the Trust network drives will benefit from the automated back-up and recovery services and access security controls. (The data storage area on your computer) (How your personal drive will look in ‘My Computer’) Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 8 of 14 6.10. Document Properties Describing a document using ‘document properties’ makes searching easier and this will help to reduce time wasted looking for documents. We need to be able to easily access documents in order to comply with the Freedom of Information Act as well as maintain business efficiency. Staff are required to complete the document properties box on all documents / spreadsheets that they produce. This task can be made easier by setting the Document Properties box to appear automatically when first saving a document. All staff should follow the instructions set out in Appendix 1 for doing this. If you require assistance, please contact the Information Governance Manager or ICT Helpdesk. By using document properties, it enables the Microsoft search facility to be used to find Trust documents. 6.11. Creating a Paper Document Records of business activity should be complete enough to: Facilitate an audit or examination of the business by anyone so authorised Protect the legal and other rights of the Trust, its clients and any other person affected by its actions Provide authenticity of the records so that the evidence derived from them is shown to be credible and authoritative Paper records should be: Factual, consistent and accurate Written as soon as possible after an event has occurred, providing current information Written clearly and in such a way that the text cannot be erased Written in such a way that any alterations or additions are dated, timed and signed in such away that the original entry can still be read clearly Accurately dated, timed and signed with the signature printed alongside the first entry Not include abbreviations (unless officially approved by the Trust), jargon, meaningless phrases, irrelevant speculation and offensive subjective statements Readable on any photocopies Written in black pen, not ink as this can run, and on white paper (other coloured pens and paper can be used providing the combination of pen and paper produces a legible and permanent record) Not include the use of correction fluid Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 9 of 14 6.12. Filing Paper Documents Where documents are kept as hard copy files, the filing structure and naming of the files should follow the same principles as described within the management of electronic files. All records should be arranged in a record-keeping system that will enable the Trust to obtain the maximum benefit from the quick and easy retrieval of information. 6.13. Storage of Paper Records In order to comply with statutory requirements, the Trust should be aware of what records it holds and where they are held. Storage accommodation should be clean and tidy, should prevent damage to the records and provide a safe working environment for staff. Equipment used to store records should provide storage which is safe and secure from unauthorised access, but which allows maximum accessibility to the information in line with its frequency of use. When records are no longer required for the conduct of current business, they should be stored appropriately with consideration of NHS retention periods. 6.14. Electronic Document Imaging Whether for reasons of business efficiency and / or in order to address problems with storage space, all departments interested in optically imaging records must initially liaise with the Electronic Document Management (EDM) Manager and not with the Trust’s contractors independently. This will ensure that appropriate Service Level Agreements are raised and the work undertaken, meets the Trust’s strategic direction and standards. The ICT Department needs to be kept fully aware of progress and the future support requirements. 6.15. Disposal of Documents Disposal of records does not necessarily mean destruction. This could be the transfer of records from one media to another e.g. paper records to CD Rom, or the transfer of records from one organisation to another e.g. archivists or commercial storage. 6.16. Destruction of Records The destruction of records is an irreversible act. Many NHS records contain sensitive and / or confidential information and their destruction must be conducted in a secure manner to ensure there are safeguards against accidental loss or disclosure. The normal destruction method used within the Trust for confidential / sensitive records is shredding. All confidential waste should be placed in the allocated “Shred-it” consoles or confidential waste bins / sacks. Non-confidential waste can be placed in the recycle bins. Shredding equipment within departments must comply with Trust standards. A record of disposal decisions must be kept for reference. The secure destruction of computer media is undertaken by the ICT Department. Please contact them for advice. If a record due for destruction is known to be the subject of a request for information under the Freedom of Information Act 2000, destruction should be delayed. It is a criminal offence under the Act to destroy or alter information that has been requested, in an attempt to avoid disclosure. 6.17. Retention of Records As a general rule, information should only be kept as long as absolutely necessary. This includes deleting: Unnecessary duplicates of final documents Working copies which are no longer required Documents which have no continuing value Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 10 of 14 In all cases, ‘good housekeeping’ of paper and electronic filing systems is essential to maintaining long-term viability, removing material which should no longer be kept, consistent with this policy. The Trust is only responsible for the retention of its own original documents. Corporate records that require permanent preservation need to be stored appropriately to preserve their integrity and availability. If scanning to electronic form is considered, please refer to 6.5.4. 6.18. Retention Schedules Currently, NHS guidance for the minimum retention periods for records is set out in the Records Management: NHS Code of Practice (Part 2), published in April 2006 by the Department of Health. If you have any queries relating to the retention of records, please contact the Information Governance Manager. 6.19. E-mails It should be noted that emails can be, or be part of, a record of business activity and can fall within the scope of the Freedom of Information Act, with potential for disclosure into the public domain. Emails which record business activity must be treated in the same manner as for the management of electronic records, which means they may be saved to network drives rather than being managed through Microsoft Outlook. 6.20. Confidentiality and Security of Records The storage, distribution, use and disposal of records will conform to relevant legislation e.g. Data Protection Act 1998, Freedom of Information Act 2000 and ISO/IEC 17799 – Information Security, and NHS guidance such as, Caldicott Principles, NHS Code of Practice on Confidentiality 2003, and local policies, taking into account best practice. Always consider the most appropriate method for ensuring confidential information is distributed securely e.g. password protection. 6.21. Access to Records Access to medical and personal records is covered by the Data Protection Act 1998 and is covered by the Trust’s Health Records Management Policy. Access to administrative / business records is covered by the Freedom of Information Act 2000. Always be mindful that these records may be disclosed into the public domain, subject to certain exemptions. 6.22. Sharing Records All staff should work towards rationalising record collections through sharing records and the information they contain (subject to legal and NHS constraints), by merging or ensuring effective cross-reference. Information should ideally be collected once and used many times across departments / organisations. Important points: Data belong to the Trust and not to individuals or departments Each individual has a responsibility for records they create, but they do not own them NHS records are public records and the Chief Executive is ultimately responsible for all records generated in the Trust The Trust recognises that there are restrictions on the disclosure of information and these are to be respected at all times Information sharing protocols can be established for regular information flows If you are unsure about the sharing of records, please contact your line manager or the Information Governance Manager. Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 11 of 14 7. TRAINING REQUIREMENTS The Information Governance Manager has overall responsibility for maintaining training and awareness of non-clinical records management for Trust staff, which forms a part of Information Governance training. Information Governance training is mandatory and all new starters must receive IG training as part of their corporate induction. All staff members are required to undertake accredited Information Governance training as appropriate to their role. The preferred method is through the Trust’s Essential Skills Handbook (ESH) and associated e-assessment in the Electronic Staff Records (ESR). Information Governance training must be completed on an annual basis. 8. REFERENCES AND ASSOCIATED DOCUMENTATION Freedom of Information Act (2000) http://www.opsi.gov.uk/Acts/acts2000/ukpga_20000036_en_1 Data Protection Act (1998) http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1 Records Management: NHS Code of Practice DH (2006) http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/ DH_4131747 Connecting for Health – Information Governance Training Tool http://www.igte-learning.connectingforhealth.nhs.uk/igte/index.cfm The National Archives’ Records Management: Standards and Guidance http://www.nationalarchives.gov.uk/recordsmanagement/default.htm Confidentiality: NHS Code of Practice DH (2003) http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/ DH_4069253 9. EQUALITY IMPACT STATEMENT Portsmouth Hospitals NHS Trust is committed to ensuring that, as far as is reasonably practicable, the way we provide services to the public and the way we treat our staff reflects their individual needs and does not discriminate against individuals or groups on any grounds. This policy has been assessed accordingly. Our values are the core of what Portsmouth Hospitals NHS Trust is and what we cherish. They are beliefs that manifest in the behaviours our employees display in the workplace. Our Values were developed after listening to our staff. They bring the Trust closer to its vision to be the best hospital, providing the best care by the best people and ensure that our patients are at the centre of all we do. We are committed to promoting a culture founded on these values which form the ‘heart’ of our Trust: Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 12 of 14 Respect and dignity Quality of care Working together No waste This policy should be read and implemented with the Trust Values in mind at all times. Title of Policy: Issue Number: Issue Date: Review date: Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 13 of 14 10. MONITORING COMPLIANCE WITH PROCEDURAL DOCUMENTS This document will be monitored to ensure it is effective and to assurance compliance. Minimum requirement to be monitored Corporate records inventories / audits, undertaken as part of compliance with the Information Governance Toolkit. These are currently undertaken in line with IGT requirements, and are based on a minimum number of departments rather than Trust-wide with routine reviews The Information Governance Compliance Monitoring Tool, which audits the availability and awareness of confidential waste facilities: o CSCs should undertake Compliance Monitoring audits quarterly, in support of their CQC compliance. Corporate Functions should undertaken compliance monitoring audits bi-annually. o Compliance Monitoring Audits form part of the IG Compliance Framework, and are therefore reported into the IGSG bi-annually by all Trust CSCs. Title of Policy: Issue Number: Issue Date: Review date: Lead Tool Frequency of Report of Compliance IG Manager CSC Information Governance Steering Group Representatives Information Asset Owners IG Compliance Framework Bi-annual Reporting arrangements Information Governance Manager bi-annual Corporate Information Assurance reports to the IG Steering Group CSC bi-annual reports to the IG Steering Group Lead(s) for acting on Recommendations IG Manager CSC Information Governance Steering Group Representatives Information Asset Owners Records Management Policy (Non-Clinical Records) 6 03 February 2015 30 November 2016 (unless requirements change) Page 14 of 14