Document

Records Management Strategy January 2007 of 22 4/23/2007

RECORDS MANAGEMENT STRATEGY.

Prepared by: Eve Scott

Responsible Area: Corporate Services. Approval Information:

Date Approved: COMMITTEE:-

28th March 2007 Trust Board.

Sign

Approved By:

Print Name Helena Corder

Version No. Approved: One

Review Date: March 2008

Reference to Standards for Better

Health Domain

Department of Health 2006 Standards for Better Health Third domain: Governance

Core/Development standard

Core Standard C4

Performance indicators

Acheivement of integral action plan.

History of Document

This is version one of the Kirklees PCT Records Management Strategy.


KIRKLEES PCT.

RECORDS MANAGEMENT STRATEGY. 1. Introduction Records are a valuable resource because of the information they contain. Good information is essential to efficient and effective management of the PCT’s day to day business, including the delivery of high quality evidence based health care. However, that information is only usable if it is correctly and legibly recorded in the first instance, is kept up to date, and is easily accessible when needed. Good record keeping ensures that:

a) Staff can work with maximum efficiency without having to waste time hunting for information b) An audit trail is produced, enabling any record entry to be traced to a named individual at a given date/time and tracks all subsequent alterations

c) Clear information is recorded about what has been done/not done, and why

d) Provides clear justification for decision making process for future users

This strategy forms one part of the over-arching Information Governance strategy. It defines a framework for improving the quality, availability and effective use of records and will enable overall co-ordination of all records management activities and ensure alignment with the Trust’s business strategies. This strategy is underpinned by an action plan that ensures Kirklees PCT will have a systematic and planned approach to the management of its records from the moment they are created to their ultimate disposal. This will ensure that the PCT can control both the quality and the quantity of the information that it generates. 2. Definitions A record is defined as anything that contains information, in any media, eg. paper, audio or video tape, computer data base notes, eg E-mail etc, which forms part of the record which has been created or gathered as a result of any aspect of the work of NHS employees, including:-

• Patient health records (electronic or paper based) • Staff records • Photographs and other images. • Microform (i.e. fiche/film)


• Audio and videotapes, cassettes, CD-ROM etc • Computer databases, output and disks etc., and all other electronic

records • Material intended for short term or transitory use, including notes and

‘spare copies’ of documents • Administrative records (including, estates, financial and accounting

records; notes associated with complaint handling) • Scanned records • Text messages (both outgoing from the NHS and incoming responses

from the patient) Note: This list is not exhaustive.

3. Aim and objectives of this records management strategy. Kirklees PCT aims to have a systematic and planned approach to records management. This will ensure that the PCT can control both the quality and the quantity of the information that it generates and be able to access information as required in a timely fashion. The following objectives support the achievement of this aim,

1. To outline clear accountabilities and responsibilities regarding records management

2. To set up and maintain robust systems and processes for records management, from the creation of a record to its eventual destruction, to ensure a consistent PCT wide approach.

3. To ensure that all the PCT’s records that are fit for purpose for statutory, legal and business purposes.

4. To ensure that the confidentiality, security and integrity of all records are maintained at all times during their storage and use.

5. To provide clear and efficient access for employees and others who have a legitimate right of access to Trust records, and ensure compliance with Access to Health Records, Data Protection and Freedom of Information legislation

6. To set up and maintain an information asset register and ensure appropriate archiving of all records that are stored in accordance with the retention and destruction schedule as set out in Part 2 of the Records Management: NHS Code of Practice 2006.

7. To ensure efficiency and best value through improvements in the quality and flow of information, and co-ordination of records and storage systems

8. To ensure that the PCT has an effective infra-structure to support records management

9. To ensure that all staff receive appropriate training regarding their responsibilities for records management.

10. To audit the effectiveness of the records management systems and processes on an annual basis and address and issues identified.


4. Scope This strategy sets out the PCTs's approach to records management. This approach is based on:

• The NHS Records Management Code of Practice • C9 Standard for Better Health • The Information Governance Toolkit • The requirements of the Data Protection Act 1998 and the Freedom of

Information Act 2000. It relates to all records, clinical and non-clinical unless otherwise stated, that are created, maintained, stored or destroyed by staff working for, or on behalf of, Kirklees PCT. In order to ensure compliance with the above Acts and standards, this strategy is underpinned by an action plan to be followed by its entire staff. Some specific actions are required of the PCT Directorates, according to their discrete functions. 5; Related strategies. Records are an integral part of the day to day working of any organisation. Hence this strategy must be complimentary to, and supportive of, all other appropriate PCT strategies. 6; There are a number of Policies and Procedures that support this

strategy. These include • Records Management Policy • Code of Conduct on Confidentiality • Freedom of Information Policy • Incident Reporting Policy • Counter Fraud Policy. It is underpinned by the following records management procedures: • Procedure for access to records. • Procedure for the creation, structure and format of a record. • Procedure for the Disposal of Confidential Waste. • Procedure for the 24 hour access to Clinical Records. These policies and procedures ensure that the PCT has robust systems and processes for the management of all its records, clinical and non clinical from the time of their creation to their eventual destruction. 7. PCT Systems & Accountabilities for effective records

management.


There will be a Records Management Group, reporting to the Information Governance Group. The Information Governance Committee reports to Trust Board via the Governance Committee. 8; Accountabilities and Responsibilities for Effective Records

Management. The Trust Board have corporate responsibility in relation to Information Governance. The Lead Director for Records Management is the Director of Corporate services. The Director of Patient Care and Professions is the Caldicott Guardian, responsible for ensuring the confidentiality security of clinical information. The Assistant Director of Corporate Governance is the Senior Manager with operational responsibility for records management. They will promote records management awareness throughout the PCT. The Records Manager is the individual with operational responsibility for managing the corporate records management systems and processes. Kirklees PCT operates a matrix style of management: All Directors are responsible for ensuring that robust systems are in place to ensure that all staff under their management control: • Create, close, archive and eventually destroy records in accordance with

the Records Management Policy and its underpinning procedures All Operational Managers are responsible for: • Ensuring that all records are stored securely in accordance with PCT

policy and procedures • Ensuring that staff are compliant with the PCT’s tracking and registration

systems for appropriate records • Ensuring that clinical records are bound and stored so that loss of

documents is minimised • Ensuring that there is a mechanism for identifying records which must be

kept for permanent preservation • Ensure all staff who create and maintain records attend at least mandatory

training regarding Information Governance so that they have up-to-date knowledge of the laws and guidelines concerning confidentiality, data protection and access to patient information in particular.

Individual employees are responsible for any records they create, specifically

• Safe custody of these records • Maintenance of the confidentiality of the information they contain. • Quality of the information contained.


In addition they must attend such training as is necessary in order to undertake their responsibilities regarding records management. 9; Audit of Records and Records Management Systems and

Processes. Internal Audit will carry out periodic audits to provide assurance to the Board that a suitable risk management system is in place and is functioning properly. Annual Audits will be carried out by PCT staff of • quality of content • record type used by professional groups to eliminate duplicate record

templates • Any other audits that may be appropriate to determine compliance with

the Records Management Policy. 10; Implementation of this Records Management Strategy. The action plan appended to this strategy has been taken from the ‘Connecting for Health Model Records Management Strategy’. Progress will be monitored by both the Information Governance Group and the Records Management Group as appropriate. 11; Training of Staff. There will be biannual mandatory training for PCT staff in records management. This training will be tailored to whether they manage or work with clinical or corporate records. 12; Dissemination of this Records Management Strategy within the

PCT. This strategy will be circulated to Directors each time it is reviewed. It is the Director's responsibility to ensure that it is cascaded through their line management structure and to ensure that all their staff are aware of their records management responsibilities as laid out in this strategy. Information about this strategy will be circulated to all staff via the PCT’s team brief and a copy will be lodged on the PCT’s intranet and website. 13; Review. This strategy will be reviewed every two years (or sooner if new legislation, codes of practice or national standards are to be introduced).


Appendix A

KIRKLEES PCT

Records Management Group. Terms of Reference.


KIRKLEES PCT.

INFORMATION GOVERNANCE GROUP

TERMS OF REFERENCE.

1. BACKGROUND The PCT is reliant on robust information in order to deliver its objectives in an efficient and effective and effective manner. The Information Governance Toolkit and C9 Standard for Better Health set out the minimum standards that the PCT must work to when managing this information. These standards are pertinent to all the information held and used by the PCT. The PCT is a repository for a large volume of personal or confidential information that must be managed in accordance with the Data Protection Act 1998. In addition, the PCT must comply with the Freedom of Information Act 2000 when an individual requests access to some of its information. 2. PURPOSE OF THE INFORMATION GOVERNANCE GROUP. The Information Governance Group exists to ensure that the PCT is compliant with the relevant standards pertinent to Information Governance and to oversee the annual information governance work programme. It will provide assurance to the Governance Committee that the PCT is managing its information in accordance with the above standards, or issue exception reports should there be issues that need to be brought to the attention of either the Governance Committee or Trust Board. 3. OBJECTIVES

1. To ensure that the PCTs have an effective policy and management arrangements in place to meet the requirements of

• Data Protection Act 1998 • Freedom of Information Act 2000 • Connecting for Health Information Governance Toolkit • Caldicott Guardian Standards • C9 Standard for Better Health • NHS Litigation Authority Risk Pooling Scheme for Trust risk

management standards • British Standard 7799 (Information Security) • Common law duty

2. To be the body that sets the strategy and policy that ensures that all the PCT’s records. This will be operationalised by the Records Management Group.

3. To recommend polices or procedures to the Governance Committee for ratification.

4. To provide Board Assurance, via the Governance Committee, that risks associated with Information Governance are being managed or to highlight significant risks and associated resource implications.


5. To monitor the implementation of the prioritised Information Governance work programme.

6. To receive reports into breaches of information security or confidentiality and monitor that learning points are implemented across the PCT.

7. To ensure that audits required in order to comply with Information Governance standards are carried out within the PCT and to consider the reports of these audits.

8. To provide steerage, advice, guidance and support on Information Governance to PCT employees

9. To provide advice and guidance for Independent Contractors on Information Governance.

4. Membership Core Membership Director of Corporate Services(Chair) Caldicott Guardian Assistant Director of Corporate Governance Performance and Information Directorate representative Public Health Directorate representative Provider Services Directorate representative Health Informatics Service (HIS) representative Confidentiality & Information Security Manager Confidentiality & Information Security Officer Practice Manager

In attendance according to content of agenda Commissioning and Service Development Directorate representative Finance Directorate representative Human Resources Directorate representative 5; QUORUM The meeting will be quorate on the attendance of one third of the membership which must include the Chair (or their deputy) NB: If a member is unable to attend a meeting, they should arrange for a deputy to attend on their behalf. 6; FREQUENCY OF MEETINGS The Information Governance Group will meet quarterly, unless the Chair calls an additional meeting to address a particular issue. 7; SUPPORT TO THE COMMITTEE The committee will be supported by the PA to the Director of Corporate Services. 8; REPORTING

1. The Information Governance Group is a sub-group of the Governance

Committee and hence directly accountable to the Governance Committee. The minutes of each meeting to be presented to the Governance Committee for receipt and discussion as appropriate together with an appropriate cover sheet.


2. Relevant articles will be produced for PCT newsletter and the Team Brief. These will also be posted on the internet / intranet.

9; SUB-COMMITTEES

Records Management Group. 11; CONDUCT OF BUSINESS

� Agendas and papers will be circulated to committee members at least 7 calendar days before the meeting.

� Minutes of the meeting will be circulated no later than 14 Calendar days after the meeting

� This Committee will observe the requirements of the Freedom of information Act 2000, which allows a general right of access to recorded information held by the PCT, including minutes of meetings, subject to specified exemptions.

� This committee will operate in accordance with the PCT’s guidance for Chairs and Minute Takers.

� All members must declare any conflict of interest they may have regarding an agenda item at the start of the meeting.

12; REVIEW DATE These Terms of Reference will be reviewed on an annual basis. Approved by the Governance Committee <insert date> Review Date <insert date>


The key elements of this strategy will be implemented as follows: Objective 1: To provide a clear system of accountability and responsibility for records Action Lead Progress Risk Target

Date Establish a records management strategy with processes for ongoing monitoring and review

Secure senior management ‘buy-in’ to improving records management, and the designation of a senior manager to be responsible for records management

Establish a Records Management function (to manage all Trust records), with clearly defined terms of reference and links to other Information Governance functions eg Freedom of Information, Data Protection, Risk Management etc.

Appoint a qualified Records Manager/ or designate the Information Governance Manager or another manager to have responsibility for Records Management

Manage implementation of the records management strategy, including provision of advice on records management, establishment of good practice guidelines and of compliance with relevant legislation and NHS guidance

Provide contacts through which the Records


Manager can aid and support departments, and provide better co-ordination of record keeping across the Trust. Individual Departments to nominate local records managers Develop job descriptions, listing duties and essential attributes required for staff assigned records management roles (eg Records Manager, local records managers etc) Ensure that job descriptions across the Trust include relevant references to record keeping responsibilities

Review Human Resource policies and practices to recruit and retain good quality personnel for the records management function

Provide an appropriate competency framework, to identify the knowledge, skills and corporate competencies required for records and information management

Undertake regular reviews and analysis of records management training needs

Provide a professional development programme for records management staff

Ensure inclusion of records management and information issues and practices in induction training programmes for all new staff


Allocate appropriate resources across the Trust to enable the maintenance of the records management function


Objective 2: To create and keep records which are adequate, consistent, and necessary for statutory, legal and business requirements Action Lead Progress Risk Target

Date Develop guidance on good practice with the aim of establishing common and consistent standards of record creation and record keeping within the Trust, taking into account current Data Protection and Freedom of Information legislation

Reduce the duplication of records to improve information sharing, reduce cost and save space

Develop procedures and metadata (descriptive and technical documentation) to ensure the authenticity and evidential value of records held in electronic form When scanning, digitising and then storing records electronically, consider legal admissibility by adopting the procedures recommended in the BSI publication ‘BIP 0008:2004 Code of practice for legal admissibility and evidential weight of information stored electronically’

Identify all records vital to the continuing functioning of the activities of the Trust in the event of disaster and make provision for their protection (to be cross-referenced with the Trust Risk Management Strategy)


Objective 3: To achieve systematic, orderly and consistent creation, appraisal, retention and disposal procedures for records during their

lifecycle Action Lead Progress Risk Target

Date Review existing records management

practices to establish what needs to be done to comply with the ‘Records Management: NHS Code of Practice’

Undertake an inventory of all Trust records, both health and corporate records held in either hard copy or electronic formats. (This is to ensure that all record collections/information sets are identified along with the volume of records held, the type of media on which they are held, their physical condition, their location, the environmental conditions in which they are stored and the responsible manager. See ‘Records Management Roadmap: Records Inventory Guidance’)

Produce Trust records retention schedules consistent with the NHS Retention and Disposal schedules detailed in the ‘Records Management: NHS Code of Practice’

Establish procedures for the continuous monitoring of the records management process to ensure that legal and statutory requirements are met and new types of records have a lifecycle determined at the point of creation


Develop a selection policy to identify which records are likely to be suitable for permanent preservation. Establish contact with an approved archival institution with appropriate storage and public access facilities

Establish a system for managing records’ appraisal and for recording the disposal decisions made

Plan resource requirements to take account of the volume and nature of the records due for appraisal

Establish procedures for the closure of records when no longer current, secure storage of archived records, and effective disposal, as soon as appropriate

Identify a secure and confidential method for the disposal of records, and organise its implementation

Maintain a log of records which have been destroyed showing their reference, description and date of destruction

Assess the risks associated with the destruction of records or any delay in appraising them

(Whilst electronic records are subject to the


same creation, appraisal, retention and disposal process as paper records) develop guidance as appropriate to take into account the particular technical requirements of electronic media


Objective 4: To provide systems which maintain appropriate confidentiality, security and integrity for records in their storage and use Action Lead Progress Risk Target

Date Develop and promulgate policies and procedures to protect records from unauthorised alteration or erasure, to ensure that access to records is properly controlled, and to maintain adequate audit trails to track the use and location of records held

Implement secure storage arrangements for information and documents, while allowing access by authorised personnel

Organise appropriate storage accommodation for active paper records secure from fire, flood and theft, which is also secure and safe from unauthorised access

Organise the relocation of paper records into appropriately secure storage when they are no longer required for the conduct of current business, to await disposal and at the same time meeting standards to ensure that no environmental damage is caused whilst also providing security and having strictly controlled access for authorised personnel only

Develop appropriate Information Sharing Protocols and Subject Specific Information Sharing Agreements for the exchange of


confidential and personal information Provide guidance on ‘back-up’, archiving processes and audit trails for electronic records, as well as on measures to prolong their access and use for as long as required, including migration across systems and onto different types of media

Develop and ensure that standards for the safe and secure transportation of records are strictly applied especially

Develop and implement a full and tested contingency or business recovery plan


Objective 5: To provide clear and efficient access for employees and others who have a legitimate right of access to Trust records, and ensure compliance with current Data Protection and Freedom of Information legislation Action Lead Progress Risk Target

Date Implement effective tracking systems and audit trails, ensuring that information can be retrieved effectively and speedily when required

Develop systems to determine any access restrictions at the point of records creation

Implement policies and procedures to address the particular requirements of Freedom of Information in relation to agreed publication schemes and meeting requests for information by the public that follow the procedures established by the Trust’s Freedom of Information Policy


Objective 6: To audit and measure the implementation of the records management strategy against agreed standards. Action Lead Progress Risk Target

Date Establish standards for records management performance (eg response to subject access and Freedom of Information requests, record keeping, availability etc) and monitor the performance of the function

Provide advice and support for records departments in meeting agreed standards


Objective 7: To provide training and guidance on responsibilities and good practice for all staff involved with records. Action Lead Progress Risk Target

Date Provide (for all staff, departmental managers, and in particular for local record managers) procedure manuals and instructions, guidance on good practice, and advice on procedural issues and requirements. These instructions should cover all records management systems within the Trust, information quality and security, data protection, information handling, and legislative and statutory requirements

Raise the profile of records management within the Trust through publicity about the issues involved and the staff responsible

Develop training programmes and materials, including instruction on the concepts and basics of records management to be targeted at new and existing staff who need a basic awareness of the issues and procedures and those who need more detailed instruction on records management policies and procedures, in particular the local records managers

Provide specific training and instruction on Data Protection and Freedom of Information legislation

Document

Documents

Transcript of Document