INFORMATION LIFECYCLE MANAGEMENT POLICY...Managers are responsible for ensuring compliance within...

INFORMATION LIFECYCLE MANAGEMENT POLICY

of 37

Policy Owner

Valerie Penn, Head of Governance

Policy Author Caroline Law, Information Governance Project Manager

Directorate Governance and Corporate Affairs

Approved by Alan Pond, Chief Finance Officer Sheilagh Reavey, Director of Nursing and Quality

Date of Approval 16th September 2013

Date of Review 16th September 2014

Document History

Version Date Name Revision Description V1, Draft 1 09/2007 Adrian Lambourne, Jane Taylor

Chris Poulton, Brian Miller Martin Dyer, Jane Robinson Tracey Westley, John Paton, John Hepburn, Jessica Linskill, Elaine Fisher, Rachel Daly

Initial draft

V1, Draft 1 09/2007 IG Working Group Inclusion of comments, amendments and updates

V1, Draft 2 10/2007 Inclusion of comments, amendments and updates


V1, Draft 4 01/2008 PSU involved Chief Operating Officer

Inclusion of comments, amendments and updates


V1, Draft 6 03/2008 Corporate Policies Chair Policy ratified by Chair of Corporate Policies V1, 03/2008 Policy published V1 Draft 7 02/2009 Gillian Pearce Review V2 Draft 1 01/2011 Sandre Jones, Valerie Penn,

Tony Woollard Review and update

2.2 Draft 04/09/2013 Caroline Law Annual review and update Document title change from ‘Information Lifecycle & Management of Records Policy & Procedure’ to ‘Information Lifecycle Management Policy’

2.3 Draft 13/09/2013 Caroline Law Updated following comments by Caldicott Guardian (Director of Nursing and Quality) and SIRO(Chief Finance Officer)

2.4 Draft 16/09/2013 Julie Andrews Quality assurance 3.0 Final 18/09/2013 Caroline Law Final approved version

of 37

Contents

Section No.

Section Name Page

No. Executive Summary 4

1. Introduction 5

2. Definition of Terms 5

3. Purpose 6

4. Scope 6

5. Responsibility and Accountability 6

6. Information Lifecycle 8

6.1 Creation 8

6.2 Retention 8

6.3 Maintenance and Storage 8

6.4 Use and Handling of Information 9

6.5 Disposal and Destruction 10

7. Information Quality 10

8. Access to Information 11

9. Monitoring and Review 11

10. Training 12

11. Dissemination of Document 12

12. References 12

13. Related Policies and Documents 13

Appendix 1 Information Lifecycle Management Strategy 14

Appendix 2 Archiving Procedure 15

Appendix 3 Retention and Disposal Schedule 17

Appendix 4 Internal Confidential Couriers Service 26

Operational Flowchart 27

Red Bag Contents 28

Red Bag Tracking Form 29

East & North Hertfordshire Sites Schedule 30

Partnership Organisations – East & North Hertfordshire 34

Appendix 5 Equality Impact Assessment Stage 1 Screening 36

Appendix 6 Privacy Impact Assessment Stage 1 Screening 37

of 37

Executive Summary East and North Hertfordshire Clinical Commissioning Group (ENH CCG or the CCG) is responsible for the information it processes under the Public Records Act 1958, the Data Protection Act 1998, the Freedom of Information Act 2000 and the Access to Health Records Act 1990. The CCG ensures that all records and information, manual or electronic, corporate and clinical, are created, maintained, used and disposed of in line with the requirements of these acts. This policy will set the standards for meeting the CCG business needs, ensure conformance to relevant legislation, regulations and standards, and providing a basis for accountability and responsibilities for information and records management. Information lifecycle refers to the life of a record from its creation/receipt, throughout its active use, access to the record, transportation of the record, its retirement to archive or preservation, the period of its retention and its final disposal and destruction. Information lifecycle management is the process used by the organisation to manage all aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through eventual disposal and destruction. The CCG aims to meet the Department of Health’s core standard for health care organisations, which is to have a systematic and planned approach to the management of records. This Information Lifecycle Management policy is compatible with the requirements of the relevant acts and of the Department of Health guidelines on the management of records. This policy and related procedures are recommended as good practice guidance for each of its independent contractor professions (general practitioners, dentists, pharmacists, optometrists, including all provider organisations) in relation to management of records that they hold. The potential risk for non-compliance with managing records is the risk of litigation and the organisation not meeting the requirements of external reviews such as Information Governance Strategy Toolkit and the Quality Framework. This policy should be read in conjunction with the CCG information governance, data protection, information security and freedom of information policies, the confidentiality code of conduct and other related policies and documents in section 13 of this policy.

of 37

1. Introduction

1.1 NHS East and North Hertfordshire Clinical Commissioning Group (ENH CCG or the CCG) recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The CCG fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information.

1.2 The CCG also recognises the need to share information with other health organisations and agencies in a controlled manner consistent with legislative requirements.

1.3 The CCG believes that timely and relevant information is essential to deliver highest quality standards. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision making process.

1.4 ENH CCG works to a framework for handling personal information in a confidential and secure manner to meet ethical and quality standards. This enables National Health Service organisations in England and individuals working within them to ensure personal information is dealt with legally, securely, effectively and efficiently to deliver the best possible care to patients and clients.

1.5 ENH CCG, via the Information Governance Toolkit, provides the means by which the NHS England can assess compliance with current legislation, Government and National guidance.

1.6 Information Governance (IG) covers: Data Protection & IT Security (including smart cards), Human Rights Act, Caldicott Principles, Common Law Duty of Confidentiality, Freedom of Information Regulations and Information Quality Assurance

2. Definition of terms 2.1 Archives - Records that are appraised as having permanent value for evidence of on-

going rights or obligation, for historical or statistical research or as part of the corporate memory of the organisation.

2.2 Destruction - The process of eliminating or deleting records beyond any possible reconstruction (BS ISO 15488-1:2001)

2.3 Public records – Records as defined in the Public Records Act 1958 or subsequently determined as public records by The National Archives.

2.4 Records - This applies to electronic and paper records/information that provide evidence of actions and decisions made by the organisation. Records are the organisations corporate memory.

2.5 Records management - field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records. Records management includes processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.

of 37

2.6 For the purposes of this policy, the terms records and information will be used

interchangeably.

3. Purpose Records are a valuable resource and must be efficiently managed and available to those with authorised access in order to:

• Support the CCG’s administrative and managerial decision making • Meet legal requirements including requests from service users under access to

records legislation. • Assist in providing evidence for internal and external reviews and other audits. • Support day-to-day business • Provide clinical and managerial effectiveness through multi-disciplinary working within

the CCG and with partner agencies. This will enable:

• the formation and accountability / transparency in use of public resources; • empower the CCG to support improvements through audit, research and archival

functions by taking account of the historical importance of material and the needs of future research; and

• Support the investigation of complaints, claims and incidents. The purpose of the information lifecycle policy is to ensure a consistent and effective approach to the management of all information and/or records within the CCG. 4. Scope The policy sets out the main requirements for the management of all clinical and corporate records within the CCG including but not limited to:

• All administrative records (e.g. personnel, estates, financial and accounting records, service level agreements, notes associated with complaints); and

• All service user health records (including their medical case notes, nursing care plans, visual or audio recordings, registers etc.)

This policy and related procedures apply to all staff employed for or working on behalf of the CCG including permanent, contracted, temporary, secondment, bank, agency, students, volunteers and locums.

The information lifecycle management policy applies to records in all formats, whether electronic and those stored in various forms including photographs, x-rays, audio messages and CCTV images.

5. Responsibility and Accountability 5.1 Chief Executive

The Chief Executive is the Accountable Officer responsible for the management of the CCG and for ensuring appropriate mechanisms are in place to support service delivery and continuity. The Accountable Officer has ultimate responsibility for compliance with IG legislations.

of 37

5.2 The Senior Information Risk Owner The CCG’s Senior Information Risk Owner (SIRO) is the Chief Finance Officer and also the Chair of the Information Governance Forum. The SIRO is accountable for information risk on the Governing Body and in internal discussions. They will provide written advice to the Accountable Officer on the content of their Annual Governance Statement in regard to information risk.

5.3 The Caldicott Guardian The CCG’s Caldicott Guardian is the Director of Nursing and Quality and has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. The Caldicott Guardian has an advisory role and a particular focus on ensuring patient identifiable information is shared in an appropriate and secure manner.

5.4 The Information Governance Forum The Information Governance Forum is responsible for ensuring that this policy is implemented, including any supporting guidance and training deemed necessary to support the implementation, and for monitoring and providing Governing Body assurance in this respect.

5.5 The Head of Governance The Head of Governance is responsible for advising on IG strategic direction, the development of policy and guidance for the CCG and the day to day management of the IG agenda which includes information lifecycle management.

5.6 Managers Managers are responsible for ensuring compliance within their areas, making sure records management issues are addressed and key performance targets around record keeping including training are met. Managers need to be fully conversant with the electronic records and computer system and supplementary reporting procedures that are used in their service area. Where further advice is required, the Head of Governance should be contacted.

5.7 Healthcare professionals Healthcare professionals have a duty to: • Keep up to date, and adhere to, relevant legislation and national and local policy

relating to information and record keeping. • Keep up to date on best practice for health/social care records and communication

practice standards • Be proficient in the system they use to record and communicate health and social care

information • Meet the standards of their professional organisation.

5.8 All Staff All staff and anyone working on behalf of the CCG, involved in the receipt, handling or communication of person identifiable information, must adhere to this policy at all times and where relevant of their professional codes and standards. Anyone who records, handle, store or otherwise comes across person or patient identifiable information has a common law duty of confidence. This duty continues even after the death of an individual.

of 37

6. Information Lifecycle

The Information lifecycle defines five distinct phases: Creation, Retention, Maintenance, Use and Disposal

6.1 Creation When creating information or records, the following should be adhered to. The information must be:

• Available when needed • Accessible to all members of staff that require access in order to enable them to

carry out their day to day work • Interpretable, clear and concise • Trusted, accurate and relevant • Secure – the information must be secure from unauthorised access or inadvertent

alteration or erasure

6.2 Retention Information retention period varies dependant on the type of records and are retained for legal, operational, research and safety reasons. Some items may be considered for permanent preservation. For retention periods of documents held by the CCG please refer to the Retention and disposal schedule in Appendix 3.

6.3 Maintenance and storage The qualities of availability accessibility, interpretation and trustworthiness of information must be maintained for as long as the information is needed, perhaps permanently, despite changes in the format. The use of standardised filenames and version control methods should be applied consistently throughout the life of the information.

• Scanning – A brief summary should be entered into the scanned document, with a

reference to where the original is stored; i.e. the secondary paper file. All scanned documents must be dated and titled appropriately to enable easy identification and retrieval. The date should reflect the date of the correspondence/activity/incident, not the date it is being attached to the record.

• Archiving – For legal and organisational reasons, information must be stored

securely. Electronic records are automatically backed up and archived.

Contents within manual/paper records should be stored chronologically, the most recent part of the records accessible first. Storage arrangements must allow for retrieval with speed of access dependant on the urgency of requirement of access to the information. The procedure for archiving is in Appendix 2 of this policy. For further information and guidance on archiving, contact the Head of Governance.

• Tracing records – Tracer cards are in place to track the whereabouts of records.

Examples would include critical incident review files, complaints files. The minimum data which needs to be recorded includes: the name of the file; date the file was dispatched, destination and name of recipients, name of person releasing the file. A return receipt should always be requested and made clear to whom the records should be returned and by when. A chase and tracking system must be operated to ensure

of 37

the file is safely returned to the relevant filing system and that absent records are chased regularly.

6.4 Use and handling of information All information must be used and handled consistently with the purpose for which it was intended. • Disclosure – only the specific information should be disclosed to authorised parties

and always in accordance and with strict adherence to the legislations.

• Transfer – the mechanism for transferring information from one organisation to another should also be tailored to the sensitivity of the material contained within the records and the media on which they are held. The Head of Governance and ICT Infrastructure Manager can advise on appropriate safeguards. Public authorities are required to transfer certain information to The National Archive for permanent retention. The Head of Governance can provide guidance on such records.

• Posting confidential documents - Documents/clinical records should be put in a strong envelope, marked private and confidential and sent via special delivery. Confidential documents sent internally need to be put either in an internal transfer envelope or an envelope strong enough to take the contents and placed in a courier bag with a seal tab (tamper proof wallet/red bag). The envelope needs to clearly state the recipient and their full address, avoid abbreviations. The recipient of the document should inform the sender that the document has arrived as per the instructions on the tracer card. Access to health records ensures service user safety and continuity of care; a risk assessment needs to be carried out to ensure that the appropriate method of transportation is used. See Appendix 4 for more details of the internal confidential courier service (“red bag”) procedure.

• Closure – Records should be closed and transferred to secondary storage as soon as

they cease to be active. Where paper records or files have been closed, the date of closure and possible disposal date should be noted on the records. Where possible information on the intended disposal dates for electronic data should be maintained.

6.5 Disposal and destruction The disposal of a record is defined under the freedom of information legislation, as the point in their lifecycle when they are either or destroyed. It is important that the disposal or destruction of records are carried out in a controlled manner.

It is vital that confidentiality is safeguarded at every stage and that the method used to dispose of or destroy records is fully effective and secures their complete illegibility and inability to be reconstructed. A record of the disposed or destroyed information should be maintained for reference. Confidential waste bins have been provided for disposal of confidential paper records

of 37

7. Information quality

It is the responsibility of all staff to ensure the information generated or received is legible, accurate, up to date and accessible. The quality of information produced can have a significant impact on the quality and efficiency of decision making and services provided by the CCG.

7.1 Naming conventions The following rules should be followed when generating or entering documents onto the computer either for clinical or non-clinical use. • Specific information should be recorded when naming a document e.g. the content of

the document. • Logical information should also be captured e.g. the name of the person who created

the document and the date the document was created (not the date it was entered onto records).

• Each file must have: o a unique name or number e.g. service user’s NHS number to each document

and each page o a meaningful name which closely reflects and records content o express elements of the name in a structured and predictable order

• All clinical documents should have ‘please return this document’ to the relevant

service’s address on the front. • Non- clinical records that need to be security marked should have: -

o Version control: Each document must contain a header or footer which shows the ‘Version Number’ of the document together with the date it was last modified.

o Watermarks: All draft documents must always contain a watermark stating the document is DRAFT. This will avoid confusion for any potential reader and prevent staff from believing the document may be an approved document. This will be removed once it has been finalised.

o Distribution lists: The distribution or circulation list of certain documents (e.g. agendas, consultation drafts etc.) must be clearly marked on all copies to avoid unnecessary duplication and to facilitate the recipients forwarding the document onto others who may also need to see it.

7.2 Corporate and clinical records

• Records must be clear, legible and in a printable format if required for disclosure under relevant legislation.

• Jargon should be avoided and the information written in terms the staff or service user can understand.

• Paper and electronic records should clearly identify the date, time, the document author, and how it relates to other documents

• Personal details contained in the record must be checked for accuracy and updated accordingly each time the individual sees the service user.

• Any discrepancies between electronic and paper records should be queried by the member of staff and amended accordingly.

of 37

• Unnecessary duplication between the paper and electronic record collections should

be curbed. • All information should be unambiguous, factual and consistent. Relevant, non-factual

entries e.g. conclusions or opinions may be recorded and should be indicated as such. • Records should not include personal views unless these have a potential bearing on

management or service user. • Documents which should not be disclosed should clearly be marked as such. • Records must include details of the referral, assessment, treatment plan, progress and

outcome for the service user and proposed plan of action/care and actions/care by practitioner and service user.

• A scheduled appointment or event should be created against each clinical entry where a telephone or face to face meeting with the service user, their representative, or another professional has taken place.

• Clinical notes must be entered as soon as possible following contact; the minimum standard is within 2 working days. Where this is not possible and there is a significant delay in recording the information, an explanation should be added at the start of the note, giving the reason for the delay and the date and source of any original notes taken.

• If an entry is to be highlighted, for ease of identification or to provide instruction, this should be done by using CAPITAL LETTERS and recording the name or instruction, e.g. ‘NOT FOR DISCLOSURE’ in the title or summary field.

8. Access to Information

8.1 Under the Data Protection Act 1998, living individuals have a right request access to their personal data as held by the CCG. A written request for information known as a Subject Access Request (SAR) must be made. Details of the procedure can be found in the ‘Subject Access Request (SAR) Procedure’ document available on the intranet.

8.2 Under the Freedom of Information Act 2000, the public has access to information held by public authorities. The CCG is obliged to publish certain information about its activities and members of the public are entitled to request information from the CCG. The CCG ‘Freedom of Information Act Policy’ and the ‘FOI Appeals and Complaints Procedure’ provide further details and can be accessed on the intranet.

8.3 Under the Access to Health Records Act (AHRA) 1990, only specific people have the right to right for access to the health records of someone who has died. These individuals are defined under the Act as ‘the patient’s personal representative and any person who may have a claim arising out of the patient’s death’.

8.4 From time to time it may be necessary to provide read only access to information/records for legal and audit purposes.

9. Monitoring and Review 9.1 The Information Lifecycle Management Policy shall be monitored by the Information

Governance Forum.

9.2 Staff must raise risks and issues regarding the safety and security of information and any practices which do not conform to this policy, or any other related information governance policies and/or risk frameworks. Incident reports and results of risk assessments will be used for monitoring purposes.

of 37

9.3 Audit is part of the risk management process and there will be yearly audits of the

quality of record keeping standards to ensure an on-going programme of improvement.

9.4 The implementation of this policy will be in line with the information lifecycle management strategy (Appendix 1) and will be managed by the Head of Governance.

9.5 The Information Lifecycle Management Policy will be reviewed annually or in response to any significant information governance incidents or in response to organisational or legislation changes.

10. Training All staff are required to carry out the mandatory IG training through the online NHS Information Governance Training Tool. Further training and development will be in accordance with the Education Learning and Development Policy.

11. Dissemination of document

The Information Lifecycle Management Policy will be published on the intranet. Any changes, updates or amendments to this policy will be communicated to all staff as and when they occur.

12. References 12.1 References to Standards

• Information Governance Toolkit v.11

12.2 Legislation • Access to Health Records Act 1990 • Common Law Duty of Confidentiality • Computer Misuse Act 1990 • Data Protection Act 1998 • Freedom of Information Act 2000 • Health and Social Care Act 2008 • Human Rights Act 1998 • Re-use of Public Sector Information Regulations 2005

12.3 Guidance and Standards

• Access to Health Records, Department of Health (2010) • Achieving timely simple discharge from hospital: A toolkit for the multi-disciplinary

team, Department of Health (2004) • Caldicott Guardian Manual (2010) • Care Record Guarantee Department of Health (2009) • Confidentiality NHS Code of Conduct • Information Security Management: NHS Code of Practice 2007 • NHS Information Governance: Guide on Legal and Professional Obligations

(2007) • Records Management: NHS Code of Practice, Department of Health (2008) • Records management: NHS Code of Practice Parts 1 (2006) and Part 2 (2009),

Department of Health • Care Quality Commission standards • NHS Litigation Authority standards

of 37

13. Related polices and documents

• Business Continuity Policy • Confidentiality Code of Conduct • Data Protection Policy • Data Quality Policy • E-mail and Internet Policy • Emergency Planning Policy • Freedom of Information Act Policy • FOI Appeals and Complaints Procedure • Incident Management Policy • Information Governance Policy • Information Security Policy • Research Governance Policy • Risk Management Framework • Serious Incidents Requiring Investigation (SIRI) Policy

of 37

Appendix 1: Information Lifecycle Management Strategy 1) Aims The aims of the Information Lifecycle Management Strategy are to ensure:

• a systematic and planned approach to information management, covering every stage of the lifecycle of a record;

• efficiency and best value through improvements in the quality and flow of information, and greater co-ordination of records and storage systems;

• compliance with statutory requirement; • responsibility and accountability of information and records • appropriate archiving of important records

2) Strategy 2.1 Responsibility and accountability - To provide a clear system of accountability and

responsibility for information and record creation, retention and use. 2.2 Information quality - To create and keep records which are adequate, consistent,

and necessary for statutory, legal and business requirements 2.3 Information use and management - To achieve systematic, orderly and consistent

creation, retention, appraisal and disposal procedures for records throughout their lifecycle.

2.4 Information security - To provide systems which maintain appropriate confidentiality,

security and integrity for records in their storage and use 2.5 Access to information – To provide clear and efficient access for those with

legitimate right of access and to ensure compliance with access to information legislation

2.6 Audit and review – To assess the level of compliance against the Toolkit and other

required standards. 2.7 Training – To provide training and guidance on legal and ethical responsibilities and

operational good practice for all staff involved in records management.

of 37

Appendix 2: Archiving procedure Overall responsibility for archiving lies with the Head of Governance. Unless legal or clinical records, if electronic versions of documents are securely archived, then paper copies need not be retained. Responsibility for sorting, preparing, boxing up and clearly cataloguing any department’s documents for archiving rests with the department itself. Archive boxes, box labels, bar codes and log sheets are available from the Head of Governance at Charter House. Archiving should be prepared as follows: • Make an e-list (spread sheet) making sure you state the following clearly: name,

description of contents (e.g. complaint log, NHS numbers etc. for patient related paperwork) Ideally NHS numbers should be listed and

• Any departmental assigned box number • A copy of the e-list should be placed on the inside top of the archive box • Retention Period/Destruction date - see Appendix 3 • 2 x labels which also give details of the content of the box (the sample label below fits

onto Niceday Laser Labels – EU Ref 980438) • The name of the staff member responsible for its contents • The e-list should then be sent to the Head of Governance • After sending the e-list the department should communicate the Head of Governance to

discuss where the boxes are to be located in the interim within Charter House. Boxes will then be bar coded and logged against a database before being transported by Iron Mountain to an off-site storage location.

Retrieval Contact the Head of Governance if you wish for a box to be retrieved from off-site archives. Destruction Please refer to the records retention and disposal list at the end of this policy for guidance. If you are unsure about disposal and retention dates please contact the Head of Governance.

of 37

Sample label for archive boxes

Dept: (enter in your dept.name here)

NAME/TITLE OF DOCUMENTS YOU ARE ARCHIVING

BOX 1 / (enter total no. of boxes here)

Containing details of (enter general description): 1) 2) 3) STORE DATE: (enter month here) 2013 DESTRUCTION DATE: (enter month & year here) Owner: (enter address here) Archived by: (enter your name here) Account Details: (enter Cost Code + Account Code here if applicable)

of 37

Appendix 3: Retention and Disposal Schedule

Retention and Disposal Schedule (following DoH guidance 270422/1; 270422/2 Records Management: NHD code of practice (2006 ) which replace HSC 1999/053; HSC 1998/217; HSC 1998/153)

Records Type / Subtype Retention period Notes Administrative (corporate and organisation) See Information

Governance guidance Accident Forms 10 years See also Litigation

dossiers Accident register (RIDDOR) 8 years See also Incident forms Advance letters 6 years Agendas of board meetings, committees, subcommittees (master copies, including associated papers)

30 years

Agendas (other) 2 years Assembly/Parliamentary questions, MP enquiries

10 years

Business plans, including Local Delivery Plans

20 years

Catering forms 6 years Closed circuit TV images 31 days Complaints - correspondence, investigation and outcomes - returns made to DH

-10 years from completion of action - Files closed annually and kept for 6 years following closure

See also Litigation dossiers

Copyright declaration forms 1 year after employee leaves service Diaries – office 1 year after the calendar year to which

they refer

Exposure monitoring records 5 years from the date the record was made

Control of Substances Hazardous to Health Regulations 2002 (reg. 10 (5))

Flexi working hours (personal record of hours actually worked)

6 months

Freedom of Information requests 3 years after full disclosure: 10 years if information is redacted or the information requested is not disclosed

GMS1 forms (registration with GP) 3 years Health and Safety documentation 3 years History of organisation or predecessors, its organisation and procedures

30 years

Hospital (Trust) services 10 years Incident forms 8 years Indices (records management) Registry lists of public records marked for permanent preservation, or containing the record of management of public records File lists and documents lists where public records or their management are not covered

30 years

Library registration forms 2 years after registration Litigation dossiers (complaints including accident/incident reports) Records/documents relating to any form of litigation

10 years Where a legal action has commenced, keep as advised by legal representatives

Manuals – policy and procedure (administrative and clinical, strategy documents)

10 years after the life of the system (or superseded) to which the policies or procedures refer

Policy documents may have archival value

of 37

Records Type / Subtype Retention period Notes

Maps Lifetime of the organisation Meetings and minutes papers of major committees and subcommittees (master copies)

30 years The main copy is held by the person who organises the meeting and is responsible for archiving them.

Meetings and minutes papers (other, including reference copies of major committees)

2 years

Mortgage documents (acquisition, transfer and disposal)

6 years after repayment

Nominal rolls 6 years (maximum) Papers of minor or short-lived importance not covered elsewhere, e.g.:

advertising matter covering letters reminders letters making appointments anonymous or unintelligible letters drafts duplicates of documents known to be preserved elsewhere (unless they have important minutes on them) indices and registers compiled for temporary purposes routine reports punched cards

- other documents that have ceased to be of value on settlement of the matter involved

2 years after the settlement of the matter to which they relate

Service user information leaflets Lifetime of the organisation Service users’ property books / registers (property handed in for safe-keeping)

6 years after the end of the financial year in which the property was disposed of, or 6 years after the register was closed

Poorly performing doctors 10 yrs Press cuttings 1 year Project files (over £100,000) on termination, including abandoned or deferred projects

6 years

Project files (less than £100,000) on termination

2 years

Project team files – summary retained 3 years Quality assurance records (e.g. Healthcare Commission, Audit Commission, King’s Fund Organisational Audit, Investors in People)

12 years

Receipts for registered and recorded mail 2 years following the end of the financial year to which they relate

Records documenting the archiving, transfer to public records archive or destruction of records

30 years

Records of custody and transfer of keys 2 years after last entry Reports (major) 30 years Requests for access to records, other than FOI or subject access requests

6 years after last action

Requisitions

18 months

Research ethics committee records 30 years from date of decision

of 37


Serious incident files 30 years Specifications (e.g. equipment, services) 6 years Statistics 3 years from date of submission Subject access requests (DPA and AHR) – record of requests

3 years after last action

Surgical appliances forms AP1, 2, 3 & 4 2 years from completion of audit Time sheets 6 months Estates/Engineering Building and engineering works, including major projects abandoned or deferred – key records (e.g. final accounts, surveys, site plans, bills of quantities)

30 years

Buildings and engineering works, including major projects abandoned or deferred – town and country planning matters and all formal contract documents (e.g. executed agreements, conditions of contract, specifications, ‘as built’ record drawings, documents on the appointment and conditions of engagement of private buildings and engineering consultants)

30 years

Buildings – papers relating to the occupation of the building (but not H&S information)

3 years after occupation ceases Construction Design Management Regulations (1994)

Deeds of title Retain while the organisation has ownership of the building unless a Land Registry certificate has been issued, in which case the deeds should be placed in an archive If there is no Land Registry certificate, the deeds should pass on with the sale of the building.

Drawings – plans and buildings (architect signed, not copies)

Lifetime of the building to which they relate

Engineering works – plans and building records

Lifetime of the building to which they relate

Equipment – records of non-fixed equipment, including specification, test records, maintenance records and logs

11 years Consumer Protection Act 1987

Inspection reports (e.g. boilers, lifts) Lifetime of installation If there is any measurable risk of a liability in respect of installations beyond their operational lives, retain records indefinitely

Inventories of furniture, medical and surgical equipment not held on store charge and with a minimum life of 5 years

30 years after date of inventory

Inventories of plant and permanent or fixed equipment

5 years after date of inventory

Land surveys / registers 30 years Leases – the grant of leases, licences and other rights over property

Period of the lease plus 12 years Limitation Act 1980

Maintenance contracts (routine) 6 years from end of contract Manuals (operating) Lifetime of equipment Medical device alerts Retain until updated or withdrawn

(check MHRA website) www.mhra.gov.uk

Photographs of buildings 30 years Plans – building (as built) Lifetime of building May have historical

value

of 37


Plans – building (detailed) Lifetime of building May have historical value

Plans – engineering Lifetime of building Property acquisitions dossiers 30 years Radioactive waste 30 years Radioactive Substances

Act 1993 Site files Lifetime of site Structure plans (organisational charts) Lifetime of building Surveys – building and engineering works Lifetime of building or installation Financial Accounts – annual (final – one set only) 30 years Accounts – minor records (pass books, paying-in slips, cheque counterfoils, cancelled/discharged cheques, accounts of petty cash expenditure, travel and subsistence accounts, minor vouchers, duplicate receipt book, income records, laundry lists and receipts)

2 years from completion of audit

Accounts - working papers 3 years from completion of audit Advice notes (payment) 18 months Audit records – original documents 2 years from completion of audit Audit reports – external (including management letters, value for money reports and system/final accounts memoranda)

2 years after formal completion by statutory auditor

Bank statements 2 years from completion of audit BACS records 6 years after year end Benefactions (records of) 5 years after end of financial year in

which trust monies have become finally spent or the gift in kind is accepted. In cases where Benefaction Endowment Trust fund/capital/interest remains permanent, records should be permanently retained.

Bills, receipts and cleared cheques 6 years Budgets (including working papers, reports, varmints and journals)

2 years from completion of audit

Capital charges data 2 years from completion of audit Capital paid invoices (see Invoices) Cash books

6 years after end of financial year to which they relate

Limitation Act 1980

Cash sheets

6 years after end financial year to which they relate

Limitation Act 1980

Contracts – financial Approval files – 15 years Approved suppliers lists – 11 years

Contracts – non-sealed (property) on termination

6 years after termination of contract

Limitation Act 1980

Contracts – non-sealed (other) on termination

6 years after termination of contract Limitation Act 1980

Contracts – sealed (and associated records)

Minimum of 15 years, after which they should be reviewed

of 37


Contractual arrangements with hospitals or other bodies outside the NHS, including papers relating to financial settlements made under the contract (e.g. waiting list initiative, private finance initiative)


Cost accounts 3 years after end of financial year to which they relate

Creditor payments 3 years after end of financial year to which they relate

Debtors’ records – cleared 2 years from completion of audit Debtors’ records – uncleared 6 years from completion of audit Demand notes 6 years after end of financial year to

which they relate

Estimates – including supporting calculations and statistics


Excess fares 2 years after the end of the financial year to which they relate

Expense claims 5 years after end of financial year to which they relate

Fraud case files/investigations 6 years plus the length of sentence served on the perpetrator.

Fraud national proactive exercises 3 years Funding data 6 years after end of financial year to

which they relate

General Medical Services payments 6 years after year end Invoices 6 years after end of financial year to

which they relate Limitation Act 1980

Ledgers – including cash books, ledgers, income and expenditure journals, nominal rolls, non-exchequer funds records (service user monies)


Limitation Act 1980

Non-Exchequer funds records 30 years Although technically exempt from the Public Records Act, it would be appropriate for authorities to treat these records as if they were not exempt

PAYE records 6 years after termination of employment Payments 6 years after year end Payroll (i.e. list of staff in the pay of the organisation)

6 years after termination of employment

Positive predictor value performance indicators

3 years

Private Finance Initiative 30 years Receipts 6 years after end of financial year to

which they relate Limitation Act 1980

Salaries (Wages) 10 years after termination of employment

Superannuation accounts 10 years Superannuation forms SD55 (ADP) and SD55J (NHS Pension Scheme – copies)

10 years (original to NHS Pensions Agency)

Superannuation registers 10 years Tax forms 6 years Transport (staff pool car documentation) 3 years unless litigation ensues Trust documents without permanent relevance / not otherwise mentioned

6 years

of 37


Trusts administered by PCT (terms of) 30 years VAT records 6 years after end of financial year to

which they relate

Wages (salaries) 10 years after termination of employment

IM & T Documentation relating to computer programmes written in-house

Lifetime of software

Software licences Lifetime of software Chaplaincy records 2 years May have archival value Family Health Service Appeals Authority tribunal and case files

Case files – 10 years Decision records – until individual’s 80’th birthday

Research and development (organisation)

30 years

Personnel / Human resources Consultants (records relating to the recruitment of)

5 years

NHS (Appointment of Consultants) Regulations, good practice guidelines, page 11, para. 5.3

CVs for non-executive directors (successful applicants)

5 years following term of office

CVs for non-executive directors (unsuccessful applicants)

2 years

Duty rosters 4 years Industrial relations (not routine staff matters), including industrial tribunals

10 years

Job adverts 1 year Job applications (successful) 3 years following termination of

employment

Job applications (unsuccessful) 1 year Job descriptions 3 years Leavers’ dossiers 6 years after individual has left.

Summary to be retained for 30 years or until individual’s 70th birthday, whichever is later

Letters of appointment 6 years after employment has terminated or until 70th birthday, whichever is later

Nurse training records

30 years

Personnel/human resources records (e.g. personal files, letters of appointment, contracts, references and related correspondence, registration authority forms, training records, equal opportunity monitoring forms (if retained))

6 years after individual leaves service, at which time a summary of the file must be kept until the individuals 70th birthday

Personnel/human resources records – minor (e.g. attendance books, annual leave records, duty rosters, clock cards, timesheets)

2 years

Staff car parking permits 3 years Study leave applications 5 years Timesheets 6 months Training plans 2 years Purchasing / Supplies

of 37


Approval plans (contracts) 6 years after end of the year the contract expired

Approved suppliers lists 11 years Consumer Protection Act 1987

Delivery notes 2 years after the financial year to which they relate

Products (liability) 11 years Consumer Protection Act 1987

Stock control reports 18 months Stores records – major (e.g. stores ledgers) 6 years Stores records – minor (e.g. requisitions, issue notes, transfer vouchers, goods received books)

18 months

Supplies records – minor (e.g. invitations to tender and inadmissible tenders, routine papers relating to catering and demands for furniture, equipment, stationery and other supplies)

18 months

Tenders (successful) Tender period plus 6 year limitation period

Limitation Act 1980

Tenders (unsuccessful) 6 years Limitation Act 1980 Health care records includes paper format, microfilm/microfiche

Adult records Family planning 10 years after closure of case

Destroy under confidential conditions

Asylum seekers and refugees (NHS personal health record – service user-held record)

Special NHS record – service user held – no requirement on NHS to retain

Body release forms

2 years Destroy under confidential conditions

Death Registers in paper format Death registers are likely to have archival value.

Children’s records includes Child protection register, child and family guidance, cancer care, care records, dietetic records, family planning records, immunisation and vaccination records and dental records, occupational therapy records, physiotherapy records, podiatry records, speech and language therapy, x-ray reports, video recordings

Retain until the service user’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period


Clinical Audit records 5 years Destroy under confidential conditions

Clinical Psychology 30 years Clinical trials of investigational medicinal products – health records of participants are the source data for the trial

Trials to be included in regulatory submissions At least 2 years after the last approval of a marketing application in the EU Trials which are not to be to be used in regulatory submissions 5 years after the completion of the trial. The sponsor needs to indicate when the files need to be kept for longer

European Commission Directive 2005/28/EC European Commission Directive 2001/20/EC – The Medicines for Human Use (Clinical Trials) Regulations 2004

Controlled Drug Registers, Order Books and Pharmacy records


Dental epidemiological surveys 30 years Destroy under confidential conditions

Dental, ophthalmic and auditory screening records

11 years for adults Destroy under confidential conditions

of 37


Diaries 2 years Information documented in the diary should be transferred to clinical documentation within 2 clinical working days. Otherwise follow the archiving schedule for children, mental health, adults etc.


Genetic records 30 years from the date of last attendance

GP records including medical records relating to HM Armed Forces or those serving a period of imprisonment

Maternity records – 25 years after last live birth

Children and young people – until 25th Birthday or 26th Birthday if an entry was made when the young person was 17 or 10 years after the service user’s death if sooner

Mental Health Service users – complete records for first 20 years but records may then be summarised for an additional 10 year period.

Ministry of Defence retains copy of records relating to service medical history. GPs should receive summary records. GP records of serving military personnel that were in existence prior to them enlisting. Retain records for 10 years after the service user’s death.

Records relating to those serving a prison sentence – not to be destroyed records of serving prisoners that were ion existence prior to their imprisonment. Retain records for 10 years after service user’s death

All other service users – 10 years after their death or after the service user has permanently left the country unless the person remains in an EU country


Health records for adults (including cancer care) who have not had a child, mentally disordered or mentioned elsewhere in this schedule. Includes physiotherapy, occupational therapy, podiatry, speech and language therapy, x-rays, video recordings

8 years after conclusion of treatment or death


Homicide or serious untoward incident records


Hospital acquired infection records 6 years Destroy under confidential conditions

Maternity records relating to this speciality 25 years Destroy under confidential conditions

Medicine waste (special waste consignment notes)

3 years

Mentally disordered persons - Health records, physiotherapy records, occupational therapy records, podiatry records, speech and language therapy, x-ray reports and video recordings

Retain 20 years after the last entry in the record or eight years after the service user’s death if service user died while in the care of the organisation


of 37

Records Type / Subtype Retention period Notes Notifiable disease book 6 years Destroy under

confidential conditions Occupational Health records (Staff) 6 years

50 years for staff under medical surveillance 40 years for staff exposed, requiring surveillance under COSH regulations

Out of hours records (GP cover) including video, DVD and tape recordings

If only record 3 years, if placed on other records retain accordingly to speciality

Out service user lists, paper format 2 years Pharmacy - Unlicensed medicines dispensing record

5 years

Pharmacy prescriptions 2 years (Chemotherapy – 2 years after last treatment)

Pharmacy QC documentation, certificates of analysis

5 years or 1 year after expiry of batch (whichever is longer)

Refrigerator temperature 1 year Psychology records 30 years Records/documents related to any litigation As advised by the organisation’s legal

advisor. All records to be reviewed. Normal review 10 years after the file is closed

Records of destruction of individual health records and other health -related records contained in this retention schedule (electronic or paper format)

Permanently BS ISO 15489 (section9.10)

Research records except clinical trials of medicines

30 years

Suicide notes of service users having committed suicide

10 years

of 37

Appendix 4: Internal Confidential Courier Service

(“Red bag” scheme) Purpose: To ensure confidential mail is safely and securely transported between sites. Contents of Bags The contents sheet must be completed for every bag. When sending service user notes and important documents the correct information should be recorded on the contents form for each individual service user. When sending service user slips, i.e. development checks, A & E slips etc. these can be bundled up and put into one envelope which is recorded on the contents sheets just listing the envelope. The completed red bag contents sheet is to be placed inside the red bag with the confidential material. Make a copy of the contents sheet and retain until receiving the original back from the receiving unit. The bag is then sealed using a security tag. Bags will not be collected by the courier unless sealed. The completed Tracker Form is then secured to the outside of the bag. Numbered White Security Seals: Come in Box of 500s £8.32 Order via: NHS Supplies Code: WYY207 (costs as at 2010 prices) Tracker Forms Complete the tracker form recording all the details as directed on the form. If the transfer route includes a post room please tick the relevant box, if known. Operating Requirements 1. Trust courier drivers collect or deliver children services secured mail from designated area

as per run sheet. Courier drivers collecting mail must sign for it upon collection only if it is in a secured mailing pouch. Courier drivers delivering children services couriered mail must ensure it is signed over to a member of staff at the delivery destination.

2. Driver to sign and date the tracker form on every run. 3. If returning to Lister/QEII for onward travel secured mail pouch (red bag) should be

delivered to the post room. Member of post room staff must sign for the secured pouch (red bag) from the Driver

4. If there is no mail personnel in the post room on return from the final run the secured mail pouch (red bag) should be placed in the designated pigeon hole.

5. Drivers must ensure that they sign for any secured mailing pouches that they receive from the post room.

6. Driver will then deliver secured mailing pouch (red bag) to designated delivery point. Upon arrival at destination a member of staff must sign for the secured mailing pouch (red bag) before delivery can be finalised.

of 37

Operational Flowchart

Confidential Material Transfer Process 4 Jan 2011

Hertfordshire PCTs

Clinical service require to transfer patient notes or other confidential

material via courier service to another service department or location in

Hertfordshire

Complete red bag contents sheet and insert inside red

bag with confidential material

Seal Bag using

security tag

Complete tracker form recording transfer details and seal

number

Bag left at designated collection point for

courier

Courier transports Confidential material

Confidential material signed for on arrival at end users destination

Unit make copy of contents sheet and retain

until confirmation of receipt from receiving unit.

Contents checked, red bag and completed

contents sheet returned to sender

of 37

RED BAG CONTENTS

CONTENTS INSIDE RED BAG

Seal Number: ………………………..

Sender Name: ……………………….. Base: …….………………………….

Contact Telephone Number: ………………. Internal Postal Code: ……….

Description/Type of Contents Name of Service user NHS Number

(If any discrepancy is found, please refer back to sender)

Confirmation of receipt: …………………………………………………………... Print Name: …………………………………………………………………………. Dept: ………………………………………………………………………………….. Date: …………………………………………………………………………………..

Now please return this sheet back to the sender in this red bag as confirmation of receipt

of 37

Red Bag Tracking Form (attach completed form to the outside face of Red Bag before sending)

DATE FROM TO BAG

SEAL NO RECEIVED BY

PRINT NAME SIGNATURE

DATE &

TIME

of 37

Red Bag Project - East & North Hertfordshire Sites Schedule

Site / address Frequency Time (24h clock) Run no

Location code

9 Walkern Road Stevenage, daily 10.15 run 2 LC251 SG1 3QD Tel: 01438 735734 Fax: 01438 735731 Ambulance HQ Ascots Lane, daily 09.30 run 17 QC201 Welwyn Garden City, AL7 4HL Tel: 01707362514 Fax: 01707 362516 Appletrees (Hitchin Hospital) Oughton Head Way, daily 10.15 run 8 LC216 Hitchin, SG5 2QU Tel: 01438 781351 Fax 01438 781354 (Open Tuesday and Wednesday) Bedford Road Health Centre Hitchin, daily 10.30 run 8 LC203 SG5 1HF Tel: 01462 427000 Fax: 01462 427129 Bishop’s Stortford Health Centre Market Square, Tue, Thu 12.00 run 15 QC203 Bishops’ Stortford, CM23 3UU Tel: 01279 652745 Fax: 01279 501445 Bowling Road Clinic Bowling Road, daily 10.00 run 13 QC253 Ware, SG12 7EF Tel: 01920 462388 Fax: 01920 484 920 Buntingford Health Centre White Hart Close, Tue, Thu 14.00 run 15 QC207 Buntingford, SG9 9OQ Tel: 01763 271763 Fax: 01763 274627 Cherry Trees (Hitchin Hospital) Oughton Head Way, daily 10.15 run 8 LC209 Hitchin, SG5 2QU Tel: 01438 314433 Fax: 01438 781354 Cheshunt Community Hospital King Arthur Court, daily 10.30 run 17 QC240 Crossbrook Street, Cheshunt, EN8 8XN Tel: 01992 622157 Fax: 01992 629595 Cuffley Health Centre Maynards Place, daily 12.00 run17 QC213

of 37


Location code

Station Road, Cuffley, EN6 4JA Tel: 01707 875666 Fax: 01707 876756 Danesbury School Lane, daily 14.30 run 19 QC214 Welwyn, AL6 9SB Tel: 01438 714447 Fax: 01438 712486 Danestrete Centre Southgate, daily 10.30 run 2 LC210 Stevenage, SG1 1HB Tel: 01438 781467 Fax: 01438 781470 Gregans House 34 Bedford Road daily 10.30 run 8 LC203 Hitchin SG5 1HF Tel: 01462 427100 Fax: 01462 427129 Hertford County Hospital Community Nursing Office, daily 11.30 run 13 H11 North Road, Hertford, SG14 1LP Tel: 01438 314333 Fax: 01707 338775 Herts Essex Hospital Haymeads Lane (none regular) QC203 Bishops Stortford CM23 5JH Tel: 01279 655191 Fax: 01279 827134 Hoddesdon Health Centre High Street, Tue, Thu 10.30 run 15 QC219 Hoddesdon, EN11 8BQ Tel: 01992 471818 Fax: 01992 474692 Laburnum House (Hitchin Hospital) Oughton Head Way, daily 10.15 run 8 LC216 Hitchin, SG5 2QU Tel: 01438 781370 Fax: 01462 454504 Nevells Road Health Centre Letchworth Garden City, daily 11.30 run 1 LC225 SG6 4TS Tel: 04162 684731 Fax: 01462 480967

7

of 37


Location code

Park Drive Clinic Park Drive, daily 13.30 run 1 LC202 Baldock, SG7 6EN Tel: 01462 492500 Fax:01462 491052 Parkway Health Centre Birdcroft Road, daily 13.30 run 20 QC228 Welwyn Garden City, AL8 6EH Tel: 01707 324541 Fax: 01707 386 861 Queen Victoria Memorial Hospital (QVM) School Lane, daily (morning) run 19 QC231 Welwyn, AL6 9SB Tel: 01438 841800 Fax: 01438 841832 Queensway Health Centre Queensway, daily 14.30 run 21 QC230 Hatfield, AL10 OLF Tel: 01707 264577 Fax: 01707 274062 Royston Health Centre Melbourn Street, daily 13.30 run3 LC241 Royston, SG8 7BZ Tel: 01763 257979 Fax: 01763 257971 Royston Hospital London Road, daily 14.00 run 3 LC230 Royston, SG8 9EN Tel: 01763 242134 Fax: 01763 241345 St. Nicholas Health Centre Canterbury Way, daily 13.30 run 10 LC238 Stevenage, SG1 4LJ Tel: 01438 747064 Fax: 01438 720523 Safeguarding Children 1st floor, 126 Crossbrook Street daily 10.30 run 17 QC240 Cheshunt, EN8 8JY Tel: 01992 818010 Fax: 01992 818067 Sawbridgeworth Clinic Central Surgery, Tue, Thu 11.45 run 15 QC232 Bell Street, Sawbridgeworth, CM2 9AE Tel: 01279 722694 Fax: 01279 723248

of 37


Location code

Southgate Health Clinic Stevenage, daily 10.30 run 2 LC233 SG1 1HB Tel: 01438 781404 Fax: 01438 781409 Stanmore Road Health Centre Stevenage, daily 10.00 run 2 LC239 SG1 3QA Tel: 01438 727161 Fax: 01438 314248 Standon Health Centre Station Road, Tue, Thu 13.00 run 15 QC235 Puckeridge, SG11 1TF Tel: 01920 822018 Fax: 01920 823985 Valley View Surgery Goffs Lane, daily 10.50 run 17 QC249 Goffs Oak, EN8 5ET Tel: 01707 875223 Fax: 01707 875033 Waltham Cross Clinic Stanhope Road, Tue, Thu 10.40 run 15 QC251 Waltham Cross, EN8 7DJ Tel: 01992 621613 Fax: 01992 780168 Warden Lodge Glen Luce, daily 10.15 run 17 QC252 Turners Hill, Cheshunt, EN8 7DJ Tel: 01992 622324 Fax: 01992 636900 Ware Clinic 15 Bowling Rd daily 10.00 run 13 QC253 Ware Herts SG12 7EF Tel: 01920 46238 Fax: 01920 484920 Wheelchair Services Unit 17 & 19 Mon, Wed, Fri 13.30 run 20 QC255 South Mundells Welwyn Garden City AL7 1EP Tel: 01707 382000 Fax: 01707 382092 Wormley Health Centre Fairfield Drive, (none regular) Wormley, EN10 6DX Tel: 01992 474674 Fax: 01992 474694

of 37

Partnership Organisations – East & North Hertfordshire Location Codes Partnership Organisation Location

305 Ware Road, Ware QC 200 Ambulance HQ, Ascots Lane, Welwyn Garden City QC 201 Amwell View School, Stanstead Abbotts, Ware QC 202 Bishops Stortfold H/C, Market Square, Bishops Stortfold QC 203 Bridge Cottage Surgery, 51 Bridge Road East, WGC QC 204 Brocket Road Surgery, Hoddesdon QC 205 Bull Plain Clinic, Bull Plain, Hertford QC 206 Buntingford H/C, White Hart Close, Buntingford QC 207 Burvill House Surgery, 52/54 Dellfield Road, Hatfield QC 208 Castle Gate Surgery, Castle Street, Hertford QC 209 Charter House, Parkway, WGC QC 210 Church Street Partnership, 30A Church Street, Bishops Stortford QC 211 County Hall, Hertford QC 212 Cuffley Health Centre, Maynards Place, Cuffley QC 213 Danesbury, School Lane, Welwyn QC 214 Dolphin House Surgery, 6-7 East Street, Ware QC 215 Hanscombe House Surgery, 52A St Andrew Street, Hertford QC 216 Hatfield University, College lane, Hatfield QC 217 High View, 20 Southgate Road, Potters Bar QC 218 Hoddesdon H/C, High Street, Hoddesdon QC 219 Jim McDonald Day Centre, High View, Hatfield QC 220 Lakeside School, Lemsford Lane, WGC QC 221 Lister House Surgery, The Common, Hatfield QC 222 Luton & Dunstable Hospital/Clinic QC 223 Moorswalk Surgery, Panshanger, WGC QC 224 Much Hadham H/C, Ash Meadow, Much Hadham QC 225 North Place, Hatfield QC 226 Northdown Road, Hatfield QC 227 Parkway Health Centre, WGC QC 228 Potterells Medical Centre, Station Road, North Mymms QC 229 Queensway Clinic, Queensway, Hatfield QC 230 QVM, School Lane, Welwyn QC 231 Sawbridgeworth Clinic, 2B The Square, Sawbridgeworth QC 232 Seward Lodge, Stanstead Road, Hertford QC 233 St Albans Hospital/Clinic QC 234 Standon H/C, Station Road, Puckeridge QC 235 Stockwell Lodge Medical Centre, Rosedale Way, Cheshunt QC 236 The Bridge, CMHT, 26 Bridge Road East, WGC QC 257 The Maltings Surgery, 15 Amwell End, Ware QC 237 The Surgery, 11 Guessons Road, WGC QC 238 The Surgery, 110 Peartree Lane, WGC QC 239 The Surgery, 126 Crossbrook Street, Cheshunt QC 240 The Surgery, 185 Knightsfield, WGC QC 241 The Surgery, 20 Parkway, WGC QC 242 The Surgery, 4 Hall Grove, WGC QC 243 The Surgery, 59 Ware Road, Hoddesdon QC 244 The Surgery, 77 Ware Road, Hertford QC 245 The Surgery, 8-14 Limes Court, Conduit Lane, Hoddesdon QC 246 The Surgery, St Marys Courtyard, Church Street, Ware QC 247 Tudor Farm Surgery, 127 Tudor Way, Hertford QC 248

of 37

Partnership Organisation Location

Valley View H/C, Valley View, Goffs Oak QC 249 Wallace House Surgery, 9-11 St Andrew Street, Hertford QC 250 Waltham Cross Clinic, Stanhope Road, Waltham Cross QC 251 Warden Lodge Surgery, Albury Ride, Cheshunt QC 252 Ware Clinic, Bowling Road, Ware QC 253 Westgate House, Tower Road, Ware QC 254 Wheelchair Clinic, 74-76 Tewin Road, WGC QC 255 Wrafton House Surgery, Wellfield Road, Hatfield QC 256

of 37

Appendix 5 – Equality Impact Assessment Stage 1 Screening

1. Policy EIA Completion Details Title: Information Lifecycle Management Policy Names & Titles of staff involved in completing the

EIA: Valerie Penn, Head of Governance Caroline Law, Information Governance Project Manager

Proposed Existing

Date of Completion: 11/09/2013

Review Date: 11/09/2013

2. Details of the Policy. Who is likely to be affected by this policy? Staff Patients Public

3. Impact on Groups with Protected Characteristics Probable impact on group? High,

Medium or Low

Please explain your answers Positive Adverse None

Age

Being married or in a civil partnership

Disability, inc. learning difficulties, physical disability, sensory impairment etc.

Having just had a baby or being pregnant

Race, ethnicity, nationality, language etc.

Religion or belief

Sex (inc. being a transsexual person)

Sexual Orientation

Other:

No impact on any of the groups above.

Please explain and provide evidence

4. Which equality legislative Act applies to the policy? Human Rights Act 1998 Equality Act 2010 Health & Safety Regulations

Mental Health Act 1983 Mental Capacity Act 2005

5. How could the identified adverse effects be minimised or eradicated? N/A 6. How is the effect of the policy on different Impact Groups going to be monitored?

of 37

Appendix 6 – Privacy Impact Assessment Stage 1 Screening 1. Policy PIA Completion Details Title: Information Lifecycle Management Policy Names & Titles of staff involved in completing

the PIA: Valerie Penn, Head of Governance Caroline Law, Information Governance Project Manager

Proposed Existing

Date of Completion:11/09/2013

Review Date: 11/09/ 2014

2. Details of the Policy. Who is likely to be affected by this policy? Staff Patients Public

Yes No Please explain your answers Technology Does the policy apply new or additional information technologies that have the potential for privacy intrusion? (Example: use of smartcards)

Yes – Smart card technology used to access personal identifiable data

Identity By adhering to the policy content does it involve the use or re-use of existing identifiers, intrusive identification or authentication? (Example: digital signatures, presentation of identity documents, biometrics etc.)

Yes- personal identifiable data used for health care and organisational sensitive data

By adhering to the policy content is there a risk of denying anonymity and de-identification or converting previously anonymous or de-identified data into identifiable formats?

No – personal identifiable data used for NHS purposes in controlled environments to meet business requirements by fully qualified staff

Multiple Organisations Does the policy affect multiple organisations? (Example: joint working initiatives with other government departments or private sector organisations)

Yes- under controlled conditions with organisations with contracts and service level agreements.

Data By adhering to the policy is there likelihood that the data handling processes are changed? (Example: this would include a more intensive processing of data than that which was originally expected)

If Yes to any of the above have the risks been assessed, can they be evidenced, has the policy content and its implications been understood and approved by the department?

Risks have been assessed and deemed acceptable.

of 37

INFORMATION LIFECYCLE MANAGEMENT POLICY...Managers are responsible for ensuring compliance within...

Documents

Transcript of INFORMATION LIFECYCLE MANAGEMENT POLICY...Managers are responsible for ensuring compliance within...