INFORMATION LIFECYCLE MANAGEMENT POLICY

Transcription

1 INFORMATION LIFECYCLE MANAGEMENT POLICY Page 1 of 37

2 Policy Owner Policy Author Directorate Approved by Date of Approval Date of Review Valerie Penn, Head of Governance Caroline Law, Information Governance Project Manager Governance and Corporate Affairs Alan Pond, Chief Finance Officer Sheilagh Reavey, Director of Nursing and Quality 16 th September th September 2014 Document History Version Date Name Revision Description V1, Draft 1 09/2007 Adrian Lambourne, Jane Taylor Chris Poulton, Brian Miller Martin Dyer, Jane Robinson Tracey Westley, John Paton, John Hepburn, Jessica Linskill, Elaine Fisher, Rachel Daly Initial draft V1, Draft 1 09/2007 IG Working Group Inclusion of comments, amendments and updates V1, Draft 2 10/2007 Inclusion of comments, amendments and updates V1, Draft 3 11/2007 Inclusion of comments, amendments and updates V1, Draft 4 01/2008 PSU involved Inclusion of comments, amendments and Chief Operating Officer updates V1, Draft 5 03/2008 Inclusion of comments, amendments and updates V1, Draft 6 03/2008 Corporate Policies Chair Policy ratified by Chair of Corporate Policies V1, 03/2008 Policy published V1 Draft 7 02/2009 Gillian Pearce Review V2 Draft 1 01/2011 Sandre Jones, Valerie Penn, Review and update Tony Woollard 2.2 Draft 04/09/2013 Caroline Law Annual review and update Document title change from Information Lifecycle & Management of Records Policy & Procedure to Information Lifecycle Management Policy 2.3 Draft 13/09/2013 Caroline Law Updated following comments by Caldicott Guardian (Director of Nursing and Quality) and SIRO(Chief Finance Officer) 2.4 Draft 16/09/2013 Julie Andrews Quality assurance 3.0 Final 18/09/2013 Caroline Law Final approved version Page 2 of 37

3 Contents Section No. Section Name Page No. Executive Summary 4 1. Introduction 5 2. Definition of Terms 5 3. Purpose 6 4. Scope 6 5. Responsibility and Accountability 6 6. Information Lifecycle Creation Retention Maintenance and Storage Use and Handling of Information Disposal and Destruction Information Quality Access to Information Monitoring and Review Training Dissemination of Document References Related Policies and Documents 13 Appendix 1 Information Lifecycle Management Strategy 14 Appendix 2 Archiving Procedure 15 Appendix 3 Retention and Disposal Schedule 17 Appendix 4 Internal Confidential Couriers Service 26 Operational Flowchart 27 Red Bag Contents 28 Red Bag Tracking Form 29 East & North Hertfordshire Sites Schedule 30 Partnership Organisations East & North Hertfordshire 34 Appendix 5 Equality Impact Assessment Stage 1 Screening 36 Appendix 6 Privacy Impact Assessment Stage 1 Screening 37 Page 3 of 37

4 Executive Summary East and North Hertfordshire Clinical Commissioning Group (ENH CCG or the CCG) is responsible for the information it processes under the Public Records Act 1958, the Data Protection Act 1998, the Freedom of Information Act 2000 and the Access to Health Records Act The CCG ensures that all records and information, manual or electronic, corporate and clinical, are created, maintained, used and disposed of in line with the requirements of these acts. This policy will set the standards for meeting the CCG business needs, ensure conformance to relevant legislation, regulations and standards, and providing a basis for accountability and responsibilities for information and records management. Information lifecycle refers to the life of a record from its creation/receipt, throughout its active use, access to the record, transportation of the record, its retirement to archive or preservation, the period of its retention and its final disposal and destruction. Information lifecycle management is the process used by the organisation to manage all aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through eventual disposal and destruction. The CCG aims to meet the Department of Health s core standard for health care organisations, which is to have a systematic and planned approach to the management of records. This Information Lifecycle Management policy is compatible with the requirements of the relevant acts and of the Department of Health guidelines on the management of records. This policy and related procedures are recommended as good practice guidance for each of its independent contractor professions (general practitioners, dentists, pharmacists, optometrists, including all provider organisations) in relation to management of records that they hold. The potential risk for non-compliance with managing records is the risk of litigation and the organisation not meeting the requirements of external reviews such as Information Governance Strategy Toolkit and the Quality Framework. This policy should be read in conjunction with the CCG information governance, data protection, information security and freedom of information policies, the confidentiality code of conduct and other related policies and documents in section 13 of this policy. Page 4 of 37

5 1. Introduction 1.1 NHS East and North Hertfordshire Clinical Commissioning Group (ENH CCG or the CCG) recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The CCG fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. 1.2 The CCG also recognises the need to share information with other health organisations and agencies in a controlled manner consistent with legislative requirements. 1.3 The CCG believes that timely and relevant information is essential to deliver highest quality standards. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision making process. 1.4 ENH CCG works to a framework for handling personal information in a confidential and secure manner to meet ethical and quality standards. This enables National Health Service organisations in England and individuals working within them to ensure personal information is dealt with legally, securely, effectively and efficiently to deliver the best possible care to patients and clients. 1.5 ENH CCG, via the Information Governance Toolkit, provides the means by which the NHS England can assess compliance with current legislation, Government and National guidance. 1.6 Information Governance (IG) covers: Data Protection & IT Security (including smart cards), Human Rights Act, Caldicott Principles, Common Law Duty of Confidentiality, Freedom of Information Regulations and Information Quality Assurance 2. Definition of terms 2.1 Archives - Records that are appraised as having permanent value for evidence of ongoing rights or obligation, for historical or statistical research or as part of the corporate memory of the organisation. 2.2 Destruction - The process of eliminating or deleting records beyond any possible reconstruction (BS ISO :2001) 2.3 Public records Records as defined in the Public Records Act 1958 or subsequently determined as public records by The National Archives. 2.4 Records - This applies to electronic and paper records/information that provide evidence of actions and decisions made by the organisation. Records are the organisations corporate memory. 2.5 Records management - field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records. Records management includes processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. Page 5 of 37

6 2.6 For the purposes of this policy, the terms records and information will be used interchangeably. 3. Purpose Records are a valuable resource and must be efficiently managed and available to those with authorised access in order to: Support the CCG s administrative and managerial decision making Meet legal requirements including requests from service users under access to records legislation. Assist in providing evidence for internal and external reviews and other audits. Support day-to-day business Provide clinical and managerial effectiveness through multi-disciplinary working within the CCG and with partner agencies. This will enable: the formation and accountability / transparency in use of public resources; empower the CCG to support improvements through audit, research and archival functions by taking account of the historical importance of material and the needs of future research; and Support the investigation of complaints, claims and incidents. The purpose of the information lifecycle policy is to ensure a consistent and effective approach to the management of all information and/or records within the CCG. 4. Scope The policy sets out the main requirements for the management of all clinical and corporate records within the CCG including but not limited to: All administrative records (e.g. personnel, estates, financial and accounting records, service level agreements, notes associated with complaints); and All service user health records (including their medical case notes, nursing care plans, visual or audio recordings, registers etc.) This policy and related procedures apply to all staff employed for or working on behalf of the CCG including permanent, contracted, temporary, secondment, bank, agency, students, volunteers and locums. The information lifecycle management policy applies to records in all formats, whether electronic and those stored in various forms including photographs, x-rays, audio messages and CCTV images. 5. Responsibility and Accountability 5.1 Chief Executive The Chief Executive is the Accountable Officer responsible for the management of the CCG and for ensuring appropriate mechanisms are in place to support service delivery and continuity. The Accountable Officer has ultimate responsibility for compliance with IG legislations. Page 6 of 37

7 5.2 The Senior Information Risk Owner The CCG s Senior Information Risk Owner (SIRO) is the Chief Finance Officer and also the Chair of the Information Governance Forum. The SIRO is accountable for information risk on the Governing Body and in internal discussions. They will provide written advice to the Accountable Officer on the content of their Annual Governance Statement in regard to information risk. 5.3 The Caldicott Guardian The CCG s Caldicott Guardian is the Director of Nursing and Quality and has a particular responsibility for reflecting patients interests regarding the use of patient identifiable information. The Caldicott Guardian has an advisory role and a particular focus on ensuring patient identifiable information is shared in an appropriate and secure manner. 5.4 The Information Governance Forum The Information Governance Forum is responsible for ensuring that this policy is implemented, including any supporting guidance and training deemed necessary to support the implementation, and for monitoring and providing Governing Body assurance in this respect. 5.5 The Head of Governance The Head of Governance is responsible for advising on IG strategic direction, the development of policy and guidance for the CCG and the day to day management of the IG agenda which includes information lifecycle management. 5.6 Managers Managers are responsible for ensuring compliance within their areas, making sure records management issues are addressed and key performance targets around record keeping including training are met. Managers need to be fully conversant with the electronic records and computer system and supplementary reporting procedures that are used in their service area. Where further advice is required, the Head of Governance should be contacted. 5.7 Healthcare professionals Healthcare professionals have a duty to: Keep up to date, and adhere to, relevant legislation and national and local policy relating to information and record keeping. Keep up to date on best practice for health/social care records and communication practice standards Be proficient in the system they use to record and communicate health and social care information Meet the standards of their professional organisation. 5.8 All Staff All staff and anyone working on behalf of the CCG, involved in the receipt, handling or communication of person identifiable information, must adhere to this policy at all times and where relevant of their professional codes and standards. Anyone who records, handle, store or otherwise comes across person or patient identifiable information has a common law duty of confidence. This duty continues even after the death of an individual. Page 7 of 37

8 6. Information Lifecycle The Information lifecycle defines five distinct phases: Creation, Retention, Maintenance, Use and Disposal 6.1 Creation When creating information or records, the following should be adhered to. The information must be: Available when needed Accessible to all members of staff that require access in order to enable them to carry out their day to day work Interpretable, clear and concise Trusted, accurate and relevant Secure the information must be secure from unauthorised access or inadvertent alteration or erasure 6.2 Retention Information retention period varies dependant on the type of records and are retained for legal, operational, research and safety reasons. Some items may be considered for permanent preservation. For retention periods of documents held by the CCG please refer to the Retention and disposal schedule in Appendix Maintenance and storage The qualities of availability accessibility, interpretation and trustworthiness of information must be maintained for as long as the information is needed, perhaps permanently, despite changes in the format. The use of standardised filenames and version control methods should be applied consistently throughout the life of the information. Scanning A brief summary should be entered into the scanned document, with a reference to where the original is stored; i.e. the secondary paper file. All scanned documents must be dated and titled appropriately to enable easy identification and retrieval. The date should reflect the date of the correspondence/activity/incident, not the date it is being attached to the record. Archiving For legal and organisational reasons, information must be stored securely. Electronic records are automatically backed up and archived. Contents within manual/paper records should be stored chronologically, the most recent part of the records accessible first. Storage arrangements must allow for retrieval with speed of access dependant on the urgency of requirement of access to the information. The procedure for archiving is in Appendix 2 of this policy. For further information and guidance on archiving, contact the Head of Governance. Tracing records Tracer cards are in place to track the whereabouts of records. Examples would include critical incident review files, complaints files. The minimum data which needs to be recorded includes: the name of the file; date the file was dispatched, destination and name of recipients, name of person releasing the file. A return receipt should always be requested and made clear to whom the records should be returned and by when. A chase and tracking system must be operated to ensure Page 8 of 37

9 the file is safely returned to the relevant filing system and that absent records are chased regularly. 6.4 Use and handling of information All information must be used and handled consistently with the purpose for which it was intended. Disclosure only the specific information should be disclosed to authorised parties and always in accordance and with strict adherence to the legislations. Transfer the mechanism for transferring information from one organisation to another should also be tailored to the sensitivity of the material contained within the records and the media on which they are held. The Head of Governance and ICT Infrastructure Manager can advise on appropriate safeguards. Public authorities are required to transfer certain information to The National Archive for permanent retention. The Head of Governance can provide guidance on such records. Posting confidential documents - Documents/clinical records should be put in a strong envelope, marked private and confidential and sent via special delivery. Confidential documents sent internally need to be put either in an internal transfer envelope or an envelope strong enough to take the contents and placed in a courier bag with a seal tab (tamper proof wallet/red bag). The envelope needs to clearly state the recipient and their full address, avoid abbreviations. The recipient of the document should inform the sender that the document has arrived as per the instructions on the tracer card. Access to health records ensures service user safety and continuity of care; a risk assessment needs to be carried out to ensure that the appropriate method of transportation is used. See Appendix 4 for more details of the internal confidential courier service ( red bag ) procedure. Closure Records should be closed and transferred to secondary storage as soon as they cease to be active. Where paper records or files have been closed, the date of closure and possible disposal date should be noted on the records. Where possible information on the intended disposal dates for electronic data should be maintained. 6.5 Disposal and destruction The disposal of a record is defined under the freedom of information legislation, as the point in their lifecycle when they are either or destroyed. It is important that the disposal or destruction of records are carried out in a controlled manner. It is vital that confidentiality is safeguarded at every stage and that the method used to dispose of or destroy records is fully effective and secures their complete illegibility and inability to be reconstructed. A record of the disposed or destroyed information should be maintained for reference. Confidential waste bins have been provided for disposal of confidential paper records Page 9 of 37

10 7. Information quality It is the responsibility of all staff to ensure the information generated or received is legible, accurate, up to date and accessible. The quality of information produced can have a significant impact on the quality and efficiency of decision making and services provided by the CCG. 7.1 Naming conventions The following rules should be followed when generating or entering documents onto the computer either for clinical or non-clinical use. Specific information should be recorded when naming a document e.g. the content of the document. Logical information should also be captured e.g. the name of the person who created the document and the date the document was created (not the date it was entered onto records). Each file must have: o a unique name or number e.g. service user s NHS number to each document and each page o a meaningful name which closely reflects and records content o express elements of the name in a structured and predictable order All clinical documents should have please return this document to the relevant service s address on the front. Non- clinical records that need to be security marked should have: - o Version control: Each document must contain a header or footer which shows the Version Number of the document together with the date it was last modified. o Watermarks: All draft documents must always contain a watermark stating the document is DRAFT. This will avoid confusion for any potential reader and prevent staff from believing the document may be an approved document. This will be removed once it has been finalised. o Distribution lists: The distribution or circulation list of certain documents (e.g. agendas, consultation drafts etc.) must be clearly marked on all copies to avoid unnecessary duplication and to facilitate the recipients forwarding the document onto others who may also need to see it. 7.2 Corporate and clinical records Records must be clear, legible and in a printable format if required for disclosure under relevant legislation. Jargon should be avoided and the information written in terms the staff or service user can understand. Paper and electronic records should clearly identify the date, time, the document author, and how it relates to other documents Personal details contained in the record must be checked for accuracy and updated accordingly each time the individual sees the service user. Any discrepancies between electronic and paper records should be queried by the member of staff and amended accordingly. Page 10 of 37

11 Unnecessary duplication between the paper and electronic record collections should be curbed. All information should be unambiguous, factual and consistent. Relevant, non-factual entries e.g. conclusions or opinions may be recorded and should be indicated as such. Records should not include personal views unless these have a potential bearing on management or service user. Documents which should not be disclosed should clearly be marked as such. Records must include details of the referral, assessment, treatment plan, progress and outcome for the service user and proposed plan of action/care and actions/care by practitioner and service user. A scheduled appointment or event should be created against each clinical entry where a telephone or face to face meeting with the service user, their representative, or another professional has taken place. Clinical notes must be entered as soon as possible following contact; the minimum standard is within 2 working days. Where this is not possible and there is a significant delay in recording the information, an explanation should be added at the start of the note, giving the reason for the delay and the date and source of any original notes taken. If an entry is to be highlighted, for ease of identification or to provide instruction, this should be done by using CAPITAL LETTERS and recording the name or instruction, e.g. NOT FOR DISCLOSURE in the title or summary field. 8. Access to Information 8.1 Under the Data Protection Act 1998, living individuals have a right request access to their personal data as held by the CCG. A written request for information known as a Subject Access Request (SAR) must be made. Details of the procedure can be found in the Subject Access Request (SAR) Procedure document available on the intranet. 8.2 Under the Freedom of Information Act 2000, the public has access to information held by public authorities. The CCG is obliged to publish certain information about its activities and members of the public are entitled to request information from the CCG. The CCG Freedom of Information Act Policy and the FOI Appeals and Complaints Procedure provide further details and can be accessed on the intranet. 8.3 Under the Access to Health Records Act (AHRA) 1990, only specific people have the right to right for access to the health records of someone who has died. These individuals are defined under the Act as the patient s personal representative and any person who may have a claim arising out of the patient s death. 8.4 From time to time it may be necessary to provide read only access to information/records for legal and audit purposes. 9. Monitoring and Review 9.1 The Information Lifecycle Management Policy shall be monitored by the Information Governance Forum. 9.2 Staff must raise risks and issues regarding the safety and security of information and any practices which do not conform to this policy, or any other related information governance policies and/or risk frameworks. Incident reports and results of risk assessments will be used for monitoring purposes. Page 11 of 37

12 9.3 Audit is part of the risk management process and there will be yearly audits of the quality of record keeping standards to ensure an on-going programme of improvement. 9.4 The implementation of this policy will be in line with the information lifecycle management strategy (Appendix 1) and will be managed by the Head of Governance. 9.5 The Information Lifecycle Management Policy will be reviewed annually or in response to any significant information governance incidents or in response to organisational or legislation changes. 10. Training All staff are required to carry out the mandatory IG training through the online NHS Information Governance Training Tool. Further training and development will be in accordance with the Education Learning and Development Policy. 11. Dissemination of document The Information Lifecycle Management Policy will be published on the intranet. Any changes, updates or amendments to this policy will be communicated to all staff as and when they occur. 12. References 12.1 References to Standards Information Governance Toolkit v Legislation Access to Health Records Act 1990 Common Law Duty of Confidentiality Computer Misuse Act 1990 Data Protection Act 1998 Freedom of Information Act 2000 Health and Social Care Act 2008 Human Rights Act 1998 Re-use of Public Sector Information Regulations Guidance and Standards Access to Health Records, Department of Health (2010) Achieving timely simple discharge from hospital: A toolkit for the multi-disciplinary team, Department of Health (2004) Caldicott Guardian Manual (2010) Care Record Guarantee Department of Health (2009) Confidentiality NHS Code of Conduct Information Security Management: NHS Code of Practice 2007 NHS Information Governance: Guide on Legal and Professional Obligations (2007) Records Management: NHS Code of Practice, Department of Health (2008) Records management: NHS Code of Practice Parts 1 (2006) and Part 2 (2009), Department of Health Care Quality Commission standards NHS Litigation Authority standards Page 12 of 37

13 13. Related polices and documents Business Continuity Policy Confidentiality Code of Conduct Data Protection Policy Data Quality Policy and Internet Policy Emergency Planning Policy Freedom of Information Act Policy FOI Appeals and Complaints Procedure Incident Management Policy Information Governance Policy Information Security Policy Research Governance Policy Risk Management Framework Serious Incidents Requiring Investigation (SIRI) Policy Page 13 of 37

14 Appendix 1: Information Lifecycle Management Strategy 1) Aims The aims of the Information Lifecycle Management Strategy are to ensure: a systematic and planned approach to information management, covering every stage of the lifecycle of a record; efficiency and best value through improvements in the quality and flow of information, and greater co-ordination of records and storage systems; compliance with statutory requirement; responsibility and accountability of information and records appropriate archiving of important records 2) Strategy 2.1 Responsibility and accountability - To provide a clear system of accountability and responsibility for information and record creation, retention and use. 2.2 Information quality - To create and keep records which are adequate, consistent, and necessary for statutory, legal and business requirements 2.3 Information use and management - To achieve systematic, orderly and consistent creation, retention, appraisal and disposal procedures for records throughout their lifecycle. 2.4 Information security - To provide systems which maintain appropriate confidentiality, security and integrity for records in their storage and use 2.5 Access to information To provide clear and efficient access for those with legitimate right of access and to ensure compliance with access to information legislation 2.6 Audit and review To assess the level of compliance against the Toolkit and other required standards. 2.7 Training To provide training and guidance on legal and ethical responsibilities and operational good practice for all staff involved in records management. Page 14 of 37

15 Appendix 2: Archiving procedure Overall responsibility for archiving lies with the Head of Governance. Unless legal or clinical records, if electronic versions of documents are securely archived, then paper copies need not be retained. Responsibility for sorting, preparing, boxing up and clearly cataloguing any department s documents for archiving rests with the department itself. Archive boxes, box labels, bar codes and log sheets are available from the Head of Governance at Charter House. Archiving should be prepared as follows: Make an e-list (spread sheet) making sure you state the following clearly: name, description of contents (e.g. complaint log, NHS numbers etc. for patient related paperwork) Ideally NHS numbers should be listed and Any departmental assigned box number A copy of the e-list should be placed on the inside top of the archive box Retention Period/Destruction date - see Appendix 3 2 x labels which also give details of the content of the box (the sample label below fits onto Niceday Laser Labels EU Ref ) The name of the staff member responsible for its contents The e-list should then be sent to the Head of Governance After sending the e-list the department should communicate the Head of Governance to discuss where the boxes are to be located in the interim within Charter House. Boxes will then be bar coded and logged against a database before being transported by Iron Mountain to an off-site storage location. Retrieval Contact the Head of Governance if you wish for a box to be retrieved from off-site archives. Destruction Please refer to the records retention and disposal list at the end of this policy for guidance. If you are unsure about disposal and retention dates please contact the Head of Governance. Page 15 of 37

16 Sample label for archive boxes Dept: (enter in your dept.name here) NAME/TITLE OF DOCUMENTS YOU ARE ARCHIVING BOX 1 / (enter total no. of boxes here) Containing details of (enter general description): 1) 2) 3) STORE DATE: (enter month here) 2013 DESTRUCTION DATE: (enter month & year here) Owner: (enter address here) Archived by: (enter your name here) Account Details: (enter Cost Code + Account Code here if applicable) Page 16 of 37

17 Appendix 3: Retention and Disposal Schedule Retention and Disposal Schedule (following DoH guidance /1; /2 Records Management: NHD code of practice (2006 ) which replace HSC 1999/053; HSC 1998/217; HSC 1998/153) Records Type / Subtype Retention period Notes Administrative (corporate and organisation) See Information Governance guidance Accident Forms 10 years See also Litigation dossiers Accident register (RIDDOR) 8 years See also Incident forms Advance letters Agendas of board meetings, committees, subcommittees (master copies, including associated papers) Agendas (other) Assembly/Parliamentary questions, MP enquiries Business plans, including Local Delivery Plans Catering forms Closed circuit TV images Complaints - correspondence, investigation and outcomes - returns made to DH Copyright declaration forms Diaries office Exposure monitoring records Flexi working hours (personal record of hours actually worked) Freedom of Information requests GMS1 forms (registration with GP) Health and Safety documentation History of organisation or predecessors, its organisation and procedures Hospital (Trust) services Incident forms Indices (records management) Registry lists of public records marked for permanent preservation, or containing the record of management of public records File lists and documents lists where public records or their management are not covered Library registration forms Litigation dossiers (complaints including accident/incident reports) Records/documents relating to any form of litigation Manuals policy and procedure (administrative and clinical, strategy documents) 6 years 30 years 2 years 10 years 20 years 6 years 31 days -10 years from completion of action - Files closed annually and kept for 6 years following closure 1 year after employee leaves service 1 year after the calendar year to which they refer 5 years from the date the record was made 6 months 3 years after full disclosure: 10 years if information is redacted or the information requested is not disclosed 3 years 3 years 30 years 10 years 8 years 30 years 2 years after registration 10 years Where a legal action has commenced, keep as advised by legal representatives 10 years after the life of the system (or superseded) to which the policies or procedures refer Page 17 of 37 See also Litigation dossiers Control of Substances Hazardous to Health Regulations 2002 (reg. 10 (5)) Policy documents may have archival value

18 Records Type / Subtype Retention period Notes Maps Meetings and minutes papers of major committees and subcommittees (master copies) Meetings and minutes papers (other, including reference copies of major committees) Mortgage documents (acquisition, transfer and disposal) Nominal rolls Papers of minor or short-lived importance not covered elsewhere, e.g.: advertising matter covering letters reminders letters making appointments anonymous or unintelligible letters drafts duplicates of documents known to be preserved elsewhere (unless they have important minutes on them) indices and registers compiled for temporary purposes routine reports punched cards - other documents that have ceased to be of value on settlement of the matter involved Service user information leaflets Service users property books / registers (property handed in for safe-keeping) Poorly performing doctors Press cuttings Project files (over 100,000) on termination, including abandoned or deferred projects Project files (less than 100,000) on termination Project team files summary retained Quality assurance records (e.g. Healthcare Commission, Audit Commission, King s Fund Organisational Audit, Investors in People) Receipts for registered and recorded mail Records documenting the archiving, transfer to public records archive or destruction of records Records of custody and transfer of keys Reports (major) Requests for access to records, other than FOI or subject access requests Requisitions Lifetime of the organisation 30 years The main copy is held by the person who organises the meeting and is responsible for archiving them. 2 years 6 years after repayment 6 years (maximum) 2 years after the settlement of the matter to which they relate Lifetime of the organisation 6 years after the end of the financial year in which the property was disposed of, or 6 years after the register was closed 10 yrs 1 year 6 years 2 years 3 years 12 years 2 years following the end of the financial year to which they relate 30 years 2 years after last entry 30 years 6 years after last action 18 months Research ethics committee records 30 years from date of decision Page 18 of 37

19 Records Type / Subtype Retention period Notes Serious incident files Specifications (e.g. equipment, services) Statistics Subject access requests (DPA and AHR) record of requests Surgical appliances forms AP1, 2, 3 & 4 Time sheets Estates/Engineering Building and engineering works, including major projects abandoned or deferred key records (e.g. final accounts, surveys, site plans, bills of quantities) Buildings and engineering works, including major projects abandoned or deferred town and country planning matters and all formal contract documents (e.g. executed agreements, conditions of contract, specifications, as built record drawings, documents on the appointment and conditions of engagement of private buildings and engineering consultants) Buildings papers relating to the occupation of the building (but not H&S information) Deeds of title Drawings plans and buildings (architect signed, not copies) Engineering works plans and building records Equipment records of non-fixed equipment, including specification, test records, maintenance records and logs Inspection reports (e.g. boilers, lifts) Inventories of furniture, medical and surgical equipment not held on store charge and with a minimum life of 5 years Inventories of plant and permanent or fixed equipment Land surveys / registers Leases the grant of leases, licences and other rights over property Maintenance contracts (routine) Manuals (operating) Medical device alerts 30 years 6 years 3 years from date of submission 3 years after last action 2 years from completion of audit 6 months 30 years 30 years 3 years after occupation ceases Construction Design Management Regulations (1994) Retain while the organisation has ownership of the building unless a Land Registry certificate has been issued, in which case the deeds should be placed in an archive If there is no Land Registry certificate, the deeds should pass on with the sale of the building. Lifetime of the building to which they relate Lifetime of the building to which they relate 11 years Consumer Protection Act 1987 Lifetime of installation If there is any measurable risk of a liability in respect of installations beyond their operational lives, retain records indefinitely 30 years after date of inventory 5 years after date of inventory 30 years Period of the lease plus 12 years Limitation Act years from end of contract Lifetime of equipment Retain until updated or withdrawn (check MHRA website) Photographs of buildings 30 years Plans building (as built) Lifetime of building May have historical value Page 19 of 37

20 Records Type / Subtype Retention period Notes Plans building (detailed) Lifetime of building May have historical value Plans engineering Lifetime of building Property acquisitions dossiers 30 years Radioactive waste 30 years Radioactive Substances Act 1993 Site files Lifetime of site Structure plans (organisational charts) Lifetime of building Surveys building and engineering works Lifetime of building or installation Financial Accounts annual (final one set only) 30 years Accounts minor records (pass books, paying-in slips, cheque counterfoils, cancelled/discharged cheques, accounts of petty cash expenditure, travel and subsistence accounts, minor vouchers, duplicate receipt book, income records, laundry lists and receipts) 2 years from completion of audit Accounts - working papers Advice notes (payment) Audit records original documents Audit reports external (including management letters, value for money reports and system/final accounts memoranda) Bank statements BACS records Benefactions (records of) Bills, receipts and cleared cheques Budgets (including working papers, reports, varmints and journals) Capital charges data Capital paid invoices (see Invoices) Cash books 3 years from completion of audit 18 months 2 years from completion of audit 2 years after formal completion by statutory auditor 2 years from completion of audit 6 years after year end 5 years after end of financial year in which trust monies have become finally spent or the gift in kind is accepted. In cases where Benefaction Endowment Trust fund/capital/interest remains permanent, records should be permanently retained. 6 years 2 years from completion of audit 2 years from completion of audit 6 years after end of financial year to which they relate Limitation Act 1980 Cash sheets Contracts financial Contracts non-sealed (property) on termination 6 years after end financial year to which they relate Approval files 15 years Approved suppliers lists 11 years 6 years after termination of contract Limitation Act 1980 Limitation Act 1980 Contracts non-sealed (other) on termination Contracts sealed (and associated records) 6 years after termination of contract Limitation Act 1980 Minimum of 15 years, after which they should be reviewed Page 20 of 37

21 Records Type / Subtype Retention period Notes Contractual arrangements with hospitals or other bodies outside the NHS, including papers relating to financial settlements made under the contract (e.g. waiting list initiative, private finance initiative) Cost accounts Creditor payments Debtors records cleared Debtors records uncleared Demand notes Estimates including supporting calculations and statistics Excess fares Expense claims Fraud case files/investigations Fraud national proactive exercises Funding data General Medical Services payments Invoices Ledgers including cash books, ledgers, income and expenditure journals, nominal rolls, non-exchequer funds records (service user monies) 6 years after end of financial year to which they relate 3 years after end of financial year to which they relate 3 years after end of financial year to which they relate 2 years from completion of audit 6 years from completion of audit 6 years after end of financial year to which they relate 3 years after end of financial year to which they relate 2 years after the end of the financial year to which they relate 5 years after end of financial year to which they relate 6 years plus the length of sentence served on the perpetrator. 3 years 6 years after end of financial year to which they relate 6 years after year end 6 years after end of financial year to which they relate 6 years after end of financial year to which they relate Limitation Act 1980 Limitation Act 1980 Non-Exchequer funds records 30 years Although technically exempt from the Public Records Act, it would be appropriate for authorities to treat these records as if they were not exempt PAYE records Payments Payroll (i.e. list of staff in the pay of the organisation) Positive predictor value performance indicators Private Finance Initiative Receipts Salaries (Wages) Superannuation accounts Superannuation forms SD55 (ADP) and SD55J (NHS Pension Scheme copies) Superannuation registers Tax forms Transport (staff pool car documentation) Trust documents without permanent relevance / not otherwise mentioned 6 years after termination of employment 6 years after year end 6 years after termination of employment 3 years 30 years 6 years after end of financial year to which they relate 10 years after termination of employment 10 years 10 years (original to NHS Pensions Agency) 10 years 6 years 3 years unless litigation ensues 6 years Page 21 of 37 Limitation Act 1980

22 Records Type / Subtype Retention period Notes Trusts administered by PCT (terms of) VAT records Wages (salaries) IM & T Documentation relating to computer programmes written in-house Software licences 30 years 6 years after end of financial year to which they relate 10 years after termination of employment Lifetime of software Lifetime of software Chaplaincy records 2 years May have archival value Family Health Service Appeals Authority tribunal and case files Case files 10 years Research and development (organisation) Decision records until individual s 80 th birthday 30 years Personnel / Human resources Consultants (records relating to the recruitment of) CVs for non-executive directors (successful applicants) CVs for non-executive directors (unsuccessful applicants) Duty rosters Industrial relations (not routine staff matters), including industrial tribunals Job adverts Job applications (successful) Job applications (unsuccessful) Job descriptions Leavers dossiers Letters of appointment Nurse training records Personnel/human resources records (e.g. personal files, letters of appointment, contracts, references and related correspondence, registration authority forms, training records, equal opportunity monitoring forms (if retained)) Personnel/human resources records minor (e.g. attendance books, annual leave records, duty rosters, clock cards, timesheets) Staff car parking permits Study leave applications Timesheets Training plans Purchasing / Supplies 5 years NHS (Appointment of Consultants) Regulations, good practice guidelines, page 11, para years following term of office 2 years 4 years 10 years 1 year 3 years following termination of employment 1 year 3 years 6 years after individual has left. Summary to be retained for 30 years or until individual s 70 th birthday, whichever is later 6 years after employment has terminated or until 70 th birthday, whichever is later 30 years 6 years after individual leaves service, at which time a summary of the file must be kept until the individuals 70 th birthday 2 years 3 years 5 years 6 months 2 years Page 22 of 37

23 Records Type / Subtype Retention period Notes Approval plans (contracts) 6 years after end of the year the contract expired Approved suppliers lists 11 years Consumer Protection Act 1987 Delivery notes 2 years after the financial year to which they relate Products (liability) 11 years Consumer Protection Act 1987 Stock control reports 18 months Stores records major (e.g. stores ledgers) Stores records minor (e.g. requisitions, issue notes, transfer vouchers, goods received books) Supplies records minor (e.g. invitations to tender and inadmissible tenders, routine papers relating to catering and demands for furniture, equipment, stationery and other supplies) 6 years 18 months 18 months Tenders (successful) Tender period plus 6 year limitation Limitation Act 1980 period Tenders (unsuccessful) 6 years Limitation Act 1980 Health care records includes paper format, microfilm/microfiche Adult records Asylum seekers and refugees (NHS personal health record service user-held record) Family planning 10 years after closure of case Special NHS record service user held no requirement on NHS to retain Destroy under confidential conditions Body release forms 2 years Destroy under confidential conditions Death Registers in paper format Death registers are likely to have archival value. Children s records includes Child protection register, child and family guidance, cancer care, care records, dietetic records, family planning records, immunisation and vaccination records and dental records, occupational therapy records, physiotherapy records, podiatry records, speech and language therapy, x-ray reports, video recordings Retain until the service user s 25 th birthday or 26 th if young person was 17 at conclusion of treatment, or 8 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period Destroy under confidential conditions Clinical Audit records 5 years Destroy under confidential conditions Clinical Psychology 30 years Clinical trials of investigational medicinal products health records of participants are the source data for the trial European Commission Directive 2005/28/EC Trials to be included in regulatory submissions At least 2 years after the last approval of a marketing application in the EU Trials which are not to be to be used in regulatory submissions 5 years after the completion of the trial. The sponsor needs to indicate when the files need to be kept for longer European Commission Directive 2001/20/EC The Medicines for Human Use (Clinical Trials) Regulations 2004 Controlled Drug Registers, Order Books and Pharmacy records 2 years Destroy under confidential conditions Dental epidemiological surveys 30 years Destroy under confidential conditions Dental, ophthalmic and auditory screening records 11 years for adults Destroy under confidential conditions Page 23 of 37

24 Diaries Records Type / Subtype Retention period Notes Genetic records GP records including medical records relating to HM Armed Forces or those serving a period of imprisonment Health records for adults (including cancer care) who have not had a child, mentally disordered or mentioned elsewhere in this schedule. Includes physiotherapy, occupational therapy, podiatry, speech and language therapy, x-rays, video recordings Homicide or serious untoward incident 2 years Information documented in the diary should be transferred to clinical documentation within 2 clinical working days. Otherwise follow the archiving schedule for children, mental health, adults etc. 30 years from the date of last attendance Maternity records 25 years after last live birth Children and young people until 25 th Birthday or 26 th Birthday if an entry was made when the young person was 17 or 10 years after the service user s death if sooner Mental Health Service users complete records for first 20 years but records may then be summarised for an additional 10 year period. Ministry of Defence retains copy of records relating to service medical history. GPs should receive summary records. GP records of serving military personnel that were in existence prior to them enlisting. Retain records for 10 years after the service user s death. Records relating to those serving a prison sentence not to be destroyed records of serving prisoners that were ion existence prior to their imprisonment. Retain records for 10 years after service user s death All other service users 10 years after their death or after the service user has permanently left the country unless the person remains in an EU country 8 years after conclusion of treatment or death Destroy under confidential conditions Destroy under confidential conditions Destroy under confidential conditions 30 years Destroy under confidential conditions records Hospital acquired infection records 6 years Destroy under confidential conditions Maternity records relating to this speciality 25 years Destroy under confidential conditions Medicine waste (special waste consignment notes) Mentally disordered persons - Health records, physiotherapy records, occupational therapy records, podiatry records, speech and language therapy, x- ray reports and video recordings 3 years Retain 20 years after the last entry in the record or eight years after the service user s death if service user died while in the care of the organisation Destroy under confidential conditions Page 24 of 37

25 Records Type / Subtype Retention period Notes Notifiable disease book 6 years Destroy under Occupational Health records (Staff) Out of hours records (GP cover) including video, DVD and tape recordings Out service user lists, paper format Pharmacy - Unlicensed medicines dispensing record Pharmacy prescriptions Pharmacy QC documentation, certificates of analysis Refrigerator temperature Psychology records Records/documents related to any litigation Records of destruction of individual health records and other health -related records contained in this retention schedule (electronic or paper format) Research records except clinical trials of medicines Suicide notes of service users having committed suicide 6 years 50 years for staff under medical surveillance 40 years for staff exposed, requiring surveillance under COSH regulations If only record 3 years, if placed on other records retain accordingly to speciality 2 years 5 years confidential conditions 2 years (Chemotherapy 2 years after last treatment) 5 years or 1 year after expiry of batch (whichever is longer) 1 year 30 years As advised by the organisation s legal advisor. All records to be reviewed. Normal review 10 years after the file is closed Permanently BS ISO (section9.10) 30 years 10 years Page 25 of 37