Management of Audio-visual Records Policy

F Management of Audio-visual Records Policy Please be aware that this printed version of the Policy may NOT be the latest version. Staff are reminded that they should always refer to the Intranet for the latest version. Purpose of Agreement Document Type Reference Number This policy is concerned with the storage and retention of audio-visual records created within Solent NHS Trust. The policy addresses both audio-visual records management for the purpose of Clinical and Corporate benefit. This policy is not a standalone policy and should be read in conjunction with the Records Management & Lifecycle Policy. x Policy SOP Guideline Solent NHST/Policy/IG/06 Version 3 Name of Approving Committees/Groups Operational Date November 2013 Document Review Date November 2016 Information Asset Owners Forum Information Asset Custodian Forum Information Governance Steering Sub Committee NHSLA Policy Steering Group Document Sponsor (Name & Job Title) Document Manager (Name & Job Title) Document developed in consultation with Intranet Location Website Location Keywords (for website/intranet uploading) Judy Hillier Nursing & Quality Director & Caldicott Guardian Shelley Brown, Information Governance Lead Information Asset Owners Forum Information Asset Custodian Forum Information Governance Steering Sub Committee Policies and Procedures Solent Policies and Procedures Publication Scheme Records; Records Management; Corporate Records; Clinical Records; Electronic Records; Consent - 1 -

Amendments Summary: Amend No Issued Page Subject Action Date 1 Feb 2012 Logo & Organisation Name Feb 12 change 2 Sponsor Name Change Feb 12 3 Sponsor Name Change Aug 13 Review Log Include details of when the document was last reviewed: Version Number Review Date Name of Reviewer Ratification Process Prior to October 2010 2 March Sadie IGSsC 2013 Bell NHSLA PSG 3 August 2013 Notes Refer to; NHS Southampton City s Management of Audio-visual Policy General review of Policy in line with renewal date S. Brown Policy Steering Group Scope-This policy forms Part of the Management Framework Strategy in relation to Information Governance. - 2 -

Contents 1 Introduction & Purpose... 4 2 Scope & Definitions... 4 3 Records Management Standards... 4 4 Texting... 5 5 Social Networking Sites... 5 6 Skype and Microsoft Office Communicator... 6 7 Clinical Recordings... 6 8 Corporate and Other Organisation Recordings... 7 9 Consent... 9 10 Register and Process of Recordings... 11 11 Storage... 12 12 Retention and Destruction... 12 13 NHS Care Records Guarantee... 14 14 Roles and Responsibilities... 14 15 Failure to Comply with the Policy... 16 16 Training... 16 17 Equality & Diversity and Mental Capacity Act... 17 18 Success Criteria/Monitoring the Effectiveness of the Policy:... 17 19 Review... 17 20 Contact Details... 18 21 Reference and Links to Other Documents... 18 Appendix A Adult Consent for Audio-visual Recordings... 20 Appendix B Audio-visual Consent for Audio-visual Recordings... 22 Appendix C Carers consent for adults who do not have capacity to consent for audio-visual recordings... 24 Appendix D Children s Consent for Audio-visual Recordings... 26 Appendix E Consent form for Photography of Aphasia Patients... 28 Appendix G Consent form for Photography of Adults for Media Publications... 31 Appendix H Consent form for Photography of Children for Media Publications... 33 Appendix I Consent form for Photography/Filming by a Third Party Media Publication... 35 Appendix J Equality Statement... 36-3 -

1 Introduction & Purpose 1.1 This policy is concerned with the management of audio-visual records created within Solent NHS Trust. This includes cinematograph film, digital images, video recordings, and other moving image carriers, and sound recordings produced in Solent NHS Trust. Sound recordings may come in the form of discs, tapes or compact discs. The policy addresses both audio-visual records management for the purpose of Clinical and Corporate benefit. 2 Scope & Definitions 2.1 This document applies to all directly and indirectly employed staff within Solent NHS Trust and other persons working within the organisation in line with the Solent NHS Trust Equality statement. This document is also to be followed by all Independent Contractors working on behalf of Solent NHS Trust. This policy forms Part of the Management Framework Strategy in relation to Information Governance. 2.2 This policy applies to the management of all audio-visual records that originate in Solent NHS Trust. 2.3 This policy is not intended for retrospective application to existing notes. 2.4 The policy does not cover recordings used for research purposes. These must be individually assessed within the Research Governance Framework for Health and Social Care document: http://www.dh.gov.uk/en/publicationsandstatistics/publications/publicationspo licyandguidance/dh_4108962 All requests for research must go via Solent NHS Trust s Research Manager and will be assessed by the Information Governance Team in terms of compliance with the Data Protection Act 1998. Staff can also contact Solent NHS Trust s Research Manager for information on research and use of audio-visual recordings. 2.5 Definitions CCTV CoP CRDB CRG IAO PID SIRO Closed Circuit Television Code of Practice Care Record Development Board Care Record Guarantee Information Asset Owner Personally Identifiable Data Senior Information Risk Officer 3 Records Management Standards 3.1 All staff that may create or use an audio-visual record are to be aware of and follow the Records Management NHS Code of Practice (CoP) that has been adopted by Solent NHS Trust in relation to the Retention and Disposal of all - 4 -

Records. In particular staff need to be aware of the differing retention periods that exist. 4 Texting Some services need to contact service users by text and it is sometimes necessary for staff to send PID by text message. 4.1 Before sending a text message within a service, advice should be sought from the Head of Information Governance IAO, Caldicott Guardian or Senior Information Risk Owner (SIRO) who will be able to offer guidance. Also consult the NHS Information Governance: Information Risk Management Guidance: Short Message Service (SMS) & Texting http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/whatsnew /shortmessageservice.pdf 4.2 Always ensure the service user is aware of the risks associated with communicating in this way (please refer to the Information Security Policy) and that their consent has been agreed and documented as part of the service user s clinical care record. 4.3 NHSMail is the preferred method of sending text messages as it allows for an electronic record to be maintained of the outgoing text message, which must be printed and filed within the service user s record. 4.4 The content of the message must always be generic and non-specific (in case the message is intercepted, minimising the risk), for example a Contraception & Sexual Health appointment reminder may say; This is a reminder; your appointment is scheduled for Tues March 3 rd at 3pm. Do not reply to this text message. 4.5 Mobile phone texting: a written record of the content of the text message, sent and received, should be made in the service user s health record. 4.6 At the end of your message you should always include a do not reply to this message statement (unless the service has a specific agreement with the client). 5 Social Networking Sites Staff/services should not use Social Networking sites to discuss staff, patients or be used a clinical decision making tool. Staff should also ensure that when using such sites they do not bring the Trust into disrepute. However the Trust recognises that Social Networking sites can be used as a good media tool for services to promote themselves. If a service wishes to use Social networking sites for this purpose they must first consulate and - 5 -

seek approval from the Marketing and Communication Team communications@solent.nhs.uk. 6 Skype, Microsoft Office Communicator and Video Conferencing The use of Skype, Microsoft Office Communicator and Video Conferencing are become more popular as a tool to discuss both Corporate and Clinical topics and make decisions. These types of tools should only be used where there is no other alternative method available and if used staff should be aware of their surroundings, as they would do when discussing confidential, sensitive or personally identifiable data in person, to ensure that the person/people they are talking too should be entitled to this information. A risk assessment and approval should be sought prior to such tools being used. Where possible personally identifiable data should not be disclosed when using these tools, but such things a unique identifiers should be used. If a Corporate or Clinical decision is made as a result of using these tools then a formal note must be made in the main record e.g. patient record, minutes of meeting, etc 7 Clinical Recordings 7.1 Audio-visual recordings made for clinical purposes must form part of the patient s record. This includes, but is not limited to the use of Blackberries and other devises used for taking clinical images or videos. 7.2 Audio-visual records must not be stored on any portable media, even if encrypted. They must be downloaded immediately (where possible, or as soon as the member of staff is back at their base), onto a secure and restricted network drive and stored in a folder (or system record, if using an electronic patient system e.g. RiO and System One) that is specific to the patient s (if recorded for educational purposes please refer to Section 8 Corporate and Other Organisational Recordings) and deleted straight afterwards. For further information on saving electronic clinical records please refer to the Records Management & Information Lifecycle Policy. 7.3 The use of audio-visual records must be used appropriately and only for the purpose intended. 7.4 Basic principles as outlined by the General Medical Council exist. These guidelines are explained in more detail within this protocol. Seek permission to make the recording and get consent for any use or disclosure. Give patients adequate information about the purpose of the recording when seeking their permission. Ensure that patients are under no pressure to give their permission for the recording to be made. - 6 -

Stop the recording if the patient asks you to, or if it is having an adverse effect on the consultation or treatment. Do not participate in any recording made against a patient's wishes. Ensure that the recording does not compromise patients' privacy and dignity. Do not use recordings for purposes outside the scope of the original consent for use, without obtaining further consent. Make appropriate secure arrangements for storage of recordings. 7.5 Consent is necessary in order to comply with the first and second principles of the Data Protection Act 1998. The first principle states that Personal data shall be processed fairly and lawfully therefore the data subject (patient) should know who the data controller is (defined as a person who either alone or jointly or in common with other persons determines the purposes for which and the manner in which any personal data about an individual are, or are to be, processed), why the data is being processed and other necessary information, such as the likely consequences of the processing. Individuals must not be deceived or misled as to why the data is needed. 7.6 The second Data Protection Principle, Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Data controllers and data users (staff) must not collect and use data unless there is a specific and valid reason for doing so. The data subject (patient) must be told what the information will be used for. Personal data collected for one reason must not be used for any other unrelated purpose. 7.7 Each data subject must be asked to sign a consent form which specifies the circumstances, access to and use of a recording. The person who explains this should also sign the form (the data controller). The recording should not be used for any other purpose than that which is stated on the form. The consent form must be held on the patient s health records. 7.8 The Mental Capacity Act 2005 must also be observed and complied with particularly with regard to vulnerable adults. 8 Corporate and Other Organisation Recordings 8.1 For the purpose of this policy corporate and other organisational recordings include all records that are not health records, e.g. this could be Human Resource records, Educational records, Finance records, Estates records, Media records etc. 8.2 Audio-visual records must not be stored on any portable media, even if encrypted. They must be downloaded immediately onto a networked drive (if the information is of a sensitive, confidential and/or personally identifiable nature then this MUST be a restricted drive) and stored in a folder relevant to the record it applies to and deleted straight afterwards. For further information on saving electronic corporate records please refer to the Records Management & Information Lifecycle Policy. - 7 -

8.3 Audio-visual records must be used appropriately and only for the purpose specified/intended. 8.4 Videoconferencing - There may be occasions when videoconferencing is used with/by staff. In these circumstances the following should be implemented: The Data Protection Act 1998 requires that patients/staff be informed, in general terms, how their information may be used and who will have access to it. The responsible person must therefore ensure that all participants are aware of this and where appropriate consent is obtained. Ensure that the media (disc/tape etc) is registered appropriately and it is stored appropriately. Ensure that a decision is made as to the record type and any review period (refer to Retention Schedules in Retention and Disposal Policy). 8.5 Closed Circuit Television (CCTV) - Any implementation of CCTV must be approved by Facilities Management Services. Facilities Management must implement the use of CCTV in line the guidance from the Information Commissioner CCTV Systems and the Data Protection Act 1998 (2004) and the CCTV Code of Practice. The organisation reserves the right to use any recordings undertaken, for the management activities within the organisation. Consequently CCTV footage and other recordings may be used by the organisation as evidence for disciplinary and other purposes in accordance with its published policies. Further information and advice should be sought from the Information Commissioners CCTV code of practice, prior to releasing any CCTV images: http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/cctv.asp x 8.6 Text messaging the use of text messages within the organisation must adhere to the guidance within the organisation s Information Security Policy. If any text messages are transmitted from/to staff then the staff must assess whether the text is worthy of preservation and it fits into an appropriate record type category within the Records Management NHS Code of Practice and therefore whether the content must be transcribed to a permanent format. 8.7 Answer phones Where possible answer phone volumes should be turned down low or appropriate VOIP phones installed. Messages must be assessed as to whether they are worthy of preservation and if they are of an appropriate record type category within the Records Management NHS Code of Practice thus transcribing the content to a permanent format. 8.8 Media publications Photography consent - 8 -

Under the Data protection Act of 1998 the organisation must be careful to ensure that they gain consent from adults and children when using photographs or videos where people are clearly identifiable. This includes photographs used for all publicity purposes including the Internet and Intranet. It is important when taking a photograph that you ask the permission of the person who will appear before taking the shot. You must also make clear what the photograph will be used for and where it may appear. If you are taking a photograph of a large crowd this is regarded as a public area so you do not need to get the permission of everyone in the crowd shot. If you intend using images from an agency it is the agency s responsibility to get permission from all those appearing in the image. However, you must ensure that the agency has obtained these consents before you use the image so as not to infringe copyright. Old photographs You may already have photographs on file. If so, you will need to use them with caution. For example don t use a picture of an untraceable older or ill person. Old photographs of children also need to be avoided as the child may be an adult now and may not have wished for their photo to be used. Commissioning photographs If you are commissioning a photographer you need to agree with them that they will use the organisation s consent form or have their own written way of gaining consent. Taking photographs of staff You will need to ensure that you also receive consent from members of staff taking part in a photograph. This must even be carried out for a one off photo and all photographs are to be put in the organisation s photo library (held by the Communications Team). Press photography If you are inviting the press to take photographs you should inform the Communications Team of this and make sure that every-one in the photograph is aware that this is happening and where the photo will appear. Once the photographs have been taken they are the property of that media organisation and not the organisation. Therefore any objections to this will need to be made to them and not the organisation. If you have any concerns or queries regarding any of this guidance, please contact the Communications Team or the Information Governance Team. 9 Consent - 9 -

It is important to ensure you obtain consent at all times. If you do not and the person makes a complaint to the Information Commissioner the Trust may be prosecuted and damages may be awarded to the person in the photograph. Photographs of Children Young people aged 16 and 17 are presumed to have the competence to give consent for themselves. Younger children who understand fully what is involved in the proposed procedure can also give consent (although their parents will ideally be involved). If a parent does disagree with the decision, then a joint decision by the child and parent should be sought prior to taking the audio-visual record. If both parents disagree over whether consent should be given, then you must not take the photograph. If both the parents agree the photograph can be taken but the child disagrees then you should not take the photograph. Length of consent Clinical Records: when obtaining consent to use audio-visual records for the purpose of clinical care the length of consent should reflect the length of the clinical records retention schedule. Some examples of clinical consent forms are held in Appendices A-E. Please note that services are not limited to the use of these forms, alternative consent forms can be used, as long as they follow the mandated requirements outlined in this policy. Consent form Adults consent for audio-visual recordings Parental consent for audio-visual recordings Carers consent for adults who do not have the capacity to consent for audio-visual recordings Children s consent for audio-visual recordings Consent form for photography of Aphasia Patients Appendices A B C D E Corporate Records: The consent for each photograph lasts for 6 months, 1 year or 2 years from the date on the consent form (optional on the relevant form). After the period you either need to re-apply to the person in the image for another period of consent or destroy the image. Some examples of corporate consent forms are held in Appendices F-I. Please note that services are not limited to the use of these forms, alternative consent forms can be used, as long as they follow the mandated requirements outlined in this policy. Consent form Generic consent for use of recordings to be used Appendices F - 10 -

for the training or assessment of healthcare professionals, audit, or medico-legal reasons Consent form for photography of adults for the purpose of media communications Consent form for photography of children for the purpose of media communications Consent form for Photography/Filming by a Third Party Media Publication G H I If any photographs are taken for both corporate and clinical reasons, a copy must be kept for each type of record and comply with the relevant records retention periods, as stated above. 10 Register and Process of Recordings 10.1 A register of audio-visual records must be maintained close to the storage area (e.g. within the record) which must contain the following details: Action Recording number Type of recording Date and time of recording Name of the patient (if applicable) Agreed purpose of recording Name of "responsible person" Date recording to be reviewed Permission for recording to be borrowed. Date of withdrawal of consent Process There must be one recording number per recording session. Every recording should be given a number which should be securely placed on the spine of the video/tape or image. The two numbers must be the same as each other. Audio/Video/Photographic This must be stipulated in the register Also state if any other people were recorded, and their role. This must be consistent with the consent form where applicable This should be the data controller, e.g. named nurse/gp/chair person For destruction or alternative disposal. This should be consistent with the Medical Records NHS Code of Practice. Detail who the recording is being lent to (this should include all relevant detail to provide an audit trail). Signature of "responsible person". The recording must not go outside the organisation without consent from the patient (Information Asset Owner if corporate) and a risk assessment regarding the secure transportation of the document should be undertaken to ensure additionally that appropriate security measures of the receiving organisation/agreement to Information Sharing Protocol/Schedule For training or assessment of healthcare professionals, audit or medico-legal - 11 -

reasons recordings only. 10.2 The register should be stored on a restricted drive e.g. R.Drive or T.Drive in compliance with the above format or where a restricted drive is not available, should be in the form of a standard Stationery Office book (not loose leaved) ruled with column heads as stated in the table above. The book should be kept in a secure place with the recording equipment and the responsible person" should ensure that each recording is entered. 10.3 Each recording s package should be numbered, have on it the name of "responsible person" and the words; This recording may not be played or reproduced without permission. 10.4 Never record different patients on the same media (tape/disc). Each patient must have their own media. 10.5 Staff must not use the recording equipment without training. Training is available through ICT. 10.6 If a subject access request is made for personal information, always check the content of the tape, using the Access to Records Policy for guidance as access may be restricted. 10.7 Depending on the type of media recording the data held should be encrypted prior to being securely transported in compliance with the Information Security Policy. 11 Storage 11.1 One or more persons nominated by the service manager/information Asset Owner will be responsible for the registration and safe custody of the recordings; this will usually be the Information Asset Custodian. In the case of managers this will usually be the Personal Assistant. In clinical areas it will fall under Senior Administrators. 11.2 All recordings which hold Personal Identifiable Data (PID) must be kept either in a locked filing cabinet, or if held electronically within an approved system, or within a secure folder so that access is limited to only those who need to know. The electronic information must also be backed up onto a file server. Services should contact ICT Services if they are unsure how to do this. 11.3 In general the material should be kept free of any deposits (dust, fingerprints, stains, etc), kept free of any pressure that might cause deformations (warping, stretching, shock, etc). Avoid extreme temperature conditions and damp. 12 Retention and Destruction 12.1 It is a fundamental requirement that all records are retained for a minimum period of time for legal, operational, research and safety reasons. - 12 -

12.2 All staff that may create or add entries to records must to be aware of and follow the NHS Medical Records Code of Practice (CoP) (http://solent/pages/default.aspx) that has been adopted by Solent NHS Trust in relation to the Retention and Disposal of all Records. In particular staff need to be aware of the differing retention periods that exist e.g. patients involved with clinical trials will need to have their records kept for a longer period of time. 12.3 It is important to ensure that films and videos are not destroyed or wiped before review can take place. Films and videos should be reviewed within five years of creation. 12.4 All information must be erased from the tapes prior to disposal. The Information Governance Team can assist with the secure destruction of electronic media (e.g. video tapes, compact discs, digital images). Alternatively refer to the Approved Code of Practice for the Destruction of Confidential Waste. 12.5 All clinical digital images should be maintained electronically as this will assist if a patient wishes to make a subject access request. A copy of the digital image can be placed in the manual records folder, or as a minimum, a reference to where the image is stored and its contents. 12.6 The retention periods will vary according to the content of the record. The responsible person must check the Medical Records NHS Code of Practice. However, listed below are some retention periods for health records only. At the end of the retention period the record must be reviewed to ascertain whether destruction is required, or whether the record needs to be disposed of (perhaps transferred to another media), or kept for permanent preservation. The date of retention is taken from the end of the financial year or calendar year, whichever the service is currently using with its manual records. Record Type Children & young people s health records Patient Records - Adult Mentally disordered persons (Under Mental Health Act 1983) Patients involved in clinical trials Retention Period Until child s 25th birthday or 26th if person was 17 at conclusion of treatment or 8 years after death if death occurred before 18th birthday. 8 years after conclusion of treatment 20 years after no further treatment considered necessary; or 8 years after patient s death if still receiving treatment.(social services retain for longer and where there is a joint mental Health and social care team, the higher of the two retention schedules should be adopted. 15 years after conclusion of treatment - 13 -

12.7 Other corporate or business records should be assessed against the Retention Schedules within the Medical Records NHS Code of Practice to ascertain what record type they are categorised as. The suggested minimum retention period is listed and a review of the record should take place at this point. It may be that a review of the record should take place sooner to the suggested retention period. The risk of recording on Medias is that they can become out of date and incompatible with reading equipment e.g. microfiche/video. The service area must monitor relevant developments. 12.8 Where future records are developed that is not defined within the constraints of this guidance a supplementary organisational retention schedule will be developed. 12.9 To ensure that legal and statutory requirements are met, with regards to the retention periods of records, the Information Governance Team should be notified of any new types of records that do not appear on the Records Management: NHS Code of Practice, so that a lifecycle for the record is determined at the point of creation. 12.10 Destroying or Retaining Records Outside of Retention Period Where a service feels that there is a need to retain a record longer then its retention period or destroy a record prior to a retention period e.g. destroying a video of a group clinical session after a year, then this must be approved by the Information Governance Steering Group and a copy of this retained in the services Local Record Procedure and Corporate/Clinical Record Inventory. A proforma to be completed for approval can be found http://solent/corp/igov/default.aspx. 13 NHS Care Records Guarantee The NHS Care Records Guarantee (CRG) sets out the rules that will govern information held in the NHS Care Records Service when it goes live. This will form an important part of the public information campaign about NHS Care Records. The NHS Care Record Guarantee has been drawn up by the Care Record Development Board (CRDB) and it is reviewed at least every twelve months as the NHS Care Records Service develops. The Guarantee covers people's access to their own records, controls on others' access, how access will be monitored and policed, options people have to further limit access, access in an emergency, and what happens when someone cannot make decisions for themselves. Refer to http://www.nigb.nhs.uk/pubs/nhscrg.pdf 14 Roles and Responsibilities 14.1 The responsibility for local records management is devolved to the relevant Directors, Heads of departments/information Asset Owners, Service managers, and Information Asset Custodians (Information Asset Custodians are the local records managers). They are responsible for examining the records of their service area to determine the compliance of the standards contained within this document to ensure that a co-ordinated approach to the management of the record is maintained. - 14 -

14.2 Chief Executive The Chief Executive has overall responsibility for records management in the Organisation. An accountable officer is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Key records management will ensure appropriate, accurate information is available as required. The Chief Executive has a particular responsibility for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements. 14.3 Caldicott Guardian and Senior Information Risk Officers (SIRO) The Organisation s Caldicott Guardian and SIRO have a particular responsibility for reflecting patients interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner. 14.4 Information Asset Owners The Information Asset Owner (IAO) is a senior member of staff who is the owner for one or more identified information assets of the organisation. There are several IAOs within the organisation, whose departmental roles may differ. IAOs will work closely with other IAOs of the organisation to ensure there is comprehensive asset ownership and clear understanding of responsibilities and accountabilities. IAOs will support the organisation s SIRO in their overall information risk management function as defined in the organisation s policy. 14.5 Information Governance Team The Information Governance Team is responsible for the overall development and maintenance of records management practices throughout the organisation, in particular for drawing up guidance for good records management practice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of patient information. 14.6 Service Managers and Local Records Manager (Information Asset Custodians (IAC)) Service Managers and Local Records Managers (IAC s) are responsible for ensuring that this policy is implemented, through the Records Management Strategy, and that the records management system and processes are developed, co-ordinated and monitored. All Service managers and Local Records Managers are responsible for examining the records of their service area and to ensure there is structure and processes in place to meet compliance of the standards contained within this document. All Service managers are responsible for liaising with appropriate - 15 -

departments to ensure that a co-ordinated approach to the management of the record is maintained. All Service managers and Local Records Managers are responsible for and must participate in the annual clinical audit which forms part of the Information Governance & NHSLA standards requirements. Service Managers and Local Records Managers must ensure that all grades of clinical staff receive regular training on clinical record keeping. 1 14.7 All Staff All staff under the Public Records Act, whether clinical or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work and manage those records in keeping with this policy and with any guidance subsequently produced. All users of Healthcare Records must be aware of their legal obligations and abide by the requirements of the Data Protection Act and Principles of Caldicott. 2 All users of Healthcare Records must be aware of the process for managing Freedom of Information requests and act on it as required. Each member of staff is responsible for the records they create and use. 15 Failure to Comply with the Policy 15.1 If a service feels it can not comply with all or part of an IG policy/ procedure they have a duty to undertake a risk assessment (an IG Risk Assessment Template can be found http://solent/corp/igov/default.aspx) which will be approved by the services Information Asset Owner and Information Governance Team. Failure to do so could result in disciplinary action. For further advice services should contact the Information Governance Team. 15.2 Failure to comply with this policy, (unless agreed exceptions have been approved) will result in disciplinary action, as stated within all staff contracts and in line with the Trusts Disciplinary Policy.. 16 Training 16.1 All Trust staff will be made aware of their responsibilities for record-keeping and record management. This will be through the use of mandatory Information Governance and Records Management modules, developed by Connecting for Health. 1 Clinical Information Assurance Requirement 403 2 NHSLA RM Evidence Template - 16 -

16.2 It is the responsibility of the Learning & Development Team to provide Information Governance and Records Management training to all new starters within the Trust as part of Induction Training. 16.3 It is the responsibility of all departmental Information Asset Custodians to provide ongoing Information Governance and Records Management training to all staff within their service(s); this is a role that is support by the Information Asset Owners and the Information Governance Team. 16.4 Bespoke training will be provided by the Information Governance Team where a service has identified a potential or actual risk, through the completion of an incident form. 17 Equality & Diversity and Mental Capacity Act A thorough and systematic assessment of this policy has been undertaken in accordance with the organisations Policy on Equality and Human Rights. The assessment found that the implementation of and compliance with this policy has no impact on any employee on the grounds of age, disability, gender, race, faith, or sexual orientation. See Appendix J. 18 Success Criteria/Monitoring the Effectiveness of the Policy: 18.1 The monitoring of this policy and its effectiveness and maintenance will be audited annually using the Information Governance Toolkit (IGT) or sooner if new legislation, codes of practice or national standards are introduced. The IGT audit is a self-assessment audit undertaken by the Information Governance Team; additionally the submission is audited annually by external auditors, South Coast Audits. 18.2 The owner/author of the policy is responsible for undertaking this audit and ensuring the policy s effectiveness. This will be monitored through the Information Governance Steering Committee to ensure effectiveness. 18.3 IAO s and IAC s will work with the Information Governance Team to develop local action plans and monitor their completion. IAO s and IAC s will elevate risks identified through the Risk Register system. 18.4 The implementation of this policy will be audited annually by the Information Governance Team, with the assistance of IAC s and all staff. 18.5 The Information Governance Team will on a weekly basis review and monitor all Information Governance and Records Management incidents and were required conduct full investigations. 19 Review 19.1 This document may be reviewed at any time at the request of either at staff - 17 -

side or management, but will automatically be reviewed three years from initial approval and thereafter on a triennial basis unless organisational changes, legislation, guidance or non-compliance prompt an earlier review 20 Contact Details Information Governance Team: Email: SNHS.SolentIGTeam.nhs.net Tel: 023 8029 6922 023 8029 6911 023 8053 8772 21 Reference and Links to Other Documents This policy must be read in conjunction with the below policies that are available on the Intranet http://solent/corp/igov/lists/ig%20policies/allitems.aspx Policies: Access to Records Policy Audio Visual Records Policy Data Encryption Policy Data Protection, Caldicott and Confidentiality Policies & Procedures Information Governance Policy Information Risk Policy Information Security Policy FOI Policy Records Management & Lifecycle Policy Registration Authority Policy Procedures: Privacy Impact Assessment Procedure Registration Authority Procedure Strategies: Information Governance Strategy Records Management Strategy Code of Practices: Destruction of Confidential Waste NHS Code of Practice: Records Management Other Documents: Care Record Guarantee (2011 Revision): http://www.nigb.nhs.uk/guarantee 21.1 Further Information General technical advice on the management of films and videos can be obtained from: - 18 -

The British Film Institute Non-Fiction Unit National Film and Television Archive 21 Stephen Street London W1T 1LN www.bfi.org.uk Information on sound recordings from: The National Sound Archive The British Library 96 Euston Road London NW1 2DB http://www.bl.uk/nsa Information on Consent: Department of Health Publications PO Box 777 London SE1 6XH Telephone: 0300 123 1002 Fax: 01623 724524 E-mail dh@prolog.uk.com - 19 -

Appendix A Adult Consent for Audio-visual Recordings Adult Consent for Audio-visual Recordings NHS Number: I,. whose date of birth is /.../..,give my permission for (add service area) of Solent NHS Trust to make a recording of myself. The recording is taking place because The recording will be kept for the same period of time as my clinical record. Under the Data Protection Act 1998 I am entitled to view the recording which will form part of the clinical record held by the service. The service will assist me if I wish to do this by following the organisations Access to Records Policy. I understand that the recording will be held in a secure place, within a locked cabinet, and/or it will be held in a restricted computer folder and password protected so that access is strictly on a need to know basis only. Or I understand that the recording will be held in patient held record and it is my responsibility to ensure that the recording is held in a secure and restricted place, so that access is strictly on a need to know basis only, Using Recordings for Training Purposes I understand that the recording may be used for teaching purposes during the training of health care professionals and medical students; however, the recording will only be used if my information has been effectively annonymised. If the recording is unable to be annonymised, I will be asked to complete another form to give my consent for this purpose. Do you consent to this record being used for the purpose of teaching or training medical staff? Yes/No (delete as appropriate) Signed..Date... Name (block capitals) Home Address........ Confirmation On behalf of the team treating this patient, I have confirmed with the patient that they have no further questions and wish for the recording to go ahead. Signed:. Date:. Name (Block Capital). Designation... - 20 -

Appendix A - notes on completing the consent form The form must be completed jointly between the adult and health care professional. Two identifiers - (name and DOB) are requested for the patient so that clinical staff can ensure correct identification of the patient. Secure folder services can contact ICT Services to get a restricted folder set up. You will need to provide them with a list of service staff that can access this folder. ICT Solent West Tel: 0300 123 0880 Email: servicedesk@hampshirehis.nhs.uk ICT Solent East Tel: 023 9268 2680 Email: ict.service@ports.nhs.uk N.B Patient information must not be emailed, unless you using the nhs.net and both sender to receiver are using this network. Training or assessment of healthcare professionals, audit or medico-legal reasons If the individual is happy to provide consent for the recording to be used for training, and it is not possible to remove identifiers with the recording then complete the form in Appendix F. - 21 -

Appendix B Audio-visual Consent for Audio-visual Recordings Parental Consent for Audio-visual Recordings NHS Number: I,.give my permission for (add service area) of Solent NHS Trust to make a recording of.whose date of birth is /.../.. My relation to the child is. The recording is taking place because I confirm that I have parental responsibility for this child and that he/she lacks sufficient understanding and therefore cannot give his/her own consent. I understand that I am free to stop recording at any time. The recording will be kept for the same period of time as the patient s clinical record. Under the Data Protection Act 1998 I am entitled to view the recording which will form part of the clinical record held by the service. The service will assist me if I wish to do this by following the organisations Access to Records Policy. I understand that the recording will be held in a secure place, within a locked cabinet, and/or it will be held in a restricted computer folder and password protected so that access is strictly on a need to know basis only. Using Recordings for Training Purposes I understand that the recording may be used for teaching purposes during the training of health care professionals and medical students; however, the recording will only be used if my information has been effectively annonymised. If the recording is unable to be annonymised, I will be asked to complete another form to give my consent for this purpose. Do you consent to this record being used for the purpose of teaching or training medical staff? Yes/No (delete as appropriate) Signed..Date... Name (block capitals) Capacity (if not the patient)... Home Address...... Confirmation On behalf of the team treating this patient, I have confirmed with the child and his/her parents/guardian that they have no further questions and wish for the recording to go ahead. Signed:. Date:. Name (Block Capital). Designation... - 22 -

Appendix B - notes on completing the consent form The form must be completed jointly between the parent and health care professional. Two identifiers - (name and DOB) are requested for the patient so that clinical staff can ensure correct identification of the patient. Parental Responsibility - is defined as the rights duties, powers duties and responsibilities, which by law a parent has in relation to a child. Not all parents automatically have parental responsibility so you need to be aware of this. Parental Responsibility can be held by the following people; where a child's parents are married at the time of his birth they share parental responsibility. from 1 December 2003, if both parents register the birth of their baby together they will both have parental responsibility Where a child's parents are not married at the time of birth the mother is automatically conferred with Parental responsibility unless both parents have registered the birth together (from December 2003). N.B The unmarried father may acquire Parental Responsibility either by an agreement which is completed by both parties - as in form set out in the Parental Responsibility Agreement Regulations 1991; or by an order of the court. Secure folder services can contact ICT Services to get a restricted folder set up. You will need to provide them with a list of service staff that needs to access this folder. ICT Solent West Tel: 0300 123 0880 Email: servicedesk@hampshirehis.nhs.uk ICT Solent East Tel: 023 9268 2680 Email: ict.service@ports.nhs.uk N.B Patient information must not be emailed, unless you using the nhs.net and both sender to receiver are using this network. Training or assessment of healthcare professionals, audit or medico-legal reasons If the individual is happy to provide consent for the recording to be used for training, and it is not possible to remove identifiers with the recording then complete the form in Appendix F. - 23 -

Appendix C Carers consent for adults who do not have capacity to consent for audio-visual recordings Carers consent for adults who do not have the capacity to consent for audio-visual recordings NHS Number: I,.give my permission for (add service area) of Solent NHS Trust to make a recording of.whose date of birth is /.../..The recording is taking place because I confirm that I have responsibility for the patient and that he/she lacks sufficient understanding and therefore cannot give his/her own consent. I understand that we are free to stop recording at any time. The recording will be kept for the same period of time as the patient s clinical record. Under the Data Protection Act 1998 we are entitled to view the recording which will form part of the clinical record held by the service. The service will assist me if I wish to do this by following the Trusts Data Protection 1998 Policy. I understand that the recording will be held in a secure place, within a locked cabinet, and/or it will be held in a restricted computer folder and password protected so that access is strictly on a need to know basis only. Using Recordings for Training Purposes I understand that the recording may be used for teaching purposes during the training of health care professionals and medical students; however, the recording will only be used if my information has been effectively annonymised. If the recording is unable to be annonymised, I will be asked to complete another form to give my consent for this purpose. Do you consent to this record being used for the purpose of teaching or training medical staff? Yes/No (delete as appropriate) Signed..Date... Name (block capitals) Capacity (if not the patient)... Home Address...... Confirmation On behalf of the team treating this patient, I have confirmed with the carer/multidisciplinary team that they have no further questions and wish for the recording to go ahead. Signed:. Date:. Name (Block Capital). Designation... - 24 -

Appendix C - notes on completing the consent form The form must be completed jointly between the responsible carer/multi-disciplinary team and the health care professional of the service. Two identifiers - (name and DOB) are requested for the patient so that clinical staff can ensure correct identification of the patient. Capacity to consent - There is little doubt that decisions made on behalf of a person without capacity should be made in their best interests. This must be undertaken within the Multi-disciplinary team. Secure folder services can contact ICT Services to get a restricted folder set up. You will need to provide them with a list of service staff that can access this folder. ICT Solent West Tel: 0300 123 0880 Email: helpdesk@hampshire ITSolutions.nhs.uk ICT Solent East Tel: 023 9268 2680 Email: ict.service@ports.nhs.uk N.B Patient information must not be emailed, unless you using the nhs.net and both sender to receiver are using this network. Training or assessment of healthcare professionals, audit or medico-legal reasons If the individual is happy to provide consent for the recording to be used for training, and it is not possible to remove identifiers with the recording then complete the form in Appendix F. - 25 -

Appendix D Children s Consent for Audio-visual Recordings Children s consent for audio-visual recordings NHS Number: I,. myself whose date of birth is /.../., give my permission for (add service area) of Solent NHS Trust to make a recording of.the recording is taking place because It has been assessed by that I am competent to consent, following the DoH guidelines Seeking Consent: Working with Children. I understand that I am free to stop recording at any time. The recording will be kept for the same period of time as the patient s record. Under the Data Protection Act 1998 I am entitled to view the recording which will form part of the clinical record held by the service. The service will assist me if I wish to do this by following the organisations Access to Records Policy. I understand that the recording will be held in a secure place, within a locked cabinet, and/or it will be held in a restricted computer folder and password protected so that access is strictly on a need to know basis only. Using Recordings for Training Purposes I understand that the recording may be used for teaching purposes during the training of health care professionals and medical students; however, the recording will only be used if my information has been effectively annonymised. If the recording is unable to be annonymised, I will be asked to complete another form to give my consent for this purpose. Do you consent to this record being used for the purpose of teaching or training medical staff? Yes/No (delete as appropriate) Signed..Date... Name (block capitals) Parents signature (if involved in the decision). Home Address........ Confirmation On behalf of the team treating this patient, I have confirmed with the child and his/her parents/guardian that they have no further questions and wish for the recording to go ahead. Signed:. Date:. Name (Block Capital). Designation... - 26 -

Appendix D - notes on completing the consent form The form must be completed jointly between the child and where possible the adult with parental responsibility and health care professional. Two identifiers - (name and DOB) are requested for the patient so that clinical staff can ensure correct identification of the patient. Secure folder services can contact ICT Services to get a restricted folder set up. You will need to provide them with a list of service staff that can access this folder. ICT Solent West Tel: 0300 123 0880 Email:helpdesk@hampshire ITSolutions.nhs.uk ICT Solent East Tel: 023 9268 2680 Email: ict.service@ports.nhs.uk N.B Patient information must not be emailed, unless you using the nhs.net and both sender to receiver are using this network. Training or assessment of healthcare professionals, audit or medico-legal reasons If the individual is happy to provide consent for the recording to be used for training, and it is not possible to remove identifiers with the recording then complete the form in Appendix F. Gillick Competence - In some certain cases, children under the age of 16 who have the capacity and understanding to take decisions about their own treatment are also entitled to decide whether personal information may be passed on and generally to have their confidence respected, for example if they were receiving counselling or treatment about something they did not wish their parent to know. Case law has established that such a child is known as Gillick Competent, i.e. where a child is under 16 but has sufficient understanding in relation to the proposed treatment to give, or withhold consent, consent or refusal should be respected. However, good practice dictates that the child should be encouraged to involve parents or other legal guardians in any treatment. - 27 -

Appendix E Consent form for Photography of Aphasia Patients Consent form for Photography of Aphasia Patients My name is... We would like to make a video recording of you We may use the video for teaching We will not tell anybody your name The video will not be kept for more than 5 years I agree I disagree This consent form will be filed with the client s notes and a photocopy kept with the recording/photographs NHS number (where applicable): Person taking the consent... Date Data protection Act 1998: You are advised that information gathered at appointments is routinely registered on our computer. Everyone working for the NHS has a legal duty to keep information confidential. - 28 -