Document
-
Upload
nhs-kirklees -
Category
Documents
-
view
212 -
download
0
description
Transcript of Document
Records Management Strategy January 2007 Page 1 of 22 4/23/2007
RECORDS MANAGEMENT STRATEGY.
Prepared by: Eve Scott
Responsible Area: Corporate Services. Approval Information:
Date Approved: COMMITTEE:-
28th March 2007 Trust Board.
Sign
Approved By:
Print Name Helena Corder
Version No. Approved: One
Review Date: March 2008
Reference to Standards for Better
Health Domain
Department of Health 2006 Standards for Better Health Third domain: Governance
Core/Development standard
Core Standard C4
Performance indicators
Acheivement of integral action plan.
History of Document
This is version one of the Kirklees PCT Records Management Strategy.
Records Management Strategy January 2007 Page 2 of 22 4/23/2007
KIRKLEES PCT.
RECORDS MANAGEMENT STRATEGY. 1. Introduction Records are a valuable resource because of the information they contain. Good information is essential to efficient and effective management of the PCT’s day to day business, including the delivery of high quality evidence based health care. However, that information is only usable if it is correctly and legibly recorded in the first instance, is kept up to date, and is easily accessible when needed. Good record keeping ensures that:
a) Staff can work with maximum efficiency without having to waste time hunting for information b) An audit trail is produced, enabling any record entry to be traced to a named individual at a given date/time and tracks all subsequent alterations
c) Clear information is recorded about what has been done/not done, and why
d) Provides clear justification for decision making process for future users
This strategy forms one part of the over-arching Information Governance strategy. It defines a framework for improving the quality, availability and effective use of records and will enable overall co-ordination of all records management activities and ensure alignment with the Trust’s business strategies. This strategy is underpinned by an action plan that ensures Kirklees PCT will have a systematic and planned approach to the management of its records from the moment they are created to their ultimate disposal. This will ensure that the PCT can control both the quality and the quantity of the information that it generates. 2. Definitions A record is defined as anything that contains information, in any media, eg. paper, audio or video tape, computer data base notes, eg E-mail etc, which forms part of the record which has been created or gathered as a result of any aspect of the work of NHS employees, including:-
• Patient health records (electronic or paper based) • Staff records • Photographs and other images. • Microform (i.e. fiche/film)
Records Management Strategy January 2007 Page 3 of 22 4/23/2007
• Audio and videotapes, cassettes, CD-ROM etc • Computer databases, output and disks etc., and all other electronic
records • Material intended for short term or transitory use, including notes and
‘spare copies’ of documents • Administrative records (including, estates, financial and accounting
records; notes associated with complaint handling) • Scanned records • Text messages (both outgoing from the NHS and incoming responses
from the patient) Note: This list is not exhaustive.
3. Aim and objectives of this records management strategy. Kirklees PCT aims to have a systematic and planned approach to records management. This will ensure that the PCT can control both the quality and the quantity of the information that it generates and be able to access information as required in a timely fashion. The following objectives support the achievement of this aim,
1. To outline clear accountabilities and responsibilities regarding records management
2. To set up and maintain robust systems and processes for records management, from the creation of a record to its eventual destruction, to ensure a consistent PCT wide approach.
3. To ensure that all the PCT’s records that are fit for purpose for statutory, legal and business purposes.
4. To ensure that the confidentiality, security and integrity of all records are maintained at all times during their storage and use.
5. To provide clear and efficient access for employees and others who have a legitimate right of access to Trust records, and ensure compliance with Access to Health Records, Data Protection and Freedom of Information legislation
6. To set up and maintain an information asset register and ensure appropriate archiving of all records that are stored in accordance with the retention and destruction schedule as set out in Part 2 of the Records Management: NHS Code of Practice 2006.
7. To ensure efficiency and best value through improvements in the quality and flow of information, and co-ordination of records and storage systems
8. To ensure that the PCT has an effective infra-structure to support records management
9. To ensure that all staff receive appropriate training regarding their responsibilities for records management.
10. To audit the effectiveness of the records management systems and processes on an annual basis and address and issues identified.
Records Management Strategy January 2007 Page 4 of 22 4/23/2007
4. Scope This strategy sets out the PCTs's approach to records management. This approach is based on:
• The NHS Records Management Code of Practice • C9 Standard for Better Health • The Information Governance Toolkit • The requirements of the Data Protection Act 1998 and the Freedom of
Information Act 2000. It relates to all records, clinical and non-clinical unless otherwise stated, that are created, maintained, stored or destroyed by staff working for, or on behalf of, Kirklees PCT. In order to ensure compliance with the above Acts and standards, this strategy is underpinned by an action plan to be followed by its entire staff. Some specific actions are required of the PCT Directorates, according to their discrete functions. 5; Related strategies. Records are an integral part of the day to day working of any organisation. Hence this strategy must be complimentary to, and supportive of, all other appropriate PCT strategies. 6; There are a number of Policies and Procedures that support this
strategy. These include • Records Management Policy • Code of Conduct on Confidentiality • Freedom of Information Policy • Incident Reporting Policy • Counter Fraud Policy. It is underpinned by the following records management procedures: • Procedure for access to records. • Procedure for the creation, structure and format of a record. • Procedure for the Disposal of Confidential Waste. • Procedure for the 24 hour access to Clinical Records. These policies and procedures ensure that the PCT has robust systems and processes for the management of all its records, clinical and non clinical from the time of their creation to their eventual destruction. 7. PCT Systems & Accountabilities for effective records
management.
Records Management Strategy January 2007 Page 5 of 22 4/23/2007
There will be a Records Management Group, reporting to the Information Governance Group. The Information Governance Committee reports to Trust Board via the Governance Committee. 8; Accountabilities and Responsibilities for Effective Records
Management. The Trust Board have corporate responsibility in relation to Information Governance. The Lead Director for Records Management is the Director of Corporate services. The Director of Patient Care and Professions is the Caldicott Guardian, responsible for ensuring the confidentiality security of clinical information. The Assistant Director of Corporate Governance is the Senior Manager with operational responsibility for records management. They will promote records management awareness throughout the PCT. The Records Manager is the individual with operational responsibility for managing the corporate records management systems and processes. Kirklees PCT operates a matrix style of management: All Directors are responsible for ensuring that robust systems are in place to ensure that all staff under their management control: • Create, close, archive and eventually destroy records in accordance with
the Records Management Policy and its underpinning procedures All Operational Managers are responsible for: • Ensuring that all records are stored securely in accordance with PCT
policy and procedures • Ensuring that staff are compliant with the PCT’s tracking and registration
systems for appropriate records • Ensuring that clinical records are bound and stored so that loss of
documents is minimised • Ensuring that there is a mechanism for identifying records which must be
kept for permanent preservation • Ensure all staff who create and maintain records attend at least mandatory
training regarding Information Governance so that they have up-to-date knowledge of the laws and guidelines concerning confidentiality, data protection and access to patient information in particular.
Individual employees are responsible for any records they create, specifically
• Safe custody of these records • Maintenance of the confidentiality of the information they contain. • Quality of the information contained.
Records Management Strategy January 2007 Page 6 of 22 4/23/2007
In addition they must attend such training as is necessary in order to undertake their responsibilities regarding records management. 9; Audit of Records and Records Management Systems and
Processes. Internal Audit will carry out periodic audits to provide assurance to the Board that a suitable risk management system is in place and is functioning properly. Annual Audits will be carried out by PCT staff of • quality of content • record type used by professional groups to eliminate duplicate record
templates • Any other audits that may be appropriate to determine compliance with
the Records Management Policy. 10; Implementation of this Records Management Strategy. The action plan appended to this strategy has been taken from the ‘Connecting for Health Model Records Management Strategy’. Progress will be monitored by both the Information Governance Group and the Records Management Group as appropriate. 11; Training of Staff. There will be biannual mandatory training for PCT staff in records management. This training will be tailored to whether they manage or work with clinical or corporate records. 12; Dissemination of this Records Management Strategy within the
PCT. This strategy will be circulated to Directors each time it is reviewed. It is the Director's responsibility to ensure that it is cascaded through their line management structure and to ensure that all their staff are aware of their records management responsibilities as laid out in this strategy. Information about this strategy will be circulated to all staff via the PCT’s team brief and a copy will be lodged on the PCT’s intranet and website. 13; Review. This strategy will be reviewed every two years (or sooner if new legislation, codes of practice or national standards are to be introduced).
Records Management Strategy January 2007 Page 7 of 22 4/23/2007
Appendix A
KIRKLEES PCT
Records Management Group. Terms of Reference.
Records Management Strategy January 2007 Page 8 of 22 4/23/2007
KIRKLEES PCT.
INFORMATION GOVERNANCE GROUP
TERMS OF REFERENCE.
1. BACKGROUND The PCT is reliant on robust information in order to deliver its objectives in an efficient and effective and effective manner. The Information Governance Toolkit and C9 Standard for Better Health set out the minimum standards that the PCT must work to when managing this information. These standards are pertinent to all the information held and used by the PCT. The PCT is a repository for a large volume of personal or confidential information that must be managed in accordance with the Data Protection Act 1998. In addition, the PCT must comply with the Freedom of Information Act 2000 when an individual requests access to some of its information. 2. PURPOSE OF THE INFORMATION GOVERNANCE GROUP. The Information Governance Group exists to ensure that the PCT is compliant with the relevant standards pertinent to Information Governance and to oversee the annual information governance work programme. It will provide assurance to the Governance Committee that the PCT is managing its information in accordance with the above standards, or issue exception reports should there be issues that need to be brought to the attention of either the Governance Committee or Trust Board. 3. OBJECTIVES
1. To ensure that the PCTs have an effective policy and management arrangements in place to meet the requirements of
• Data Protection Act 1998 • Freedom of Information Act 2000 • Connecting for Health Information Governance Toolkit • Caldicott Guardian Standards • C9 Standard for Better Health • NHS Litigation Authority Risk Pooling Scheme for Trust risk
management standards • British Standard 7799 (Information Security) • Common law duty
2. To be the body that sets the strategy and policy that ensures that all the PCT’s records. This will be operationalised by the Records Management Group.
3. To recommend polices or procedures to the Governance Committee for ratification.
4. To provide Board Assurance, via the Governance Committee, that risks associated with Information Governance are being managed or to highlight significant risks and associated resource implications.
Records Management Strategy January 2007 Page 9 of 22 4/23/2007
5. To monitor the implementation of the prioritised Information Governance work programme.
6. To receive reports into breaches of information security or confidentiality and monitor that learning points are implemented across the PCT.
7. To ensure that audits required in order to comply with Information Governance standards are carried out within the PCT and to consider the reports of these audits.
8. To provide steerage, advice, guidance and support on Information Governance to PCT employees
9. To provide advice and guidance for Independent Contractors on Information Governance.
4. Membership Core Membership Director of Corporate Services(Chair) Caldicott Guardian Assistant Director of Corporate Governance Performance and Information Directorate representative Public Health Directorate representative Provider Services Directorate representative Health Informatics Service (HIS) representative Confidentiality & Information Security Manager Confidentiality & Information Security Officer Practice Manager
In attendance according to content of agenda Commissioning and Service Development Directorate representative Finance Directorate representative Human Resources Directorate representative 5; QUORUM The meeting will be quorate on the attendance of one third of the membership which must include the Chair (or their deputy) NB: If a member is unable to attend a meeting, they should arrange for a deputy to attend on their behalf. 6; FREQUENCY OF MEETINGS The Information Governance Group will meet quarterly, unless the Chair calls an additional meeting to address a particular issue. 7; SUPPORT TO THE COMMITTEE The committee will be supported by the PA to the Director of Corporate Services. 8; REPORTING
1. The Information Governance Group is a sub-group of the Governance
Committee and hence directly accountable to the Governance Committee. The minutes of each meeting to be presented to the Governance Committee for receipt and discussion as appropriate together with an appropriate cover sheet.
Records Management Strategy January 2007 Page 10 of 22 4/23/2007
2. Relevant articles will be produced for PCT newsletter and the Team Brief. These will also be posted on the internet / intranet.
9; SUB-COMMITTEES
Records Management Group. 11; CONDUCT OF BUSINESS
� Agendas and papers will be circulated to committee members at least 7 calendar days before the meeting.
� Minutes of the meeting will be circulated no later than 14 Calendar days after the meeting
� This Committee will observe the requirements of the Freedom of information Act 2000, which allows a general right of access to recorded information held by the PCT, including minutes of meetings, subject to specified exemptions.
� This committee will operate in accordance with the PCT’s guidance for Chairs and Minute Takers.
� All members must declare any conflict of interest they may have regarding an agenda item at the start of the meeting.
12; REVIEW DATE These Terms of Reference will be reviewed on an annual basis. Approved by the Governance Committee <insert date> Review Date <insert date>
Records Management Strategy January 2007 Page 11 of 22 4/23/2007
The key elements of this strategy will be implemented as follows: Objective 1: To provide a clear system of accountability and responsibility for records Action Lead Progress Risk Target
Date Establish a records management strategy with processes for ongoing monitoring and review
Secure senior management ‘buy-in’ to improving records management, and the designation of a senior manager to be responsible for records management
Establish a Records Management function (to manage all Trust records), with clearly defined terms of reference and links to other Information Governance functions eg Freedom of Information, Data Protection, Risk Management etc.
Appoint a qualified Records Manager/ or designate the Information Governance Manager or another manager to have responsibility for Records Management
Manage implementation of the records management strategy, including provision of advice on records management, establishment of good practice guidelines and of compliance with relevant legislation and NHS guidance
Provide contacts through which the Records
Records Management Strategy January 2007 Page 12 of 22 4/23/2007
Manager can aid and support departments, and provide better co-ordination of record keeping across the Trust. Individual Departments to nominate local records managers Develop job descriptions, listing duties and essential attributes required for staff assigned records management roles (eg Records Manager, local records managers etc) Ensure that job descriptions across the Trust include relevant references to record keeping responsibilities
Review Human Resource policies and practices to recruit and retain good quality personnel for the records management function
Provide an appropriate competency framework, to identify the knowledge, skills and corporate competencies required for records and information management
Undertake regular reviews and analysis of records management training needs
Provide a professional development programme for records management staff
Ensure inclusion of records management and information issues and practices in induction training programmes for all new staff
Records Management Strategy January 2007 Page 13 of 22 4/23/2007
Allocate appropriate resources across the Trust to enable the maintenance of the records management function
Records Management Strategy January 2007 Page 14 of 22 4/23/2007
Objective 2: To create and keep records which are adequate, consistent, and necessary for statutory, legal and business requirements Action Lead Progress Risk Target
Date Develop guidance on good practice with the aim of establishing common and consistent standards of record creation and record keeping within the Trust, taking into account current Data Protection and Freedom of Information legislation
Reduce the duplication of records to improve information sharing, reduce cost and save space
Develop procedures and metadata (descriptive and technical documentation) to ensure the authenticity and evidential value of records held in electronic form When scanning, digitising and then storing records electronically, consider legal admissibility by adopting the procedures recommended in the BSI publication ‘BIP 0008:2004 Code of practice for legal admissibility and evidential weight of information stored electronically’
Identify all records vital to the continuing functioning of the activities of the Trust in the event of disaster and make provision for their protection (to be cross-referenced with the Trust Risk Management Strategy)
Records Management Strategy January 2007 Page 15 of 22 4/23/2007
Objective 3: To achieve systematic, orderly and consistent creation, appraisal, retention and disposal procedures for records during their
lifecycle Action Lead Progress Risk Target
Date Review existing records management
practices to establish what needs to be done to comply with the ‘Records Management: NHS Code of Practice’
Undertake an inventory of all Trust records, both health and corporate records held in either hard copy or electronic formats. (This is to ensure that all record collections/information sets are identified along with the volume of records held, the type of media on which they are held, their physical condition, their location, the environmental conditions in which they are stored and the responsible manager. See ‘Records Management Roadmap: Records Inventory Guidance’)
Produce Trust records retention schedules consistent with the NHS Retention and Disposal schedules detailed in the ‘Records Management: NHS Code of Practice’
Establish procedures for the continuous monitoring of the records management process to ensure that legal and statutory requirements are met and new types of records have a lifecycle determined at the point of creation
Records Management Strategy January 2007 Page 16 of 22 4/23/2007
Develop a selection policy to identify which records are likely to be suitable for permanent preservation. Establish contact with an approved archival institution with appropriate storage and public access facilities
Establish a system for managing records’ appraisal and for recording the disposal decisions made
Plan resource requirements to take account of the volume and nature of the records due for appraisal
Establish procedures for the closure of records when no longer current, secure storage of archived records, and effective disposal, as soon as appropriate
Identify a secure and confidential method for the disposal of records, and organise its implementation
Maintain a log of records which have been destroyed showing their reference, description and date of destruction
Assess the risks associated with the destruction of records or any delay in appraising them
(Whilst electronic records are subject to the
Records Management Strategy January 2007 Page 17 of 22 4/23/2007
same creation, appraisal, retention and disposal process as paper records) develop guidance as appropriate to take into account the particular technical requirements of electronic media
Records Management Strategy January 2007 Page 18 of 22 4/23/2007
Objective 4: To provide systems which maintain appropriate confidentiality, security and integrity for records in their storage and use Action Lead Progress Risk Target
Date Develop and promulgate policies and procedures to protect records from unauthorised alteration or erasure, to ensure that access to records is properly controlled, and to maintain adequate audit trails to track the use and location of records held
Implement secure storage arrangements for information and documents, while allowing access by authorised personnel
Organise appropriate storage accommodation for active paper records secure from fire, flood and theft, which is also secure and safe from unauthorised access
Organise the relocation of paper records into appropriately secure storage when they are no longer required for the conduct of current business, to await disposal and at the same time meeting standards to ensure that no environmental damage is caused whilst also providing security and having strictly controlled access for authorised personnel only
Develop appropriate Information Sharing Protocols and Subject Specific Information Sharing Agreements for the exchange of
Records Management Strategy January 2007 Page 19 of 22 4/23/2007
confidential and personal information Provide guidance on ‘back-up’, archiving processes and audit trails for electronic records, as well as on measures to prolong their access and use for as long as required, including migration across systems and onto different types of media
Develop and ensure that standards for the safe and secure transportation of records are strictly applied especially
Develop and implement a full and tested contingency or business recovery plan
Records Management Strategy January 2007 Page 20 of 22 4/23/2007
Objective 5: To provide clear and efficient access for employees and others who have a legitimate right of access to Trust records, and ensure compliance with current Data Protection and Freedom of Information legislation Action Lead Progress Risk Target
Date Implement effective tracking systems and audit trails, ensuring that information can be retrieved effectively and speedily when required
Develop systems to determine any access restrictions at the point of records creation
Implement policies and procedures to address the particular requirements of Freedom of Information in relation to agreed publication schemes and meeting requests for information by the public that follow the procedures established by the Trust’s Freedom of Information Policy
Records Management Strategy January 2007 Page 21 of 22 4/23/2007
Objective 6: To audit and measure the implementation of the records management strategy against agreed standards. Action Lead Progress Risk Target
Date Establish standards for records management performance (eg response to subject access and Freedom of Information requests, record keeping, availability etc) and monitor the performance of the function
Provide advice and support for records departments in meeting agreed standards
Records Management Strategy January 2007 Page 22 of 22 4/23/2007
Objective 7: To provide training and guidance on responsibilities and good practice for all staff involved with records. Action Lead Progress Risk Target
Date Provide (for all staff, departmental managers, and in particular for local record managers) procedure manuals and instructions, guidance on good practice, and advice on procedural issues and requirements. These instructions should cover all records management systems within the Trust, information quality and security, data protection, information handling, and legislative and statutory requirements
Raise the profile of records management within the Trust through publicity about the issues involved and the staff responsible
Develop training programmes and materials, including instruction on the concepts and basics of records management to be targeted at new and existing staff who need a basic awareness of the issues and procedures and those who need more detailed instruction on records management policies and procedures, in particular the local records managers
Provide specific training and instruction on Data Protection and Freedom of Information legislation