Skip to main content

Records management policy


1 Introduction

All colleagues must ensure they are familiar with the contents of this policy, which describes the standards of practice we require in the management of our records. It is based on current legal requirements and professional best practice.

All organisations need to keep records of its activities, patients and the public would rightly expect that this trust maintains records on its activities and decisions that affect their health service in an exemplary way.

Records and documents are different. Documents consist of information or data that can be structured or unstructured and accessed by people in the trust. Records provide evidence of the activities of functions and policies.

Records have strict compliance requirements regarding their retention, access and destruction, and generally have to be kept unchanged. Conversely, all records are documents.

This policy relates to all documents and records held by this trust, regardless of format, including, but not limited to, email, paper, digital, social media, videos and telephone messages.

Records are created to provide information about what happened, what was decided, and how to do things. Individuals cannot be expected or relied upon to remember or report on past policies, discussions, actions and decisions accurately all of the time. So, as part of their daily work they keep a record, by updating a register or database, writing a note of a meeting or telephone call, audio recordings of customer interaction or filing a letter or email,
which ensures that they and their successors have something to refer to in the future.

Records are a valuable resource because of the information they contain. High quality information underpins the delivery of high-quality evidence based healthcare. Information has most value when it is accurate, up to date and accessible when it is needed. An effective records management function ensures that information is properly managed and is available whenever and wherever there is a justified need for that information, and in whatever media it is required.

Records management is about controlling records within a framework made up of policies, standard operating procedures, systems, processes and behaviours. Together they ensure that reliable evidence of actions and decisions is kept and remains available for reference and use when needed, and that the organisation benefits from effective management of one of its key assets, its records.

A records retention schedule is a control document. It sets out the classes of records which Rotherham, Doncaster and South Humber NHS Foundation Trust (RDaSH) retains and the length of time these are retained before a final disposition action is taken (for example, destruction or transfer to a permanent place of deposit, such as the National Archives). It applies to information regardless of its format or the media in which it is created or might be held. All staff members should be familiar with this records retention schedule and apply retention periods to records.

A records management policy is a cornerstone of effective management of records in an organisation. It will help to ensure this trust keeps the records they need for business, regulatory, legal and accountability purposes.

The purpose of this policy is to establish a framework in which records held by this trust can be managed, and to provide staff members with a high level overview of the legal obligations that apply to NHS records.

2 Purpose

This trust will take action as necessary to comply with the legal and professional obligations set out for records, and in particular:

  • Public Records Act 1958
  • Data Protection Act 2018
  • Freedom of Information Act 2000
  • Access to Health Records Act 1990
  • Regulation of Investigatory Powers Act 2000
  • Records management code of practice 2021
  • NHS Information Governance: Guidance on legal and professional obligations
  • General Data Protection Regulation 2016 (GDPR)
  • The Public Records Act 1958 is an act of Parliament to make new provision with respect to public records and the public record office, and for connected purposes. It includes duties about selection and preservation of public records, places of deposit, access and destruction.
  • The Data Protection Act 2018 is an act of Parliament which regulates the processing of personal data relating to living individuals, including the obtaining, holding, use or disclosure of such information. Access to the health records of living patients is governed by this Act
  • The Freedom of Information Act 2000 is an act of Parliament that makes provision for the disclosure of information held by public authorities or by persons providing services for them. The lord chancellor’s code of practice on the management of records is issued under section 46 of this act
  • The Access to Health Records Act 1990 is an act of Parliament that regulates access to the health records of a deceased person
  • The Regulation of Investigatory Powers Act 2000 which permit the ‘interception’ of communications. Such interception must be proportionate to the needs of the organisation, society and the users of the communication system
  • The Records Management Code of Practice 2021 was published by NHSX in August 2021. It is a best practice guide for the management of records for those who work within or under contract to NHS organisations in England. They are based on legal requirements and professional best practice
  • NHS Information Governance: Guidance on legal and professional obligations provides guidance on the range of legal and professional obligations that affect the management, use and disclosure of information
  • The GDPR regulates the processing of personal data it is implemented in the UK by the Data Protection Act 2018 (DPA) which complements the GDPR. The two pieces of legislation must be read together

Failure to comply with the GDPR or DPA18 could result in reputational damage to the trust and carries financial penalties of up to £17 million, or 4% of turnover imposed by the information commissioner. Furthermore, individuals can be prosecuted for knowingly or recklessly disclosing, procuring or obtaining personal data. This policy applies to all employees and must be strictly observed. Failure to do so could result in disciplinary action.

3 Scope

This document applies to and is relevant across all services, departments or care groups. All employees working for or on behalf of the trust, including fulltime, part time, non-executive directors, contracted third parties, agency employees, locums, students, trainees, secondees, staff of partner organisations with approved access, visiting professionals, researchers, companies providing other services to the trust for example, all volunteers.

4 Responsibilities, accountabilities and duties

The chief executive, through the Executive Management team is accountable for records management for records held by the trust.

The data protection officer has responsibility for informing, advising and monitoring compliance with data protection principles in relation to this procedure.

The head of information governance has operational responsibility for the records management policy and is responsible for the overall development and maintenance of the records management framework and for ensuring this policy complies with legal and regulatory edicts. They are also responsible for providing learning and development with key learning points from this policy and for monitoring compliance with the policy to assess its overall effectiveness.

The head of information governance is responsible for developing and supporting a culture of high-quality records management practice across the trust to deliver associated organisational benefits. They are also responsible for knowing what records the trust holds and where they are, by conducting regular audits of records working closely with all services.

The head of information governance is responsible for ensuring that records created by the trust are stored securely and that access to them is controlled.

The head of information governance is responsible for the application of this policy in respect of ensuring effective trust employee records management and for managing access requests for those records made under the Data Protection Act 2018.

Information asset owners are responsible for ensuring the asset they ‘own’ is managed in accordance with this policy, and also for maintaining adequate records within the context, both legal and regulatory, of the business area the asset operates. For example, estates and facilities must be able to demonstrate how they comply with current Health and Safety legislation.

Information asset administrators if appointed for an asset are responsible for assisting the information asset owners in the management of the records that they ‘own’, in accordance with point 4.7.

All staff are responsible for keeping a record of any significant business transaction conducted as part of their duties for the trust. The record should be saved appropriately, a retention period assigned, and access controls applied if necessary.

5 Procedure or implementation

5.1 Corporate level procedures

This policy covers the management of both documents and records in RDaSH. The policy sets in place the strategic governance arrangements for all documents and records produced and received by the trust in accordance with agreed best practice as well as the principles established in ISO 15489 (the International British standard for records management).

This policy is mandatory and applies to all information in all formats. It covers all stages within the information lifecycle, including create and receive, maintain and use, document appraisal, declare as a record, record appraisal, retention and disposition.

Colleagues must not alter, deface, block, erase, destroy or conceal records with the intention of preventing disclosure under a request relating to the Freedom of Information Act 2000 or the Data Protection Act 2018.

Colleagues are expected to manage records about individuals in accordance with this policy irrespective of their race, disability, gender, age, sexual orientation, religion or belief, or socioeconomic status.

Where records contain any abbreviations or acronyms which are not listed in the records management glossary of abbreviations and acronyms, please contact the Information Governance team to ensure your abbreviation is added. Please see appendix B.

5.2 Records and information life cycle management

Records and information management plays an integral role within this trust as it underpins effective information sharing within our organisation and externally to patients and suppliers. The law requires certain records to be kept for a defined retention period; however, records are used on a daily basis for internal purposes to help make decisions, provide evidence, etc. Using the diagram below, you can learn more about each of the 5 steps in the records life cycle.

5.2.1 Stage 1, creation and receipt

This part of the life cycle is when we put pen to paper, make an entry into a database or start a new electronic document. It is known as the first phase. It can be created by internal employees or received from an external source, and it is complete and accurate.

5.2.2 Stage 2, distribution

Distribution is managing the information once it is created or received whether it is internal or external. It occurs when records are sent to someone for which they were intended or were copied. Records are distributed when photocopied, printed, attached to an email, hand delivered or regular mail, etc. After records are distributed, they are used.

5.2.3 Stage 3, use

This stage takes place after information is distributed. This is when records are used on a day-to-day basis to help generate organisational decisions, document further action or support other trust operations. It is also considered the active phase.

5.2.4 Stage 4, maintenance

Maintenance is when records are not used on a day-to-day basis and are stored in the records management system. Even though they are not used on a day-to-day basis, they will be kept for legal or financial reasons until they have met their retention period. The maintenance phase includes filing, transfers and retrievals. The information may be retrieved during this period to be used as a resource for reference or to aid in a business decision. Records should not be removed from a records management system; the information should be copied and tracked to ensure no amendments were made.

5.2.5 Stage 5, disposition

Disposition is when a record is less frequently accessed, has no more value to RDaSH or has met its assigned retention period. It is then reviewed and if necessary, destroyed under confidential destruction conditions. Not all records will be destroyed once the retention period has been met. Any records that have historical value to RDaSH will be retained for 20 years and sent to The National Archives, where they will be kept for the future of both organisations and may never be destroyed. This is the final phase of a records lifecycle. If you are unsure whether your records have historical value, please contact the Information Governance team.

5.3 Record retention schedule

Keeping unnecessary records wastes staff time, uses up valuable space and incurs unnecessary costs. It also imposes a risk liability when it comes to servicing requests for information made under the Data Protection Act 2018 (DPA) and, or the Freedom of Information Act 2000. Moreover, compliance with these acts means that, for example, personal data must not be kept longer than is necessary for the purposes for which it was collected (principle 5 of the DPA)

Records should only be destroyed in accordance with the trust’s retention schedule which derives from the NHS Records Management Code of Practice (opens in new window). It can be a personal criminal offence to destroy requested information under either the Data Protection Act 2018 and General Data Protection Regulation Article 5 (1e), or the Freedom of Information Act 2000 (Section 77). Therefore, the trust needs to be able to demonstrate clearly that records destruction has taken place in accordance with proper retention procedures.

The Code of Practice on Records Management, issued under Section 46 of the Freedom of Information Act 2000, states ‘authorities should make destruction decisions in accordance with an up-to-date policy, using a method or process that is applied consistently and that has been approved by the authority. Destruction policies should be sufficiently flexible to adapt to the requirements of extraordinary circumstances such as litigation or a public inquiry.’ This Code of Practice is a key component of our information compliance and allows it to standardise its approach to retention and disposal.

The recommended retention periods shown in the records management code of practice(opens in new window) apply to the official or master copy of the records. Any duplicates or local copies made for working purposes should be kept for as short a period of time as possible. Duplication should be avoided unless absolutely necessary. It should be clear who is responsible for retaining the master version of a record and copies should be clearly marked as such to avoid confusion.

Some types of records which may be created and kept locally are the responsibility of the local department, but may be found under a different function on the retention schedule: for example, where recruitment is carried out by departments, the department shall be responsible for ensuring the disposal of the records relating to unsuccessful candidate, this type of record is listed under human resources in the retention schedule.

5.4 Records involved in investigations, inquiries, litigation and legal holds

A legal hold, also known as a litigation hold, document hold, hold order or preservation order is an instruction directing employees to preserve (and refrain from destroying or modifying) certain records and information (both paper and electronic) that may be relevant to the subject matter of a pending or anticipated lawsuit, investigation or inquiry. Organisations have a duty to preserve relevant information when a lawsuit, investigation or inquiry is reasonably anticipated. Staff must immediately notify the Information Governance team if they have been notified of a litigation, investigation or inquiry or have reasonable foresight of a future litigation, investigation or inquiry as this could result in records being held beyond their identified retention period.

When a legal hold is terminated, records previously covered by the legal hold should be retained in accordance with the applicable retention period under this policy without regard to the Legal Hold and retained non-records or records not previously subject to retention may be destroyed.

5.5 Record naming and good practice

Record naming is an important process in records management, and it is essential that a unified approach is undertaken within all areas of the trust to aid in the management of records.

Colleagues should refrain from naming folders or files with their own name unless the folder or file contains records that are biographical in nature about that individual, for example, personnel records.

The trust’s standard naming convention, see appendix D, must be used for the filename of all electronic documents created by colleagues from the implementation date of this policy.

The renaming of old documents is optional but new documents must follow the standard naming convention.

Version control is the management of multiple revisions to the same document. Version control enables us to tell one version of a document from another. For more guidance on this, refer to appendix D of this policy.

Where records contain person identifiable data or corporate sensitive information it is a legal requirement that such data is stored securely.

Microsoft teams should only be used for internal collaboration, and not as a document repository. All finalised documents and records should be extracted and stored in the appropriate application once collaboration is complete.

Good record keeping should prevent record duplication. Staff members should ensure team members have not previously created a record prior to initiating a new document.

Good record keeping requires information to be recorded at the same time an event has occurred or as soon as possible afterwards.

Colleagues should ensure their handwriting is legible when making entries on paper records.

Colleagues should ensure records are relevant, including their opinions about individuals, as the individual has the right gain access to their records via a Subject Access Request under the Data Protection Act 2018.

Colleagues are to be aware when redacting Microsoft Word documents electronically by using the black highlight text tool as this process is reversible. A Microsoft Word file converted into PDF can be easily read merely by copying if from PDF back into Word. Please contact the Information Governance team for advice on redaction.

5.6 Record maintenance

Electronic documents and records should be maintained in accordance with this policy

To keep costs low, and in accordance with our aim to move to become a largely paperless organisation, staff are encouraged to save in electronic format wherever applicable. Records which need to remain in paper format are often ‘sealed’ contract records which are usually identified by an embossed stamp and are executive level. For corporate records which you feel cannot be digitised and require off site storing please contact the Information Governance team for support and advice.

The movement and location of paper records should be controlled and tracked to ensure that a record can be easily retrieved at any time. This will enable the original record to be traced and located if required and must be held in a shared location.

Paper file storage must be secured from unauthorised access and meet fire regulations.

Information asset owners should ensure they have a contingency or business continuity plan to provide protection for records which are vital to the continued functioning of the trust.

5.7 Record access

There are a range of statutory provisions that give individuals the right of access to information created or held by the trust, such as a data subject access request (SAR), Freedom of information request and correspondence on how a decision was made. The Data Protection Act 2018 allows individuals to find out what personal data is held about them. The Freedom of Information Act 2000 gives the public the right of access to information held by public authorities.

5.8 Record disclosure

There are a range of statutory provisions that limit, prohibit or set conditions in respect of the disclosure of records to third parties, and similarly a range of provisions that require or permit disclosure.

Only certain colleagues have the authority, which is dictated by their role, to disclose records. Colleagues with this authority should make a record of any copies of records they have disclosed, and to whom, in conjunction with relevant policies.

5.9 Record closure

In the case of paper corporate records, they should be closed and retention period applied, as soon as they have ceased to be in active use other than for reference purposes. For more information read the Offsite Storage SOP.

The retention schedule of the records management code of practice (opens in new window) help you apply timescales to your records to ensure records are not kept longer than necessary.

If a record is deleted or destroyed once its retention period has been reached, then a record must be completed and saved in order to prove that the record existed, met its retention and was then disposed of.

5.10 Record appraisal

Appraisal refers to the process of determining whether records are worthy of permanent archival preservation, as certain records created by the trust may be of historical interest to the National Archives.

The purpose of the appraisal process is to ensure the records are examined at the appropriate time to determine whether or not they are worthy of archival preservation, whether they need to be retained for a longer period as they are still in use, or whether they should be destroyed.

Appraisal should only be undertaken after consultation with the Head of IG or IG manager.

It is the responsibility of the staff member who is leaving their current post or the organisation, and their line manager, to identify as part of the exit procedure, specific records that should be retained in line with the trust’s retention and disposal schedule. Any non work related records must be disposed of securely.

5.11 Records held or transferred for archiving purposes

Records selected for archival preservation and no longer in regular use by the trust should be transferred to an archival institution, for example a ‘Place of deposit’. This must be approved by The National Archives and have adequate storage and public access facilities.

Following implementation of the Constitutional Reform and Governance Act 2010, in particular Part 6: Public Records and Freedom of Information, non-active records are required to be transferred no later than 20 years from the creation date of the record, as required by the Public Records Act 1958.

The head of IG or IG manager will identify the trust’s place of deposit and assist in the transfer of those records identified.

5.12 Record disposal

Disposal is the implementation of appraisal and review decisions and the term should not be confused with destruction. A review decision may result in the destruction of records but may also result in the transfer of custody of records, or movement of records from one system to another.

Records should not be kept longer than is necessary and should be disposed of at the right time. Unnecessary retention of records consumes time, space and equipment use; therefore, disposal will aid efficiency. Staff members must regularly refer to the retention schedule of the records management code of practice (opens in new window).

Unnecessary retention may also incur liabilities in respect of the Freedom of Information Act 2000 and the Data Protection Act 2018. If RDaSH continue to hold information which we do not have a need to keep, we would be liable to disclose it upon request. The Data Protection Act 2018 also advises that we should not retain personal data longer than is necessary.

The accounts (both mailbox and personal folder) of staff members who have left employment with RDaSH will be deleted within 30 days unless there are extenuating circumstances, for example, an employment tribunal claim or litigation case. This is in line with NHSmail policy, and will ensure best utilisation of our server space, as well as to ensure that records are not held in excess of their retention period. It is the line manager’s responsibility to notify the IT service desk of accounts that should not be deleted.

Staff members must seek specialist advice from the Information Governance team when considering destruction of the organisation’s records through a commercial third party.

Staff members must seek specialist advice from the head of IG or IG manager when considering off-site storage of the organisation’s records with a commercial third party. For more information read the offsite storage guidance.

Short-lived, ephemeral documents such as telephone messages, notes on pads, post-its, e-mail messages, texts, and so on, do not need to be kept as records. If they are business critical, they should be transferred to a more formal document which should be saved as a record.

5.13 Scanning

For reasons such as business efficiency and, or to address problems with storage space, staff may consider the option of scanning paper records into electronic format. Large scale scanning can be a very expensive option and should only be undertaken after approval of a business case by their care group director. For more information read the trust’s scanning guidance.

Colleagues involved in a process to scan paper records into electronic format with the purpose of discarding the original paper file, should understand the principles of information management encapsulated in the British standard BS 10008 evidential weight and legal admissibility of electronic information to conform to the provisions of the records management code of practice or seek advice from the Information Governance team.

By virtue of the Freedom of Information Act 2000, the trust is required to conform with the British standard BS 10008:2014 evidential weight and legal admissibility of information stored electronically.

5.14 Records security: Work base, home working, agile working

All person identifiable data or commercially sensitive data must be saved with appropriate security measures. Colleagues should contact the trust’s IT service desk to request a secure folder.

Colleagues must not use home email accounts or private computers to hold or store any sensitive records or information which relates to the business activities of the trust.

Removable media must be trust owned and encrypted by our IT department. Ideally, person sensitive data should not be stored on any removable media, however if there is no other option ensure this data is stored on a corporate encrypted device and deleted once transferred to identified secure area folder.

When printing paper records, especially sensitive documents, ensure appropriate measures have been taken in collecting all documents immediately after printing.

The trust has a safe haven procedure in order to ensure that staff are aware how to receive personal information in a secure manner at a protected point. Further information can be found via the information governance handbook.

In non-clinical areas, each department should have at least one designated safe haven contact point. Ideally, all information transmitted to the organisation should pass to these contact points. Clinical environments should operate in accordance with safe haven principles and the organisation should operate safe haven procedures for all flows of person identifiable information.

When transferring data, ensure security measures and precautions have been actioned by the sender and receiver. A robust contract or service level agreement should be in place detailing responsibilities if the information is being transferred to a third party. Please contact the Information Governance team for more advice.

Never leave your computer screen open when unattended. Always lock it using the keys control + alt + delete and then click on ‘lock’.

5.15 Missing and lost records

A ‘missing record’ is when a record cannot be found or is not available when required.

In the event of a missing record, a thorough search must be undertaken. This will include initiating a search at the base (this may include facilitating or requesting searches at non RDaSH locations if appropriate, (for example, GP surgeries or other trust buildings), in addition to reviewing the tracking history of the record.

If, after a reasonable time, the record has not been found, the staff member must log the incident on the online IR1 system, following the trust’s data security and protection breaches and incident reporting policy. The severity of the incident will determine the level of investigation required.

The missing record should be marked as missing in any electronic and manual tracking systems in use, and the record must be reconstituted, populated as far as possible with all the relevant information and clearly marked as a ‘reconstituted record’. If applicable, the electronic and manual tracking system must be updated to note that the record has been reconstituted and on what date this occurred.

When the original record is located the temporary and original set of records should be merged together. If applicable, the electronic and manual tracking system must be updated to state that the original records were located and merged with the reconstituted record, and with the location of the merged records. Update the incident investigator or line manager with details of when and how the record was found.

If after 6 months the record is still missing it is reasonable to assume that the original set of records has been lost. Update the incident investigator or line manager who will in turn update the incident log.

Data processors acting on behalf of the trust are required to develop and maintain local procedures to handle missing records in line with this policy.

5.16 Transgender and adoption records

To provide colleagues with guidance around the legal requirements for record keeping, should they encounter patients presenting with transgender or adoption circumstances.

Information contained within a patient’s clinical record is critical to the care a patient receives. On particular occasions a patient may require a change of identity (characterised within this document as transgender or adopted). In these circumstances a new clinical record may be created. It is important that certain information is transferred to ensure a continuity of care and avoid clinical risk, whilst still maintaining complete confidentiality regarding the patient’s previous identity.

5.16.1 Glossary of terms

Term Explanation of term
Adoption Adoption is a process whereby a person assumes the parenting of another, usually a child, from that person’s biological or legal parent or parents, and, in so doing, permanently transfers all rights and responsibilities, along with filiation, from the biological parent or parents.
Deed poll A legal document which entitles an individual to change their name or spelling. This includes adding or removing names or submitting a complete change.
Gender dysphoria A condition in which an individual does not identify with their birth sex and as a result feels discomfort or distress.
Transgender Transgender people are people who have a gender identity or gender expression that differs from their assigned sex. Transgender people are sometimes called transsexual if they desire medical assistance to transition from one sex to another.

5.16.2 Record maintenance of transgender patients

A patient wishing to be known as a different gender may present this information in a variety of ways, below are three of the most common scenarios experienced within the trust:

  • Change of name, a patient may request to be known as a different name and has legally changed this using the deed poll office. In these circumstances a patient must change their name, using their deed poll certificate, with their general practitioner (GP). The GP practice will then note this change by updating the spine. A simple change of name does not require a new identity or record. Do not change or alter the patient record. This information will be updated when the GP practice has changed the relevant information. A patient can request to be known by a different title at any time, regardless of having a deed poll change certificate. The sex of the patient however, must not be changed in these circumstances. The patient record must still show the same gender.
  • Potential transition, in some cases a patient may wish to live as a different gender without fully transitioning. This also usually occurs before a patient will undergo a full gender reassignment in order to ensure that this is truly what the patient wishes. They do not need to have a Gender Recognition Certificate for this to be changed. The process RDaSH must follow for electronic records is detailed below:
    • the patient can write a statutory declaration; they may have a deed poll document, or they may simply make the request. This request should be in writing, signed by the patient, stating their new name and gender. This is sent to the local ICB by either the patient or via their GP
    • the GP will write to the Registration Office notifying them of the requested changes. The GP may write a letter of support confirming the gender role change and that this change is intended to be permanent, but this is not a requirement
    • the registration office then writes to the national back office (NBO). The NBO will create a new identity with a new NHS number and requests the records held by the patient’s GP are amended
    • on receipt of the new record, the GP surgery changes any remaining patient information including the gender marker, pronouns and names. This information will be updated via the spine
    • RDaSH services must register the patient with their new details and if an existing record exists with old details this must have the referral ended and the patient discharged

Once this process has taken place, the new record and NHS number will have no reference to the patient’s birth gender. It is the role of the GP to explain to the patient that they will no longer be contacted regarding screening programs relating to their sex at birth. It is the decision of the patient whether this information and future screening options is added onto their new care record.

  • Full gender reassignment: a patient must discuss their wish to transition with their GP in the first instance. The patient is then able to apply for a gender recognition certificate in order to legally be considered for their acquired gender. Once a certificate has been issued, the patient is then lawfully recognised under their new gender and has all rights appropriate to that sex. The individual may choose to retain their original health record if they wish to.

The process RDaSH must follow for electronic records is detailed below:

  • to ensure the patient has continuity of care, a health care summary must be taken from the previous health record and transferred onto the new clinical record, this can or will include, but is not limited to, immunisations, allergies and medication
  • any information relating to a patient’s previous gender should be removed. There should be no reference to the patient’s previous gender
  • this may include HPV immunisations or smear test results-appointments, female and male lifestyle choices
  • the now ‘old’ record is closed and classed as confidential. Disclosure of any information within this record, including with or between any clinicians, healthcare professionals etc., is a criminal offence
  • the same retention will apply to the electronic record that applies to a closed patient record

Any paper records must be collated into a full clinical record, fully sealed and sent to the primary care service.

It is the responsibility of the GP only to make arrangements for the patient to now receive the appropriate tests relating to the changed gender.

If information within a patient’s previous health record proves to be medically significant and may disclose the previous gender, a discussion must take place between the patient and clinician. No information should be disclosed until this has occurred. The patient must provide explicit consent for this information to be transferred.

5.16.3 Record maintenance of adopted patients

When a patient is adopted, the national back office (NBO) will receive a court order from the general register office. On receipt of this the NBO will close the patient’s previous NHS Number and assign a new one. This will then be forwarded to the patient’s GP to make the relevant clinical record changes. Any changes to a record or a new record created, must only take place when an adoption order has been officially granted; the court process initiates the issuing of the new NHS number.

RDaSH adhere to the following process:

  • to ensure the patient has continuity of care, a health care summary must be taken from the previous health record and transferred onto the new clinical record. This can and will include, but is not limited to, immunisations or allergies or medication. Each service should transfer their own information to the new record
  • the new guardians of the patient should not be disclosed as adoptive parents at any point within the record. They will be simply recorded as parents where applicable
  • any information relating to a patient’s previous identity or, the identity and whereabouts of birth parents should not be included within the new record
  • the now old record is closed and classed as confidential. Disclosure of any information within this record, including with or between any clinicians, healthcare professionals etc., is a criminal offence
  • the same retention will apply to the electronic record that applies to a closed patient record
  • any paper records must be collated into a full clinical record and fully sealed
  • cancel any arranged appointments from the old record and re-book these immediately into the new record
  • previous electronic records must be closed

If at any point after the change of record has occurred, communication arrives containing the patient’s previous details, a summary of the communication must be taken and recorded onto the patient’s clinical record. Again, this must not divulge any information referring to a previous identity. The actual correspondence however must then be forwarded to the primary care service for appropriate management.

6 Training implications

Clinical record keeping (CRK) training is mandatory for all staff with this requirement on their ESR matrix.

Data security awareness (DSA) training is mandatory for all staff and details are provided on their ESR Matrix.

6.1 All colleagues, DSA

  • How often should this be undertaken: Upon commencement of employment and annually thereafter.
  • Length of training: 1 hour and 30 minutes.
  • Delivery method: E-learning or face to face.
  • Training delivered by whom: IG or NHS digital e-learning package.
  • Where are the records of attendance held: ESR.

6.2 Clinical staff, CRK

  • How often should this be undertaken: Upon commencement of employment and annually thereafter.
  • Length of training: 1 hour.
  • Delivery method: E-learning.
  • Training delivered by whom: Digital e-learning package.
  • Where are the records of attendance held: ESR.

As a trust policy, all staff need to be aware of the key points that the policy covers. Staff can be made aware through a variety of means such as,

  • all user emails for urgent messages
  • one to one meetings or supervision
  • continuous professional development sessions
  • posters
  • daily email (sent Monday to Friday)
  • practice development days
  • group supervision
  • special meetings
  • intranet
  • team meetings
  • local induction

7 Monitoring arrangements

The head of information governance is responsible for the monitoring, revision and updating of this document.

7.1 Policy

  • How: Review of best practice against the policy will be undertaken annually through auditing.
  • Who by: Head of information governance.
  • Reported to: Information governance group and health informatics group.
  • Frequency: Annually.

7.2 Incidents

  • How: Review of incidents.
  • Who by: Head of information governance.
  • Reported to: Information governance group.
  • Frequency: As and when they occur.

7.3 Retention and disposal policy content

  • Who by: Head of information governance.
  • Reported to: Information governance group.
  • Frequency: Quarterly.

7.4 Compliance

  • How: Auditing and spot checks.
  • Who by: Head of information governance.
  • Reported to: Information governance group.
  • Frequency: Annually.

8 Equality impact assessment screening

Equality and diversity are at the heart of RDaSH’s values. Throughout the development of the policies and processes cited in this document, we have given due regard to the need to eliminate discrimination, harassment and victimisation, to advance equality of opportunity, and to foster good relations between people who share a relevant protected characteristic (as cited in under the Equality Act 2010) and those who do not share it.

As part of its development this document and its impact on equality has been analysed and no detriment identified.

The completed equality impact assessment for this policy has been published on this policy’s webpage on the trust policy library or archive website. Link to overarching EIA.

8.1 Privacy, dignity and respect

The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi’s review of the NHS, identifies the need to organise care around the individual, ‘not just clinically but in terms of dignity and respect’. As a consequence the trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided).

8.1.1 How this will be met

All staff, contractors and partner organisations working on behalf of the trust must follow the requirements of this policy and other related policies, particularly those relating to Information Governance. All health professionals must also meet their own professional codes of conduct in relation to confidentiality.

8.2 Mental Capacity Act 2005

Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individual’s informed consent, or the powers included in a legal framework, or by order of the court.

Therefore, the trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act (2005). For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act (2005)to ensure for that the rights of individual are protected and they are supported to make their own decisions where possible and that any decisions made on their behalf when they lack capacity are made in their best interests and least restrictive of their rights and freedoms.

8.2.1 How this will be met

All individuals involved in the implementation of this policy should do so in accordance with the guiding principles of the Mental Capacity Act (2005) (Section 1).

The following documents will provide additional information:

10 References

As above, links to any associated documents.

This document will be made available to all Staff via the RDaSH intranet site, and a global notice will be sent to all staff notifying them of the release of this document.

11 Appendices

11.1 Appendix A Records management glossary of abbreviations and acronyms

Acronym Long form
AOB Agreement of balances
ALBs Arm’s length bodies
AQP Any qualified provider
BPPC Better payment practice code
BST Business services transformation programme
C and B Choose and book
CAMHS Child and adolescent mental health service
CCG Clinical commissioning group
CCG Council clinical commissioning group council
CEO Chief executive office
CHC Continuing health care
CiC MH Care in the community mental health
Comms and engagement Communications and engagement
CSU Commissioning support unit
DHSC Department of health and social care
DOLS Deprivation of liberty safeguards
ESR Electronic staff record
FIMS Finance information monitoring systems
FMR Finance monitoring report
FOI Freedom of information
FSD Finance skills development
GP General practice or practitioner
GPCEC GP commissioning executive committee
HC contracting Healthcare contracting
HEE Health Education England
HR-Workforce Human resources workforce
HSIB Healthcare safety investigation branch
IBI Infected blood inquiry
ICT Information communication technology
IFR-PA Individual funding requests – prior approval
IG Information governance
IICSA Independent inquiry into child sexual abuse
IRC Immigration removal centre
ISFE Integrated single finance environment
JSNA Joint strategic needs assessment
KPI Key performance indicator
LD cont care Learning disabilities continuing care
LEAP Learn engage apply perform
LTC Long term conditions
MH Mental health
MOGP Markers of good practice
NCA Non contract activity
Non HC contracting Non health care contracting
OHPs Overhead presentations
ORIS One relationship and information solution
PBC Practice based commissioning
PCS Primary care service
PFI Private finance initiative
PFT Partnership Foundations Trust
PHE Public Health England
Pract perform and development Practitioner performance and development
Prim care contracts Primary care contracts
SAAF Self-assessment assurance framework
SCB Safeguarding children’s board
SCG Specialist commissioning group
SCR Serious case review
Sec care contracts Secondary care contracts
SHA-DH Strategic health authority department of health
SIP Strategic information platform
SIP Strategic improvement programme
SSG Safeguarding steering group
TCS Transforming community services
WCC World class commissioning
WPs Working papers

11.2 Appendix B Glossary of terms

Term Explanation of term
Assembly A collection of records. May be a hybrid assembly meaning where electronic and paper records are contained in one folder.
Class Class is a subdivision of an electronic classification scheme by which the electronic file plan is organised for example, subject area. A class may either be sub-divided into one or more lower level classes. A class does not contain records. See folder.
Classification A systematic identification of business activities (and thereby records) into categories according to logically structured conventions, methods and procedural rules represented in a classification scheme.
Data quality Data quality refers to the procedures and processes in place to ensure that data is accurate, up-to-date, free from duplication (for example, where two or more different records exist for the same individual), and free from confusion (where different parts of a individuals records are held in different places, and possibly in different formats).
Declaration Declaration is the point at which the document (for example, record content) and specified metadata elements are frozen so that they cannot be edited by any user, thereby ensuring the integrity of the original data as a complete, reliable and authentic record. The declaration process formally passes the data into corporate control.
Disposition Manner in which a record is disposed of after a period of time. It is the final stage of record management in which a record is either destroyed or permanently retained.
Document The International Standards Organisation (ISO) standard 5127/1 states “Recorded information which can be treated as a unit in a documentation process regardless of its physical form and characteristics.”
Electronic document Information recorded in a manner that requires a computer or other electronic device to display, interpret, and process it. This includes documents (whether text, graphics, or spreadsheets) generated by a software and stored on magnetic media (disks) or optical media (CDs, DVDs), as well as electronic mail and documents transmitted in electronic data interchange (EDI). An electronic document can contain information as hypertext connected by hyperlinks.
Electronic record An electronic record is an electronic document which has been formally declared as a corporate record. A typical electronic record consists of both electronic content (one or more components) and metadata. While electronic documents can be edited and deleted, electronic records are held in a fixed state, with appropriate access and functional permissions applied.
Electronic records management system The International Standards Organisation (ISO) standard 5127/1 states “Recorded information which can be treated as a unit in a documentation process regardless of its physical form and characteristics.”
End users This group comprises those, at all levels of the organisation, who generate and use records in their daily activities. The end user group is the source of much of the material which constitutes the record. Since records systems tend to devolve control to end users at the time of record capture, sound advice and guidance to this group is critical for the maintenance of quality and accountability.
File plan The full set of classes, folders and records together make up a file plan. It is a full representation of an organisation, designed to support the conduct of the business, and meet records management needs.
Folder folder is a container for related records. Folders (segmented into parts) are the primary unit of management and may contain one or more records (or markers where applicable). Folders are allocated to a class.
Information asset owner (IAO) Is a senior member of staff who is the nominated owner for one or more identified information assets of the organisation. It is a core information governance requirement that all Information Assets are identified, and that the business importance of those assets is established.
Information asset administrator (IAA) Is usually an operational manager who is familiar with information risks in their business area. Their primary role is to support the IAO to fulfil their responsibilities and ensure that policies and procedures are followed, recognise actual or potential security incidents, consult with their IAO on incident management and ensure that information asset registers are accurate and up to date.
Information lifecycle management Information lifecycle management is the policies, processes, practices, services and tools used by an organisation to manage its information through every phase of its existence, from creation through to destruction. Record management policies and procedures form part of the Information Lifecycle Management, together with other processes, such as for example, a records inventory, secure storage, records audit and so on.
Metadata Metadata can be defined as data about data. Metadata is structured, encoded data that describes characteristics of a document or record to aid in the identification, discovery, assessment and management of documents and records. Examples of metadata: title, dates created, author, format, and so on.
Naming convention A naming convention is a collection of rules which are used to specify the name of a document, record or folder.
Place of deposit A place of deposit is a record office which has been approved by the National Archives for the deposit of public records in accordance with the Public Records Act 1958.
Protective marking Protective marking is a metadata field applied to an object to show the level of security assigned to the object. A protective marking is selected from a predefined set of possible values which indicate the level of access controls applicable to a folder, record etc. within the file plan hierarchy.
Document The International Standards Organisation (ISO) standard 5127/1 states “Recorded information which can be treated as a unit in a documentation process regardless of its physical form and characteristics.”

11.3 Appendix C Naming documents and records at RDaSH, naming convention

Naming documents and records appropriately is vital to ensure that they can be easily identified and retrieved by those who need them. It is essential that RDaSH take a unified approach when naming the documents and records that we hold, as this will aid in the successful management of our records. This applies regardless of the system you are using to store your documents and records (for example, in shared drives, etc.)

Good document titles will consist of the following three elements:

11.3.1 Element one, Date

The date should be in the format YYYYMMDD. If all records are dated in this manner, your records will be placed in date order wherever you save your records. The date element is essential for good records management as this will allow retention to be easily applied to the record.

11.3.2 Element two, File title or description

  • The file tile should be clear, succinct and descriptive.
  • Always make the name of the document or record descriptive of its content or purpose.
  • Do not use any ambiguous terms such as ‘miscellaneous notes’ or ‘general information’.
  • Do not name the file after the author, creator or owner
  • Staff should not use individual names in a file title unless the file is biographical in nature about that individual, for example, personnel records.

11.3.3 Element Three, Version number

To effectively control different versions of a document, and to enable us to tell one version of a document or record from another, it is necessary to have documented procedures, as follows:

  • Use whole numbers (for example, v1.0, v2.0, v3.0) to indicate finalised versions.
  • Use decimal numbers (for example, v0.1, v1.1, v1.2) to indicate that the version is a draft and not finalised yet.

Examples of well-named records would be:

  • 20191012 Information governance group minutes v1.0
  • 20190331 ICT quarter 4 finance report v2.0
  • 20180915 Legacy holding, progress report v1.4

11.3.4 Emails

All the advice and guidance that applies to naming documents and records applies equally to naming emails, however, there are specific elements that staff should be aware of:

  • when saving an email, you must change the title of the email if it does not accurately reflect the content
  • do not include ‘email’ as part of the title, as electronic document type extension will show what type of file it is
  • save all emails with their attachments
  • save all emails as Outlook email format (.msg)

11.3.5 Acronyms and abbreviations

Windows and office 365 restrict file paths to 255 characters and therefore abbreviations and acronyms may need to be used on occasion. Do not use obscure abbreviations or acronyms as they often become obsolete over a period of time and can often have more than one meaning. See appendix A for the glossary of acronyms available. If you use a new acronym, please contact the Information Governance Team to ensure it is added to the glossary of acronyms.

11.3.5 Naming conventions for folders

It is important use clear, logical and accurate titles for folders. The benefits of providing meaningful titles within the filing structure include:

  • the hierarchy of the structure is clearly identifiable by the titles of the folders
  • peer relationships between folders are clearly identifiable indicating a range of preferred locations for different types of record on a related activity
  • at the lowest level of folders (outlined in the box) it is clear what is expected to be captured into each folder

The following rules should be followed when naming folders, just as when naming documents and records:

  • the file tile should be clear, succinct and descriptive
  • always make the name of the document or record descriptive of its content or purpose
  • do not use any ambiguous terms such as ‘miscellaneous notes’ or ‘general information’
  • do not name the file after the author, creator or owner
  • staff should not use individual names in a file title unless the file is biographical in nature about that individual, for example, personnel records

11.4 Appendix D Protective marking scheme

11.4.1 Classification of NHS information, Marking guidance

This trust holds a wide range of information and has a responsibility to manage all information in its care such that risk is minimised; to ensure business continuity and to protect the rights of individuals.

The trust is a public body and as such, classification must follow that laid down by government. ALL information the trust collects, stores, processes, generates or shares to deliver services and conduct business has intrinsic value and requires an appropriate degree of protection.

Everyone who works within RDaSH (including staff, contractors and service providers) has a duty of confidentiality and a responsibility to safeguard any NHS information or data that they access, irrespective of whether it is marked or not.

Government security classifications (updated May 2018) have been implemented to assist you in deciding how to share and protect information. Three simplified levels of security classifications for information assets are now in effect. The new levels are;

  • Official: This is the default classification for all NHS documentation. Most organisations operate almost exclusively at this level. It is expected that normal security measures will be enforced through local processes and therefore provide sufficient levels of protection to information for example, staff should be sufficiently aware and understand that they have a responsibility for securely handling any information that is entrusted to them.
  • Official sensitive: Personal Information marked with this classification will be sensitive information relating to an identifiable individual (or group), where inappropriate access could have damaging consequences.
  • Official sensitive: Commercial Information marked with this classification will be commercial or market sensitive information that could have damaging consequences (for individuals or the trust) including reputational damage if it were lost, stolen, or inappropriately published.

This simplified procedure will make it easier and more efficient for information to be handled and protected and places greater emphasis on individuals taking personal responsibility for data they handle.

All information used by RDaSH is by definition ‘official’ It is unlikely RDaSH will work with ‘secret’ or ‘top secret’ information.

Things to remember about official information:

  1. Ordinarily official information does not need to be marked for non-confidential information.
  2. A limited subset of official information could have more damaging consequences if it were accessed by individuals by accident or on purpose, lost, stolen or published in the media. This subset of information should still be managed within the OFFICIAL classification tier but should have additional measures applied in the form of official sensitive.
  3. This marking is necessary for person-identifiable information and commercially sensitive information and is applicable to paper and electronic documents or records.
  4. In additional to the marking of official sensitive further detail is required regarding the content of the document or record, for example
    • Official sensitive: Commercial definition, Commercial information, including that subject to statutory or regulatory obligations, which may be damaging to NHS England and NHS Improvement or a commercial partner if improperly accessed.
    • Official sensitive: Personal definition, Personal information relating to an identifiable individual where inappropriate access could have damaging consequences.

Such documents or records should be marked with the caveat ‘official sensitive: commercial or sensitive’ in capitals at the top and bottom of the page.

In unusual circumstances official sensitive information may contain both personal and commercial data, in such cases the descriptor official sensitive will suffice.

11.4.2 A note on secret or top secret information

On the rare occasion RDASH may receive secret or top secret information, a higher classification level and marking such as ‘secret’ or ‘top secret’ must be applied. The information must be password protected if electronic or locked away if paper based. It is important to note that only staff who have a current security clearance through the national security vetting process should be allowed to access information that is marked as secret or top secret. Please contact the Corporate Records team for more information.

11.4.3 NHS confidential

It is worth noting that RDaSH may still receive information that does not have these updated markings applied. Consequently, any information received from an NHS organisation may be marked as NHS Confidential which should then be treated as official sensitive depending on its type.

11.4.4 How to handle and store official information

Everyone is responsible to handle official information with care by:

  • applying clear desk policy
  • information sharing with the right people
  • taking extra care when sharing information with external partners for example, send information to named recipients at known addresses
  • locking your screen before leaving the computer
  • using discretion when discussing information out of the office

11.4.5 How to handle and store official sensitive information

All offensive sensitive material including documents, media and other material should be physically secured to prevent unauthorised access. As a minimum, when not in use, official sensitive: personal or official sensitive: commercial material should be stored in a secure encrypted device such as a secure drive or encrypted data stick, lockable room, cabinets or drawers.

  • Always apply appropriate protection and comply with the handling rules
  • Official sensitive personal and official sensitive commercial information should be marked prominently with the relevant classification, using the header or footer of a document, record is good practice
  • There is no requirement to explicitly mark routine official information
  • The originator or creator is responsible for classifying the information
  • It is good practice to place the classification of the information within the subject line of an email if it includes official sensitive information
  • Remember that applying too high a classification can inhibit sharing and lead to unnecessary and potentially expensive protection costs
  • Remember that applying too low a classification may result in inappropriate controls and potentially put sensitive information at greater risk of compromise
  • Classification can change over time – information can be sensitive but when agreed can be officially published and become ‘official’ instead
  • You do not need to retrospectively classify information, only from the implementation of this guidance
  • Make sure documents are not overlooked when working remotely or in public areas, work digitally to minimise the risk of leaving papers on trains, etc
  • Only print sensitive information when absolutely necessary
  • Send sensitive information by the secure email route or use encrypted data transfers
  • Encrypt all sensitive information stored on removable media particularly where it is outside the organisation’s physical control
  • Store information securely when not in use and use a locked cabinet or drawer if paper is used
  • If faxing the information, make sure the recipient is expecting your fax and double check their fax number
  • Take extra care to be discreet when discussing sensitive issues by telephone, especially when in public areas and minimise sensitive details
  • Do not send to internet email addresses for example, Gmail, Hotmail, etc
  • Only in exceptional cases, where a business need if identified, should sensitive information be emailed over the internet, in an encrypted format, to the third parties. Contact the Corporate Records team for further advice
  • The use of pin code or induvial printing passes for secure printing is both widely available and preferable way to manage the printing process

Table 1, Descriptors that may be used with official sensitive: commercial OR official sensitive: personal Appointments

  • Definition, concerning actual or potential appointments not yet announced.
  • Marking, official sensitive, commercial. Barred

  • Definition, documents for consideration by an organisation’s board of directors, initially, in private (note, this category is not appropriate to a document that could be categorised in some other way.
  • Marking, official sensitive, commercial. Commercial

  • Definition, where disclosure would be likely to damage a (third party) commercial undertaking’s processes or affairs.
  •  Marking official sensitive: commercial. Contracts

  • Definition, concerning tenders under consideration and the terms of tenders accepted.
  • Marking, official sensitive: commercial. For publication

  • Definition, where it is planned that the information in the completed document will be published at a future (even if not yet determined) date.
  • Marking, official-sensitive: commercial. Management

  • Definition, concerning policy and planning affecting the interests of groups of staff (note, likely to be exempt only in respect of some health and safety issues).
  • Marking, official sensitive: commercial. Patient information

  • Definition, concerning identifiable information about patients.
  • Marking, official sensitive: commercial. Personal

  • Definition, concerning matters personal to the sender or recipient.
  • Marking, official sensitive: commercial. Policy

  • Definition, issues of approach or direction on which the organisation needs to take a decision (often information that will later be published).
  • Marking, official- sensitive: commercial. Proceedings

  • Definition, the information is (or may become) the subject of, or concerned in a legal action or investigation.
  • Marking, official sensitive: commercial. Staff

  • Definition, concerning identifiable information about staff.
  • Marking, official sensitive: commercial.

11.5 Appendix E Metadata standard for digitised records

Mandatory metadata fields (must be applied to all documents or records)

  • creator
  • date
  • subject
  • title
  • version number
  • security classification (official, official sensitive personal or official sensitive commercial)

Based on best practice guidance available in the e-government metadata standard which was produced by the cabinet office. This standard defines how UK public sector bodies should label documents to make information more easily managed, found and shared.

Document control

  • Version: 3.
  • Unique reference number: 583.
  • Approved by: Corporate assurance approval group.
  • Date approved: 05 December 2023.
  • Name of originator or author: Data protection officer or head of information governance.
  • Name of responsible individual: Director of health informatics.
  • Date Issued: 14 December 2023.
  • Review date: 31 December 2026.
  • Target audience: All staff.
  • Description of change: Amendments to terminology and links.

Page last reviewed: April 12, 2024
Next review due: April 12, 2025


Report a problem