Page 1 of 15
PROCEDURE FOR THE MANAGEMENT OF ELECTRONIC RECORDS.
Responsible Directorate:
Performance and Information
Date Approved
11th October 2007
Committee
Governance Committee
Signature of Accountable Director Print Name
Peter Flynn
Page 2 of 15
Version Control. Document Title
Procedure for the Management of Electronic Records
Corporate Document number
TBC.
Author
Eve Scott, Ian Wightman, Peter Flynn
Contributors Version
V1
Date of Production
October 2007
Review date
3 years after ratification or earlier if there are changes in the law.
Postholder responsible for revision
Assistant Director of Performance and Information.
Primary Circulation List
All PCT Staff.
Web address
Policies and Procedures / Information Governance.
Restrictions
None.
Page 3 of 15
Contents. 1. 2. 3.
4. 5. 6.
7.
8. 9.
10. 11. 12. 13.
Introduction Scope Roles and Responsibilities 3.1 The Director of Performance and Information. 3.2 THIS Service 3.3 Assistant Director of IT Duty of Confidentiality. Creation of electronic records. Use of electronic records. 6.1 Back-up of electronic records. 6.2 Retrieval of electronic documents, including emails. Amendments to records. 7.1 SystmOne 7.2 TPP 7.3 Corporate Records. Retention of electronic records once no longer ‘live’ Evidential Value of Scanned Documents. 9.1 What to Scan. 9.2 Records Which Should Not Be Destroyed Audit of Clinical Record Keeping. Implementation of this procedure. Training of staff. Monitoring of the effective implementation of this procedure.
Appendices Appendix A Appendix B
Guidance on the use of portable electronic devices Process to ensure the clinical effectiveness of SystmOne clinical templates.
4 4 4 4 4 5 5 5 5 5 6 6 6 6 6 6 7 7 7 7 7 7 7
9 13
Page 4 of 15
1.
Introduction.
The PCT’s Records Management Policy (Section 5) defines a record as “anything that contains information, in any media, eg paper, audio or video tape, computer database notes, which have been created or gathered as a result of any aspect of the work of NHS employees”. Hence, electronic documents that contain information that supports a decision making process of any description, undertaken by any of the Directorates, must be managed to exactly the same standards expected of paper records. Examples include patient records and outcomes of clinical tests, staff records, meeting papers, reports of any description, tender documents and evaluation reports, electronic ledgers, but it should be noted that this list is not exhaustive. This procedure sets out the actions that must be undertaken in order to ensure that all electronic records: 1. are authentic and have been protected from unauthorised alteration 2. can be relied upon to have evidential value should there be a need to rely on them following an incident, complaint or litigation 3. Are appropriately created, appraised, retained & disposed of 4. are protected from unauthorised erasure. 5. Have adequate audit trails to track their use and location. 6. Are audited for the quality of their content on a specified regularity 7. Identify which records are suitable for permanent preservation 2. Scope. This procedure is applicable to all records, clinical and non-clinical created, used or archived by the PCT. It must be followed by all employees or individuals contracted to the PCT and is offered as good practice to the independent contractors of the PCT. 3.
Roles and Responsibilities
Section 6 of the Records Management Policy outlines the responsibilities of the following people with regard to Records Management in general • The Chief Executive • The Director of Corporate Services • The Caldicott Guardian (The Director of Patient Care and Professions) In addition, the following people have specific responsibility with regards to the electronic record: 3.1 The Director of Performance and Information. The Director of Performance and Information has specific responsibility with regards to the business continuity of the Information Technology infrastructure in general and therefore also for the continuity of any electronic records that the PCT maintains or holds in archive. 3.2
THIS Service.
Page 5 of 15
The PCT has a SLA in place with the Health Informatics Service which describes the level of service and the expected to be requirements undertaken by the Health informatics service in supporting the business continuity of the Information Technology infrastructure and for the continuity of any electronic records that the PCT maintains or holds in archive 3.3 Assistant Director of IT The Assistant Director of IT has the responsibility to monitor, evaluate the SLA with the HIS and recommend appropriate actions to ensure the expected requirements are met and maintained. 4.
Duty of Confidentiality.
Section 8 of the Records Management Policy and the PCTâ&#x20AC;&#x2122;s Code of Conduct on Confidentiality in its entirety, sets out the duty of confidentiality with regards to personal information. Records must be stored on shared drive or private drive and must not routinely be stored on the hard drive of a desk top or laptop computer. There is guidance on the PCTâ&#x20AC;&#x2122;s website at << insert address>>regarding the use of portable electronic devices. This has been reproduced at Appendix A of this procedure. It is acceptable for more than one person to have access to a shared or private drive in order to have access to, and work on, shared documents. It is NOT acceptable to share your password with someone else to allow them access to the IT system under your name. Equally, you must not share your smart cards with anyone else or tell anyone else your pin number. You must always lock off your computer should you leave your desk using the ctrl-alt-del function. 5.
Creation of electronic records.
All templates to be added to existing records or which will form the base for new records, must: 1. be tested for clinical effectiveness, if a clinical record, using the process outlined in Appendix B. 2. be presented to the Records Management Group for approval, following consultation with the appropriate individual specialists and appropriate groups. 6.
Use of electronic records. 6.1
Back-up of electronic records.
All electronic records stored on shared or private drive are routinely backed-up by the THIS service.
Page 6 of 15
The Director of Performance and Information is currently liaising with the THIS service in order to ensure that their back-up process is robust. 6.2
Retrieval of electronic documents, including emails.
You should keep a copy of any email that fits the definition of a record given in Section 1. In order to complete this action satisfactory the employee should have a suitable process in place to manage their email inbox in order not to overload the organisational and personal mailbox size. Appropriate training and advice is available through the HIS training department. However, you are not expected to keep a copy of routine emails, eg those accepting / declining meetings etc. The Director of Performance is currently liaising with the THIS service to ensure that these can be retrieved should there be a need to do so at some point in the future. 7.
Amendments to records. Any amendments made retrospectively to a record must clearly indicate that the additional entry was made as an addition to the earlier record. At no point should an attempt be made to alter or delete the earlier record. The following systems are in place to prevent retrospective alteration of a record and there are audit trails that will highlight when an attempt has been made to alter the record. 7.1 SystmOne SystmOne has a built in system that highlights any attempts at alteration of a record & issues a warning should such an attempt be made. 7.2 TPP Access to the TPP system is via SMART cards. 7.3 Corporate Records. The Kirklees shared drive has been set up with different levels of authority. Directors should ensure that definitive documents eg policies, procedures, minutes of meetings are protected by limiting the readwrite access to those documents to named individuals.
8.
Retention of electronic records once no longer ‘live’ All electronic records must be retained in accordance with the retention and destruction schedule contained within “Records Management: NHS Code of Conduct 2006”.
Page 7 of 15
The Director of Performance and Information is currently in negotiations with the THIS service to ensure that this destruction of a record occurs in line with this Code of Conduct. 9.
Evidential Value of Scanned Documents. Before a decision is made to scan a record type into an electronic medium and destroy the original, consideration must be made regarding: 1. The cost of scanning compared with the cost of retaining the records in original format eg reduced storage requirements and business efficiency. 2. Whether the records are of any archival value and there needs to be consultation prior to destruction. 3. Format of preservation: scanned records must be retrievable should there be an improvement in information technology. Microfiche should not be used in case there is a need to provide good quality copies in defence of a complaint or a claim. 4. The need to protect the evidential value of the record. 9.1 What to Scan. The whole file records should be scanned (unless it is simply not possible to do so) because there is risk where information is stored in two different places / media. 9.2 Records Which Should Not Be Destroyed If there is an ongoing complaint, FOIA request, Data Protection Act request or legal claim anticipated the original documents should not be destroyed. Similarly if a claim is ongoing the original records should be retained and indeed there is usually a standard direction from a Court at the first Case Management Hearing to that effect.
10.
Audit of Clinical Record Keeping. Section 13 of the Records Management Policy stipulates that all services will be responsible for carrying out a yearly record keeping audit. The current version of SystmOne, the electronic clinical record used by Kirklees PCT does not currently have the facility for mandatory fields, hence the audit of the electronic record must focus on • Attributability • Timeliness of entries • Content of the information on which decisions have been made regarding the care of patients • Whether the record is being stored in accordance with the retention and destruction schedule.
Page 8 of 15
The results of the audit will be fed back to line managers who are then responsible for ensuring that all action points are implemented in order to improve and maintain performance. It is also the responsibility of the line manager to ensure that their teamâ&#x20AC;&#x2122;s records are audited on an annual basis. 11.
Implementation of this procedure. This procedure will be cascaded via the October 2007 Kirklees PCT team brief, with a briefing paragraph and a requirement that line managers implement it within their sphere of responsibility. It will be uploaded onto the PCT website into Policies and Procedures / Information Governance at the following address <<insert address>>.
12.
Training of staff. Records management training forms a part of the PCTâ&#x20AC;&#x2122;s induction day and there is also a half dayâ&#x20AC;&#x2122;s Information Governance and Records Management training that is mandatory for all staff. This procedure will form part of these two sessions, with the aim that all PCT staff will have an understanding of the content of this procedure.
13.
Monitoring of the effective implementation of this procedure. The effectiveness of the implementation of this procedure will be monitored using the following performance indicators. 1. No incidents regarding the inappropriate alteration of an electronic record or a breach of confidentiality of personal information 2. All electronic templates are approved by the Records Management Group prior to their implementation 3. The annual audit of records does not highlight any issues of concern.
Page 9 of 15
Appendix A: Guidance on the use of portable electronic devices
IM&T Confidentiality Team What you need to know bulletin
August 2007 Part 1 of 2: Secure use of Portable Computers
The use of portable computer devices can help staff in the performance of their duties, and is becoming more widespread. This guidance aims to support staff who use portable computer devices by ensuring they are aware of information security and confidentiality issues. Physical Security Portable computer equipment is highly desirable to thieves, and to protect both the equipment itself, and any data stored upon it, it is essential that it is stored securely when not in use. Equipment should ALWAYS be locked in desk drawers or filing cabinets when not in use, and if the equipment is to be taken “off site” e.g. taken home, or to another workplace, all necessary measures must be taken to ensure that it is not vulnerable to theft, loss or damage. If the equipment is taken home, then it should NOT be left in vehicles overnight, or for prolonged periods. When in use within domestic environments, care should be taken to avoid strong magnets (e.g. stereo equipment, speakers, etc), as this can cause damage to the hard disk inside the equipment. Additionally, users of such equipment should keep a note of the Make, Model, Serial Number, and Asset Tag ID to aid in the recovery of the equipment if it is lost or stolen. Access security Those staff using portable computer equipment should ensure that any “smartcards”, or “secure access tokens” which facilitate remote connectivity are kept separately, along with any PIN codes or passwords. DO NOT keep smartcards, tokens or notes of passwords etc, along with the equipment.
Page 10 of 15
Ensure that any equipment taken off site is not used by other persons not specifically authorised to use that equipment e.g. members of the family/household. Users must NEVER use such equipment to connect to the Internet via unapproved connections. E.g. domestic Internet connections, Internet cafes, wireless hotspots, etc. Any additional hardware or software must only be installed by servicedesk staff. Staff must not install their own hardware or software e.g. MP3 music players, digital cameras, mobile telephones etc. In order to ensure that the most up to date patches and antivirus definition files are in place, it is recommended that the equipment be connected to the Trust’s network at least once per week whenever possible.
Data Security Wherever possible, always use appropriate network storage to store files e.g. P drive, S drive, Y drive etc. Take care not to save “Patient or Person Identifiable Information” to the hard disk unless absolutely necessary (e.g. “my documents” or the c: drive). If the equipment is stolen, then the information stored upon it may fall into the wrong hands. This can result in expensive litigation against your organisation. If it is absolutely necessary to store such information on the hard disk, then additional security measures should be considered – e.g. password protection on sensitive documents. Such files should be removed or deleted as soon as it is practical to do so. Reporting in case of loss, theft, damage, etc. If any equipment becomes damaged, lost or stolen, the user must report the details of the incident to their local Risk Management department as soon as possible. The user may be required to answer some questions about the incident, equipment, and any data stored on that equipment.
Part 2 of 2:Security of removable media: floppy disks, USB, CDROM, etc
Page 11 of 15
The PCT acknowledges that the use of removable data storage media can help staff in the performance of their duties. The use of USB data sticks, Floppy disks, CD/DVD ROM, Secure Digital (SD) cards usually found in digital cameras, Personal Digital Assistants (PDAâ&#x20AC;&#x2122;s), MP3 players (Ipodâ&#x20AC;&#x2122;s), etc is becoming more widespread. The use of such devices may present an increased risk of breaches in Information security, as these devices may easily be lost, stolen or misplaced. This guidance aims to support staff using such devices to store information, by ensuring they are aware of the associated information security and confidentiality issues. Data Security Patient or Person Identifiable Information should NOT be stored upon such media without express permission from a senior manager. If it is absolutely necessary to store such data upon this type of removable media, additional security measures (e.g. password protection at the very least) should be considered. Staff must further ensure that back up copies of all data files stored on the removable storage device e.g. memory stick, are kept. The file(s) on the removable storage device should never be the only copy! Any Patient or Person Identifiable Information should be deleted or removed from such media as soon as is practical. Access security Whenever Patient, Personal, or otherwise sensitive data is to be stored on such devices, additional security considerations should be considered. If the device itself supports the use of password or PIN code protection (PDAâ&#x20AC;&#x2122;s usually allow this, but not all data sticks do), such functionality should be fully utilised. If such facilities are unavailable, sensitive files and documents should be assigned passwords prior to saving on the device. If you require advice and assistance in protecting documents with passwords, contact the Service desk on 01422 222600. Removable media such as USB data sticks are small and can easily be lost or misplaced. If it is possible to do so, it would be a good idea to mark the device with a brief message stating that the device is the property of the organization who supplied the device, and a contact number in case the device is found after being misplaced. Reporting in case of loss, theft, damage, etc. If any equipment becomes damaged, lost or stolen, the user must report the details of the incident to their local Risk Management department as soon as possible. The user may be required to answer some questions about the incident, equipment, and any data stored on that equipment.
Page 12 of 15
If you have any questions regarding any of the issues covered in this document please contact the Confidentiality and IM&T Security Service helpdesk for advice: Steve Rose on 01924 327236 or email Stephen.rose@this.nhs.uk Caroline Squires on 01924 327096 or email caroline.squires@this.nhs.uk Steve Shaw on 01484 466042 or email steve.shaw@this.nhs.uk Caroline Wray on 01484 466137 or email caroline.wray@this.nhs.uk
Page 13 of 15
Appendix B
Process to ensure the clinical effectiveness of SystmOne clinical templates.
This document sets out the process for developing a local template for use with National Programme for IT systems. Template definition workshop When the need for a template has been identified, an appropriate group must sponsor this. A lead, preferably a clinician, should also be identified. The output from the template definition workshop will be a template definition setting out the target users, purpose of the template and source material e.g. A dataset, e.g. CHD NSF dataset, NICE guidelines, City-wide clinical protocols. It will also set out reporting and audit requirements. Attendance at the template definition workshop must include clinicians and information specialists. Detailed Content Informatics staff will develop a first draft of the detailed content, in conjunction with the lead clinician(s). This will typically be developed based on: 1. The datasets/protocols provided by the sponsoring group (e.g. NSF datasets, NICE guidelines, etc.) 2. Any existing templates within Connecting for Health systems, North Kirklees 3. Locally agreed data standards, e.g. ethnicity, smoking. 4. Local Delivery plan targets, statutory/reference cost returns, clinical audits 5. Local reporting requirement for service managers and commissioners. Consultation/feedback TO DETAIL BEST PRACTICE FOR KIRKLEES PCT RE CONSULTATION: Below is the way this is done in Sheffield. The draft, setting out the proposed content, will be posted on the PRIMIS discussion board on the Sheffield intranet and an email set alerting staff to the new template. The email will go to: Directors of Public Health, Clinical audit/effectiveness leads, Prescribing leads, Information and performance leads, clinicians and individuals who have nominated/requested to be included in the consultation process. The consultation will have a specific closing date. Design review All comments received will be compiled and discussed at a design review. This will typically involve the same staff as for the template definition workshop. Develop template The templates will then be produced. Test/pilot The template will then be tested. This might take a number of forms such as a walk through with clinicians, in particular to check the order and flow of the questions, through clinicians working through the template in a test/demo system, through clinician testing the concept via a paper equivalent, etc. Final design review The final design review will include detailed audits of the content, including coding to ensure it complies, where appropriate, with the standards set out in the template definition.
Page 14 of 15
The output from the final review should be a signed-off clinical safety compliance certificate. Deploy Once the template has been signed-off it can be deployed into the live environment. Help sheets will be produced (if required) to support the template. Post implementation Review Evaluation forms will be provided to staff using the templates and a review date set (typically 6 months after launch). Any requests to change the data items will need to be ratified by the sponsoring group.
Page 15 of 15
Requirements
Template definition workshop
Template definitio Content
Detailed Content
Consultation / Feedback
Design Review
Develop Template Design
Feedback forms
Test/ Pilot
Content changes
No content changes
Final design review
Clinical safety compliance
Deploy
Deploy
Post implementation Review