Introduction
The purpose of this document is to provide NHS East Midlands employees with clear procedures for the creation, filing and tracking/tracing of electronic and paper corporate records to enable efficient retrieval and effective records management.
Scope
For the purpose of this procedure “records” refer to:
-
Corporate and administrative records including personnel, estates, financial and accounting and complaints
-
Reports and independent enquiries
-
Policies and procedures
-
Public involvement and consultation
-
Regular publications and information for the public
-
Communications with the press and media releases
It relates to records held in any format, both paper and electronic including e mails. It does not relate to medical records or patient case notes.
Paper Records v Electronic Records
It is recognised that the majority of corporate documents and records held within the NHS East Midlands will be in electronic format. It makes sense not to use up valuable accommodation storing vast amounts of paper.
Where documents are filed in both electronic and paper format the filing and naming conventions must mirror each other. The procedure described for this process therefore refers to both paper and electronic records.
Shared Drive
Currently East Midlands NHS utilises a Shared Drive in order to store the majority of its electronic records. Each Directorate has a specific area on this drive where they can store corporate documents.
When utilising this facility consideration for the content of the document must be considered, in the event that access to the document is to be limited then the document creator must ensure that the record is located in a restricted area on the shared drive.
It is prohibited for any employee to store any NHS East Midlands corporate records on local drives. For the purposes of this procedure a local drive is the physical hard drive (C: Drive).
Filing Structure
Filing structures must be logical to enable the quick and efficient filing and retrieval of records when required and enable implementation of authorised disposal arrangements i.e. archiving, migration to another format or destruction.
Requests for the creation of departmental folders and security permissions to be set up and modified must come from a senior manager within the Directorate (this includes the Directorate Business Manager).
For advice on where departments should sit within a structure, or retention periods for various types of documents, please contact the Information Governance Workstream Lead. Users with any technical problems or queries should contact the Derbyshire Health Informatics Services Customer Service Team on 01332 868900 or dhis.cst@derwentsharedservices.nhs.uk.
Referencing & Naming Conventions
Where a referencing system is used it should be easily understood by staff that create and access electronic or paper documents and records. A simple guide is to think how quickly a new member of staff or a temp could be trained to use the filing system. An alphanumeric system must be used, starting with a keyword or letters for a business activity, for example HR for Human Resources followed by a unique number for each document or record created by the HR function.
The naming convention gives a unique name to each record. It should closely reflect the record’s content, express elements of the name in a structured and predictable order and locate the most specific information at the beginning of the name and the most general at the end.
At folder level, folder titles must be subject based and where applicable reflect the titles used in corresponding paper filing systems. Standard names and terms must be used consistently within the NHS East Midlands and at departmental level. This will enable effective sharing and the efficient retrieval and review of documents. For example: Minutes, Agendas, Reports, Letters received, Letters sent, E mails received, E mails sent, Policies, Procedures, Guidelines etc.
Use of non-specific general titles such as “Correspondence” or “Miscellaneous” must be avoided. Where a date is required in the title, show this first in YYMMDD format so that documents are listed chronologically.
Whilst file and folder names should be descriptive, please keep them as short as possible, e.g. use 1 to 4 words maximum when naming folders.
Document Version Control
Some high level corporate documents such as policies and procedures undergo a consultation process and numerous drafts prior to them being approved. It is therefore necessary that these documents include a Record Reference Sheet, containing metadata describing at what stage they are within this process and which version the document refers to (Appendix 1).
The document title must contain within it an indication of which version this document is, starting with V0.00. At each redrafting it should be altered to V0.01, V0.02 and so on until it has gone through to the final approval stage at which point it becomes a formal NHS East Midlands record. When a document receives final approval the document version control must be changed to V1.0 to reflect its approved status. All addition minor amendments must be altered to V0.01, V0.02 and so on.
When the record is next reviewed, for example after a year has elapsed or a major change is required the document version must be renamed V2.00 and then changed to V2.01 and V2.02 and so on, as this version goes through the draft approval process.
Tracking & Tracing
It is the responsibility of each department to ensure that the movement and location of paper records can be controlled. Therefore a robust tracking and tracing system should be in place.
Filing & Storage of Paper Records
Paper records and files must be grouped in a logical structure to enable the quick and efficient filing and retrieval of information when required and enable implementation of authorised disposal arrangements, i.e. archiving or destruction.
Suitable storage areas must be used to ensure records remain accessible and usable throughout their life cycle. Access must be controlled through a variety of security measures e.g. authorised access to storage and filing areas, lockable storage areas. However access should not be allocated to just one individual member of staff within the NHS East Midlands as this would cause problems during periods of absence.
Records containing personal data should be stored in line with the NHS East Midlands IM&T Security and Access Control Policy.
Retention & Destruction
It is good practice for departments to review on a regular basis the information which is held in their individual file directories or filing systems. Files should be retained in line with the minimum retention periods as specified in the NHS East Midlands Information Lifecycle Management Protocol.
Protective Markings
In order to maintain record consistency a document that is going through its draft stages it must be protected and any changes made must be tracked. This can be undertaken in MS Word by using the following:-
-
Click on the Tools menu and select Protect Document
-
To let the reviewers change the document by inserting comments and tracked changes click Tracked changes
-
To let reviewers only insert comments, click Comments
-
To let only authorised reviewers unprotect the document type in a password in the Password box.
NB. If you protect a document with a password, you must remember it or keep it in a safe confidential place as the Derbyshire Health Informatics Services, Customer Service Team cannot recover documents protected by a password.
You can also protect your documents by marking them as Read Only:
-
On the Tools menu click Options.
-
Select the Security tab.
-
Tick the Read only recommended check box and then click OK.
-
Click Save.
Where appropriate, paper records should be marked CONFIDENTIAL or, SENSITIVE. (NHS Connecting for Health is currently developing an NHS protective marking classification scheme).
E-Mails
Emails which fall within the definition specified in the Scope of this procedure should be viewed as corporate records in exactly the same way as any other documents.
Personal Documents
It is recognised that staff will occasionally use their work computers for their own personal use, which is for material not related to the business of the NHS East Midlands.
Such material must not be stored on the shared file server, but on the hard drive of the individual’s PC. It should be understood therefore that this information is not secured and it is the responsibility of the individual member of staff to organise back up facilities if this is required.
Review & Audit
This guidance will be reviewed every two years by the Information Governance Steering Group.
A programme of regular spot checks to monitor compliance will be carried out as part of an information governance assurance programme by the Information Governance Workstream Lead.
