General Note
NHS Fife acknowledges and agrees with the importance of regular and timely review of policy statements and aims to review policies within the timescales set out. New policies will be subject to a review date of no more than 1 year from the date of first issue.
Reviewed policies will have a review date set that is relevant to the content (advised by the author) but will be no longer than 3 years.
If a policy is past its review date then the content will remain extant until such time as the policy review is complete and the new version published, or if national policy or legislative changes are made
1. FUNCTION
1.1 The purpose of the policy is to ensure NHS Fife adheres to its statutory obligation under the Public Records (Scotland) Act 2011. Legislative requirements are set out to ensure the proper arrangements are in place for the lifecycle management of corporate records. Arrangements for management include retention, classification, storage, audit, destruction and archival of all corporate records and information.
1.2 NHS Fife is committed to implementing best practice record keeping standards and practices throughout the organisation to preserve the integrity of all corporate records, in all formats.
1.3 The term “corporate record” refers to all corporate, administrative and business information that has been created, received and maintained as evidence and an asset by an individual on behalf of the organisation or the organisation itself. Examples of corporate records include but are not limited to, workforce, estates and facilities, financial, communication, governance and complaint records.
1.4 The corporate records lifecycle describes the management of the six key stages of the records, throughout the viable lifetime within the organisation. The stages of the records lifecycle are creation or receipt of records, distribution and use, active storage, inactive storage and retention, destruction, and archival preservation.
1.5 Corporate records may present in both digital and paper formats. This includes but is not limited to:
1.5.1 Photographs, slides, medical imaging and other images (for business purposes).
1.5.2 Microfilm (i.e. fiche and film) and scanners.
1.5.3 Audio and video tapes, cassettes, CD-ROM etc.
1.5.4 Audio / Video / Meeting recordings.
1.5.5 Digital records – emails, word documents, spreadsheets, computer databases, output, and disks.
1.5.6 Paper records – paper receipts, invoices, diaries and letters.
1.5.7 Instant messaging / SMS
1.5.8 Social Media Posts
1.5.9 Website content (internet / intranet)
1.5.10 This policy will further cover the retention of human material, in the form of dental moulds and records associated.
1.6 The term records management describes the systematic control of an organisation records throughout their life cycle, to support operational business needs. The effective management of corporate information aims to enable the efficient, reliable and accurate access to information. The appropriate and timely destruction of records, in addition to identifying and protection of vital historical records, further supports the efficiency delivery of services.
1.7 Corporate Records Management forms part of NHS Fife’s governance and assurance function. It is identified as the professional discipline associated with managing and governing information, from record creation and throughout the records lifecycle to final disposal. Corporate Records Management within NHS Fife reviews and assess risks associated with what information is stored, where it is located, how information is classified and named (information identification), how long information required to be retained and the secure destruction of information in line with legislative requirements. The assessment and accountability of these actions is monitored in both digital and paper format, with requirements outlined and assessed with NHS Fife’s Data Privacy Impact Assessment (DPIA).
1.8 Corporate records are identified as vital assets for the organisation. They are a value resource due to the information contained within the record. The accurate and high quality of information within records underpins the delivery of evidence-based care, accountability and governance. Corporate records management within NHS Fife aims to support the below benefits:
• Support informed decision making, through accurate and accessible information (where there is a justified requirement for information).
• Support day to day business activities through efficient, accessible information (where there is a justified requirement for information), underpinning the delivery of corporate functions and delivery of patient care.
• Meet legal requirements, including patient and requests for information through legal provisions. This includes Freedom of Information (FOI) / Environmental Information Requests (EIR) and Data Subject Access Requests (DSAR).
• Support accountability and transparency in the management and provision of services.
• Enable archival functions, identifying and maintaining historic records for educational purposes and future research.
2. LOCATION
2.1 The policy applies to all departments and employees within NHS Fife, to clinical employees who compile, use or file corporate records in their work as well as non-clinical managerial, technical, administrative and secretarial employees who handle corporate records and business information.
2.2 All NHS Fife employees should not remove paper corporate records offsite, to personal home addresses, to work on. In the circumstance of records becoming lost or stolen at an employee’s home address or an external location to NHS Fife, the Lost and Stolen Records Procedure, GPD3 – A7 will apply.
2.3 This policy is offered as guidance to Independent General Practices (GPs), Dental, Pharmacy and Contractors.
2.4 It is acknowledged that the accountability for arrangements of individual contractors may differ from those of NHS Fife employees, and therefore this policy should be accepted as best practice and used in conjunction with requirements from their own professional body.
3. RESPONSIBILITY
3.1 The Chief Executive of NHS Fife has the overall independent executive responsibility for ensuring that appropriate corporate records management standards, systems and processes are in place throughout NHS Fife.
3.2 The Director of Digital and Information has executive responsibility for the development, implementation and monitoring of digital systems throughout the organisation and to ensure the functional requirements for records management are implemented as part of system deployment. This includes but is not limited to the system wide – Business Classification Scheme (BCS), digitisation and digitalisation of corporate records.
3.3 The Executive Leadership Team (ELT) members have executive responsibility for ensuring that appropriate systems and processes are in place throughout their areas of responsibility in line with the Policy.
3.4 The Senior Information Risk Officer (SIRO) has the responsibility for overseeing the identification, assessment and treatment of information risks within NHS Fife. Information risks include but are not limited to the information technologies, which include records and records management information systems. This strategic position requires a comprehensive understanding of the organisation’s records management objectives and compliance principles to inform decision making on records management risks, coupled with the ability to align risk management, with overarching organisational functions.
3.5 The Corporate Records Manager has the lead responsibility for the strategic development and maintenance of corporate records throughout their lifecycle, throughout the organisation. They have the responsibility for embedding records management into operational day to day practices to support the delivery of services, compliance and the efficient, safe, appropriate, timely retrieval and disposal of corporate records. This includes the implementation of NHS Fife’s Records Management Plan (RMP), and to ensure the daily activities, described in the fifteen elements within the RMP, have the appropriate operational training, resources, policies and procedures in place to support each element in compliance with the Public Records (Scotland) Act 2011. Responsibilities and duties include but are not limited to:
3.5.1 Provide strategic direction and provide advice on matters concerning records and lifecycle management.
3.5.2 Develop policies, guidance, and training at all stages of the records lifecycle – creation, use, maintenance, review and disposal.
3.5.3 Engage with Information Governance stakeholders to ensure full governance assurance.
3.5.4 Engage with Digital and Information and IT Operation colleagues, to ensure involvement in the development and implementation of new systems and or upgrades and migrations to existing ones.
3.5.5 Engage with colleagues within Estates and Facilities for management of physical records storage location.
3.6 The Corporate Records Management Team has the responsibility to support, train, advise and communicate to all NHS Fife employees in best records management practices and procedures.
4. OPERATIONAL SYSTEM
4.1 This policy contains eight Standard Operational Procedures (SOP) in line with the records management lifecycle. Each procedure sets out to establish clear processes and guidance to ensure compliance with NHS Fife RMP and with legislative requirements within the Public Record (Scotland) Act 2011. Additionally, SOP aim to ensure best standards and compliance for employees to securely store and retrieval corporate information (appropriate to role) in and effective and efficient manner. The efficient retrieval of information will aid employees to carry out tasks related to the daily duties of employment and remain complaint with additional legislative timeframes within the Freedom of Information (Scotland) Act 2002 and Data Subject Access Request Process.
4.1.1 Naming Conventions and Version Control
4.1.2 Corporate Record Retention Schedule
4.1.3 Destruction of Corporate Records
4.1.4 Transportation of Corporate Records
4.1.5 Storage of Corporate Records
4.1.6 Records Management Business Classification Schedule (BCS)
4.1.7 Digitisation of Corporate Records
4.1.8 Archival of Corporate Records
4.2 Effective and efficient management of corporate records management must be considered during the following circumstances: (with reference also to the Scottish Governance Note 008: Decommissioning of NHS Premises) (Appendix C)).
4.2.1 Closure of Service
4.3.2 Relocation of Sites
4.3.3 Demolition / Unexpected loss of Buildings
4.3.4 Fire and Flood
5. RISK MANAGEMENT
5.1 This policy is an integral part of NHS Fife’s system for managing risk as described in the NHS Fife Risk Management Strategy. Failure to comply with this policy could lead to non-compliance of the Public Records (Scotland) Act 2011, NHS Fife Records Management Plan, UK General Data Protection Regulation (UK GDPR) and Freedom of Information (Scotland) 2002.
5.2 The risk will be administered through the DATIX system.
5.3 Follow up will be through DATIX and will incorporate the identification of hazardous working practices.
5.4 This Public Records (Scotland) Act 2011 requires public authorities to address all risk. Within NHS Fife, this will be reviewed through the Information Governance Operational and Steering Groups.
6. RELATED DOCUMENTS
• GPR4 / A1 – Naming Conventions and Version Control
• GPR4 / A2 – Corporate Records Retention Schedule
• GPR4 / A3 – Destruction of Corporate Records Procedure
• GPR4 / A4 – Transportation of Corporate Records Procedure
• GPR4 / A5 – Storage of Corporate Records Procedure
• GPR4 / A6 – Records Management Business Classification Scheme
• GPR4 / A7 – Digitisation of Corporate Records Procedure
• GPR4 / A8 – Archival of Corporate Records Procedure
7. REFERENCES
• Public Records (Scotland) Act 2011.
• Records Management Code of Practice for Health and Social Care, 2024
• Freedom of Information (Scotland) Act 2002.
• UK General Data Protection Regulation (UK GDPR).
• Scottish Executive Health Department circular HDL (2006) 28 (The Management, Retention and Disposal of Administrative Records)