Digital & Information
Assistant Head of Health Records
Head of Health Records
Director of Clinical Delivery
01 April 2014
31 January 2016
01 April 2017

NHS Fife acknowledges and agrees with the importance of regular and timely review of procedures and aims to review procedures within the timescales set out.  New procedures will be subject to a review date of no more than 1 year from the date of first issue. 


To ensure all staff who transport Health Records do so in a manner that does not compromise confidentiality. All NHS staff are responsible for upholding confidentiality and preventing accidental disclosure of personal and sensitive data.

To comply with the Data Protection Act 1998, Human Rights Act 1998 and Caldicott Principles, it is necessary to ensure that data which can be linked to an individual (either patient, staff or visitor) which is sensitive or confidential in nature or business sensitive, is transported in a secure manner. The transportation and packaging method will be determined according to the means by which the data or record is to be transferred.


This procedure applies to all staff, contractors and volunteers working within NHS Fife.


All staff who transport Health Records either themselves or via internal mail must follow this procedure.


4.1 All case notes must be electronically tracked when they are being transported to a new location

Internal mail / transportation - data and records being physically transported by NHS staff or approved contractors within NHS board boundary:

4.2   It is imperative that any data or records containing person identifiable or confidential business information are transported internally using internal     
        mail or in person.
4.3   On no occasion should transit envelopes be used for the transportation of person identifiable information or confidential business information. An    
        exception is made for Lab data using specially designed envelopes.
4.4   On no occasion should notes be given to a patient to take to another site.
4.5   Transportation methods for patient identifiable information are:

•   Single record envopak carriers with seals
•   Multiple record envopak carriers with seals
•   Pneumatic tube carriers
•   Brown paper envelopes
•   Non tear able textured envelopes
•   Purpose designed plastic boxes with seals
•   Lockable pilot bags

4.6   The recipient’s name and delivery address must be written in full, legible and visible.
4.7   Privacy Markings should always be used on envelopes and packages, containing person identifiable information. These include:

•   Private and confidential
•   Medical in confidence
•   Confidential-clinical information
•   Staff/Medical in confidence

4.8    Wrappings / envelopes must be marked with the return address.
4.9    Bundles of health records must be securely wrapped and packaged in a manner which prevents patient details being visible.
4.10  Bulk data and records must be transferred using appropriate covered trolleys or cages and never be deposited or left unattended in areas that are
         not secure e.g. entrances, corridors, stairways or in vehicles where the package is visible or the vehicle unlocked.
4.11  Where single notes are being carried in person to a clinic or another department, for example, these must be placed in an envelope taking care to
         ensure that the patient identification label is not visible.

4.12 When records are being sent externally, either by Royal Mail, Taxi, or Courier, they should be double wrapped (best practice is to use non tearable
        envelopes or packaging) Both layers of packaging should be addressed to the named recipient or department; the inner layer should bear the appropriate privacy marking. Both layers should have a return address.

Transportation out with NHS Fife boundary

4.13 Where possible photocopies should be considered as an alternative to sending the original documents when sending out with the health board.
4.14 Records sent out with NHS Fife boundary must be double enveloped.
4.15 Records sent out with NHS Fife boundary must be sent by Royal Mail Special
delivery. This guarantees that the package can be tracked at every stage of its
journey and is signed for at its destination.

4.16 Case notes can also be sent by the following means:

•   Hospital Car
•   Approved Taxi company
•   Approved Courier company

Transportation in vehicles

4.17 If staff require to take records, files, notes or other correspondence containing person identifiable information outside their base in order to perform
        their duties this should be subject to a risk assessment and approval by the appropriate line manager ensuring adherence to Data protection,
        Caldicott, NHS Scotland and local board policies.
4.18 During working hours any records, files, notes or other correspondence containing person identifiable information must be locked in a van or car boot.
4.19 Where vehicles are used and parked on NHS premises overnight the vehicle must be emptied of all data and records to secure storage at the end of
        each day.
4.20 Where private vehicles are used when visiting a patient only the relevant paperwork should be removed from the vehicle. All other paperwork should 
        remain locked in the boot or van.


By following this procedure, staff will reduce the risk of unintentional disclosure of confidential information.
Confidentiality and InformationGovernance is included as a topic in Corporate Induction, In House Core Training, Information Governance Workshops and Consultant’s Mandatory Training Sessions.
Risk identified as a result of the implementation of this procedure must be assessed and managed in accordance with the NHS Fife Risk Assessment (GP/2) and Risk Register (GP/R1) policies


Incident Reporting Forms IR1 and Incident Management Policy (GP/I2)


Legislation, Codes of Practice etc.
Data Protection Act. (1998)
Human Rights Act (1998)
Access to Health Records Act (1990)
Freedom of Information (Scotland) Act 2005
NHS Code of Practice on Protecting Patient Confidentiality
Caldicott Report (1997)
General Medical Council Code of Practice
Nursing & Midwifery Council Code of Practice
Other Codes of Practice relevant to Professional Standards

NHS Fife Policies, Manuals and Procedures
NHS Fife Data Protection Policy (GP/D3)
NHS Fife Incident Management Policy (GP/I2)
NHS Fife Risk Register & Risk Assessment Policy (GP/R7)
NHS Fife Risk Register & Risk Assessment Policy(GP/R7)