Records management is the systematic control of an organisation's records, throughout their life cycle, in order to meet operational business needs, statutory and fiscal requirements, and community expectations. Effective management of information allows fast, accurate and reliable access to records, ensuring the timely destruction of redundant information and the identification and protection of vital and historically important records. Effective records management involves efficient and systematic control of the creation, storage, retrieval, maintenance, use and disposal of records, including processes for capturing and maintaining evidence.

Systematic management of records allows organisations to:

  • know what records they have, and locate them easily
  • increase efficiency and effectiveness
  • make savings in administration costs, both in staff time and storage
  • support decision making
  • be accountable
  • achieve business objectives and targets
  • provide continuity in the event of a disaster
  • meet legislative and regulatory requirements
  • protect the interests of employees, clients and stakeholders

The guiding principles of records management are to ensure that information is available when and where it is needed, in an organised and efficient manner, and in a well maintained environment.

The importance of good records management has been brought into sharp focus by the 2007 Historical Abuse Systemic Review of Residential Schools and Children’s Homes in Scotland by Tom Shaw (‘the Shaw Report’). The recommendations of the Shaw Report and the subsequent 2009 review by the Keeper of the Records of Scotland led to the Public Records (Scotland) Act 2011 (‘PRSA’) in March 2011.

The Act makes provision about the management of public records by named public authorities. Provisions include the preparation of a Records Management Plan (‘RMP’) setting out and evidencing proper arrangements for the management of the authority’s public records, and its submission for agreement by the Keeper. Each Board’s Health Records and Corporate Records Management Policies should provide further detail concerning standards for the management of records.

The PRSA defines a record as “Anything in which information is recorded in any form.” A record can be recorded in computerised or manual form or in a mixture of both.  Data can be held on a range of media, including text, sound, image, and/or paper.  Increasingly records are being kept on electronic and document management systems. Records may include such things as hand-written notes; emails and correspondence; radiographs and other imaging records; printouts from monitoring equipment; photographs; videos; and tape-recordings of telephone conversations. 


Public Records (Scotland) Act 2011 – Records Management Plan

Under the Public Records (Scotland) Act 2011 Scottish public authorities must produce and submit a records management plan setting out proper arrangements for the management of the organisations records to the Keeper of the Records of Scotland for his agreement under Section 1 of the Public Records (Scotland) Act 2011.

NHS Fife Records Management Plan (RMP) sets out the overarching framework for ensuring that NHS Fife records are managed and controlled effectively, and commensurate with the legal, operational and information needs of the organisation.  The RMP considers all 14 elements as advised in the Keeper’s Model RMP and supporting guidance material.  The 14 elements are:

  • Senior management responsibility
  • Records manager responsibility
  • Records management policy statement
  • Business classification
  • Retention schedules
  • Destruction arrangements
  • Archiving and transfer arrangements
  • Information security
  • Data protection
  • Business continuity and vital records
  • Audit trail
  • Competency framework for records management staff
  • Assessment and review
  • Shared information


The RMP defines NHS Fife Action Plan for improving the quality, availability and effective use of records in NHS Fife and provides a strategic framework for all records management activities. 


NHS Fife Records Management Plan is effective from 22nd July 2013. This Plan is to be continuously reviewed and updated.  Reports will be submitted quarterly to the Information Governance Group and annually to the Strategic Management Team.


Agreed by     

John Wilson
Chief Executive, NHS Fife
Date 22 July 2013



Records Management Plan



Summary of Evidence


Evidence 1.1

Letter from Chief Executive covering elements 1, 2 and 3

Evidence 2.1

Corporate Records Manager Job Description

Evidence 3.1

Management, Retention, Storage and Destruction of all Business and Administrative Information and Records. Policy GP/R4

Evidence 3.2

NHS Fife Health Records Management Policy GP/R9

Evidence 3.3

‘Dispatch’ 8 March 2013 relating to Policies

Evidence 4.1

Draft copy of Business Classification Scheme, currently under development

Evidence 4.2

Business Classification Scheme Awareness and Training Plan

Evidence 4.3 Example of the contract with private healthcare providers

Evidence 5.2

Health Records Retention and Destruction Policy GP/R8

Evidence 6.1

NHS Fife Waste Management Policy

Evidence 6.2

Contract with Confidential Waste Contractor - No longer available

Evidence 6.3

Contract with Contractor for electronic media destruction - No longer available

Evidence 6.4

Example of Certificate of Destruction by shredding

Evidence 6.5

Audit report and Certificate of hard drive destruction

Evidence 6.6

Standard operating procedure for culling of health records.

Evidence 6.7

Standard operating procedure for health records of deceased patients

Evidence 6.8

Email to all staff on remote deletion of local recycle bins

Evidence 6.9 Condemnation of I.T. Equipment Procedure
Evidence 6.10 Disposal of Confidential Waste Procedure - Paper Records

Evidence 7.1

Archiving arrangements with Fife Cultural Trust

Evidence 7.2

Receipt from Archivist

Evidence 7.3

Example from archive register

Evidence 7.4

Service Level Agreement with Fife Cultural Trust

(Evidence 7.5) when available

Service Level Agreement with Dundee City Council

Evidence 8.1

GP/I5 Information Security Policy

Evidence 8.2

GP/A4 Acceptable Use Policy

Evidence 8.3

GP/B2 Broadband Remote Access Policy

Evidence 8.4

GP/C10 Clear Desk Clear Screen Policy

Evidence 8.5

GP/D6 Data Encryption Policy

Evidence 8.6

GP/E6 Email Policy

Evidence 8.7

GP/E7 Non NHS Fife Equipment Policy

Evidence 8.8

GP/H2 Handheld Computers and Peripheral Devices Policy

Evidence 8.9

GP/H6 I.T. Equipment Home Working Policy

Evidence 8.10

GP/I3 Internet Policy

Evidence 8.11

GP/I4 IT Procurement Policy

Evidence 8.12

GP/L5 Laptop/Notebook Policy

Evidence 8.13

GP/M4 Media Handling Policy

Evidence 8.14

GP/M5 Mobile Devices Policy

Evidence 8.15

GP/P2 Password Policy

Evidence 8.16

GP/R10 Roles and Responsibility for Information Security

Evidence 8.17

GP/S8 Security Incident Management and Computer Misuse Policy

Evidence 8.18

GP/V2 Virus Protection and Management Policy

Evidence 8.19

ISO 27001 Certification

Evidence 8.20

Physical Keys and Access Control Cards Audit Checklist

Evidence 8.21

NHS Fife ISMS Internal Audit – Disaster Recovery Operational procedures - MAR2012

Evidence 8.22

Network Security Internal Audit Checklist

Evidence 9.1

NHS Fife Data Protection Policy

Evidence 9.2

NHS Fife Data Protection Registration Details

Evidence 9.3

Privacy Notice of NHS Fife

Evidence 9.4

Subject Access Flowchart

Evidence 9.5

Fairwarning Software

Evidence 10.1

Letter from Chief Executive regarding Business Continuity

Evidence 10.2

Corporate Services Continuity Plan (redacted) as an example of the template used in NHS Fife

Evidence 10.3

NHS FIFE Business Continuity Update Report

Evidence 10.4

Internal Audit Report (2012) reviewing compliance under the Civil Contingencies Act 2004

Evidence 10.5

Internal Audit Report follow-up (2013)

Evidence 11.1

NHS Fife Version Control and Naming Convention Guidance

Evidence 11.2

Case Note tracking screen shot

Evidence 11.3

‘Dispatch’ circulated reminding staff to track Health Records

Evidence 11.4

Track Case notes reminder

Evidence 12.1

NHS Fife Information Governance Framework

Evidence 12.2

Certificate of completion of IG training

Evidence 12.3

Certificate of completion of Safe Information Handling

Evidence 12.4

NHS Fife information leaflet A

Evidence 12.5

NHS Fife information leaflet B

Evidence 12.6

Records Management Training Competencies Framework

Evidence 13.1

Information Governance Group Agenda

Evidence 13.2

Information Governance Group Minutes

Evidence 13.3

PRSA Role and Remit

Evidence 13.4

PRSA Update March 2013

Evidence 13.5

Project Board Minutes 110113

Evidence 13.6 NHS Fife Internal Audit Service Report on Information Governance

Evidence 14.1

SASPI Guidance

Evidence 14.2

SASPI Template

Evidence 14.3

SASPI Agreement - No longer available

Evidence 14.4

Fife Data Sharing Group Role and Remit

Evidence 14.5

Agenda for Fife Data Sharing Group agenda

Evidence 14.6

Freedom of Information Statement



We have placed cookies on your computer to improve your experience here. If you do not want us to use cookies you can change your settings at any time.