Part of A guide to confidentiality in health and social care: references
Section 6: Record-keeping best practice
Record-keeping best practice is outlined in Annex A of the DH publication Confidentiality: NHS Code of Practice 21. It is covered more generally in the DH publication Records Management: NHS Code of Practice: Part 1 22
Clinical and corporate information assurance requirements are set out in the Information Governance Toolkit.
Data retention standards
All records should be kept in line with health and social care system record retention requirements. Guidance on record retention is provided in the DH publication ‘Records Management: NHS Code of Practice: Part 2.
All patient records held by provider organisations should be kept in line with health and social care system record retention requirements. There are two ways this could be done
- The provider holding the records could be funded to deliver this retention and security of the records as part of their commissioning contract. If the provider is providing care services they will need to retain the data for a period for their own financial probity and clinical or care governance. If the provider is purely a data processor then they should not need to
- Another part of the health and social care system, for example the Health and Social Care Information Centre, could be commissioned to provide a ‘safe vault’ for this data which can only be accessed when there is anonymisation at source, or when there is complaint, legal challenge or criminal investigation. retain the data beyond the contracted period.
Last edited: 29 November 2023 1:45 pm