Records Management Code of Practice 2021
Published 4 August 2021
The Records Management Code of Practice for Health and Social Care 2021 (from this point onwards referred to as the Code) is a guide for you to use in relation to the practice of managing records. It is relevant to organisations working within, or under contract to, the NHS in England. The Code also applies to adult social care and public health functions commissioned or delivered by local authorities.
The Code provides a framework for consistent and effective records management based on established standards. It includes guidelines on topics such as legal, professional, organisational and individual responsibilities when managing records. It also advises on how to design and implement a records management system including advice on organising, storing, retaining and deleting records. It applies to all records regardless of the media they are held on. Wherever possible organisations should be moving away from paper towards digital records.
The Code is accompanied by a number of important appendices:
- Appendix I refers to information on public inquiries
- Appendix II is a retention schedule for different types of records
- Appendix III is detailed advice on managing different types and formats of records such as integrated care records and staff records.
All organisations and managers need to enable staff to conform to the standards in this Code. This includes identifying organisational changes or other requirements needed to meet the standards, for example, the people, money and correct tools required. Information governance performance assessments, such as the Data Security and Protection Toolkit hosted by NHS Digital, and your own organisation management arrangements will help you identify any necessary changes to your current records management practices. Those who have responsibilities for monitoring overall performance, like NHS England and NHS Improvement and the Care Quality Commission (CQC), help ensure effective management systems are in place. An example is by inspecting sites as part of their key lines of enquiry and statutory powers.
The guidelines in this Code draw on published guidance from The National Archives and best practice in the public and private sectors. It is informed by lessons learnt and it will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry relating to records management and transparency.
This Code must also be read in conjunction with the following:
- Professional Records Standards Body (PRSB) structure and content of health and care records standards
- Lord Chancellor’s Code of Practice on the management of records (PDF, 393KB) issued under section 46 of the Freedom of Information Act 2000 (FOIA) - The National Archives has commenced work on revising this code and will issue an update in due course.
This 2021 revision was conducted by NHSX. It reflects feedback following a consultation which 50 organisations responded to including national stakeholders and local organisations. It is intended to be a light-touch review. The Code replaces previous guidance listed below:
- Records Management: NHS Code of Practice: Parts 1 and 2: 2006, revised 2009 and 2016
- HSC 1999/053: For the Record - managing records in NHS Trusts and health authorities
- HSC 1998/217: Preservation, Retention and Destruction of GP General Medical Services Records Relating to Patients (Replacement for FHSL (94) (30))
- HSC 1998/153: Using Electronic Patient Records in Hospitals: Legal Requirements and Good Practice
Standards and practice covered by the Code will change over time so this document will be reviewed and updated as necessary. In particular, it should be noted that at the time of writing there are a number of on-going public inquiries including the Independent Inquiry into Historic Child Sex Abuse (IICSA) and Infected Blood Public Inquiry (IBI). This means that records must not be destroyed until guidance is issued by the inquiry. Future public inquiries may lead to specific records management requirements. Where that happens, the Inquiry will publish additional guidance on its website. NHS England and NHS Improvement may also issue guidance to the health and care system relating to the inquiry.
It should also be noted that we are proposing to undertake a review into the retention time for de-registered GP records. De-registered refers to when a patient is no longer on the GP practice system. It does not refer to patients who are still registered at a GP practice but have not needed to receive care. If a patient has moved to another practice, the record would be sent to the new provider. However, if the reason for de-registration is unknown, the digital record is printed off and sent in paper form to NHS England and NHS Improvement. We are proposing to review the retention time for de-registered GP records to ensure that the significant costs of retaining the records for 100 years are justified by the benefits they bring. We will look, for example, at how many records are recalled and what the reasons are.