Katherine Timms, Head of Policy and Standards at the HCPC, answers the most common questions we receive from registrants about record keeping, such as how to keep records, how to manage data protection and your responsibilities around confidentiality.
What sort of system should I use to keep clinical records?
We get asked this question a lot, but there isn’t one right way – it will depend on your practice and your profession.
Our standards say that you should keep records for all your service users that are:
- full, clear and accurate;
- completed as soon as possible; and
- kept safe from being lost, damaged or accessed inappropriately.
Ultimately, no matter what system you use, it must protect service users’ confidentiality – whether that’s password protection for electronic records, or a locked filing cabinet for paper ones.
You should also be confident your record keeping practice meets legal requirements. As record-keeping practice differs depending on where you work and your profession – you might also want to speak to your employer and your professional body. They have lots of experience in this area and can give you practical tools and tips to make sure you’re getting it right.
If, after speaking to your employer and professional body, you still have concerns, I recommend getting advice from a lawyer with knowledge in the area.
How long should I keep records on file after a service user has been discharged?
Again, this will vary according to the context in which you practise. We often get this type of question from professionals working in private practice, who don’t have an employer policy to follow.
You should use your professional judgement, the relevant law and best practice for your profession, to come to a decision.
There are recommended retention schedules available – while they may be directed at professionals working in the NHS, they are useful resources for everyone.
- Appendix 3 of the Records Management Code of Practice for Health and Social Care 2016 in England and Wales
- Annex D of the government’s Records Management: NHS Code of Practice 2008 in Scotland
- The Department of Health’s Good management, good records guidance in Northern Ireland
Other factors in my workplace are affecting the time I have available for record-keeping. What should I do?
I really empathise with registrants who come to us with this question. Many work in busy front-line environments, and often face time constraints or targets they feel affect the safety of care for service users. They can struggle to find time to keep appropriate records promptly and may end up working overtime to do so.
I would advise you to first talk to your employer about your concerns. If you are still worried after that, escalate the issue by speaking to someone more senior or raising the issue in a more formal way.
If you are a member, your union can give you more information and advice. The Advisory, Conciliation and Arbitration Service (ACAS) is another place you can turn to.
What do I need to do to keep records confidential when they are stored electronically?
More and more healthcare services are switching to storing patient records electronically.
This is fine, as long as the record-keeping system you’re using allows you to meet our standards and follow the law. Our standards say you must keep service users’ information confidential and secure. The General Data Protection Regulations (GDPR), supported by the Data Protection Act 2018, apply across the UK and govern how personal information, including service user records, should be handled.
If you’re looking for more information on data protection, the Information Commissioner’s Office has useful guidance on deleting personal data and what to do in the event of a data breach. Our confidentiality guidance also includes more detail on electronic records.
Can I disclose confidential information to relevant colleagues?
When it comes to disclosing a service user’s information, any decision you make should be in their best interests, and you should be able to explain your decision if asked.
It’s quite common for more than one professional or organisation to be involved in a service user’s care, and sharing information between each other is good practice. Most service users understand that information is shared between these different professionals because it’s important for their care – so normally you will have implied consent to do this.
Of course, you should only share information that is necessary and relevant. And the colleague you are sharing it with should understand why you are sharing it with them and that they have a duty to keep it confidential.
Service users with capacity can refuse to consent to their information being shared, and you must respect that choice and make sure you explain to them any possible effects it may have on their health or wellbeing. Make a clear record of the decision as well. There may be cases where you are legally required or justified to disclose information without consent, and our confidentiality guidance includes more information about this.