Contents
1 Introduction
Rotherham, Doncaster and South Humber NHS Foundation Trust (RDaSH), (the trust), is moving towards a society in which the use of paper is significantly reduced in favour of a more digital way of working. In order for this to be achieved the trust acknowledges that the scanning of physical documents will greatly increase and become part of the records management process.
This policy sets out the necessary guidelines to assist all employees on the responsibilities and practices in place, in relation to the scanning process.
The scanning of physical documents raises questions relating to the disposal of original papers and the legal admissibility of an electronic image. At present there is no definitive law regarding the legal admissibility of scanned documents over paper originals. Certain guidelines have been developed to aid the ever-growing number of government departments, public authorities and private companies that are working towards a more digital future.
This policy adheres to the guidelines set out in BIP 0008 to 2008 to the British Standard on legal admissibility and evidential weight on scanned records. This code of practice provides guidance on the use of electronic images as evidence in legal situations.
2 Purpose
The aim of this policy is to create clear guidelines to all staff when scanning any paper documentation. The trust aims to implement a process that will improve staff time in terms of accessibility to records, and to also reduce the amount of physical filing which is produced and duplicated.
3 Scope
This policy relates to all information handled by colleagues when scanning into a digital format. Any physical filing that is transferred onto an electronic system must follow this policy according to the procedures set out.
This policy will apply to any persons that have access to paper documents belonging to the trust and considers scanning to be the most constructive way forward when working in a paper-light environment.
4 Responsibilities, accountabilities and duties
4.1 The trust
The trust has a duty of confidentiality to ensure that all aspects of records management are properly managed. The trust is subject to a number of legal, statutory and good practice guidance requirements, covering health records. In order to meet these requirements and to be able to demonstrate sound management within the constraints of the existing legislation, it is necessary to have clear operational policy and procedures.
4.2 The chief executive
The chief executive has overall accountability and responsibility for records management within the trust and this function is delegated to the head of information governance, who will be responsible for encouraging a paper-light way of working.
4.3 Trust medical director
The trust’s medical director is the Caldicott guardian who plays a key role in ensuring that NHS and partner organisations satisfy the highest practical standards for handling patient information. Acting as the “conscience” of an organisation, the Caldicott guardian should also actively support work to facilitate and enable information sharing, advising on options for lawful and ethical processing of information as required. However, this post is advisory in nature, rather than accountable, as the SIRO is. The Caldicott guardian is supported by the head of information governance and the information governance and data protection department.
4.4 Senior information risk officer
Senior information risk officer (SIRO) is responsible for reporting to the board all aspects of information risk. This will include any risks relating to records or data. These risks will be identified, assessed and reported using the established organisational risk management process. The SIRO is supported by the head of information governance and the information governance and data protection department.
4.5 Head of information governance
The head of information governance or DPO will be responsible for ensuring that the trust meets its information governance requirements through the continued submission of the annual data security and protection toolkit submission (DSPT).
4.6 Information governance manager
The information governance manager has responsibility for document and records management throughout the trust. They are also the trusted custodian who will manage the trust’s inactive records in both paper and electronic formats.
The information governance manager will provide advice and guidance on the handling of records and information and will offer assistance in considering a records storage location.
They will be responsible for the implementation of a paper-light strategy throughout the trust, ensuring all staff are aware of their responsibilities in regard to physical records.
4.7 Information technology
Information technology is responsible for providing further advice and guidance to staff when required in relation to the use of scanners and shared drives.
4.8 All colleagues
All colleagues are responsible for ensuring that the information scanned is in line with the guidance of this policy. Colleagues must help to achieve the paper, light strategy by using less paper documents and implementing more electronic methods where possible.
5 Procedure or implementation
5.1 What to scan
Any physical documentation that would be deemed necessary and, or noteworthy to a patient’s health and well-being or treatment, will need to be scanned. If the physical item is essential information that would be stored on a physical file, this must be scanned into the relevant system.
Any documents that can be created electronically in the first instance must be completed online and not duplicated in a physical document and scanned.
Any physical documentation that does not belong to the trust must be kept in its original format and not scanned. This can include deeds, guarantees or certificates which are not the property of the trust. These can only be scanned and destroyed with written consent from the owner.
Any document that requires a signature of consent can be scanned but must also be kept in its original format until such time that electronic signatures become available.
Do not scan any duplicate documents that are already on a system used by staff. Once a document is scanned it should not be re-printed except of outside agencies (if no electronic transfer method is available) or a subject access request.
5.2 When to scan
Any physical documentation that falls into the guidelines stated in 5.1 must be scanned and stored onto an NHS system within 72 hours of write up. This includes a quality check of the scanned image, noting of activity carried out and the confidential destruction of the original physical document.
5.3 How to scan
5.3.1 Preparing documents for scanning
Before the scanning of a document can take place, the following actions should be carried out:
- assess the condition of the document to ensure that it is not too fragile for scanning, pages are not stuck together or inserts such as post-it notes are not attached to any sheets
- any notes attached to the document must be placed on a blank sheet of paper for scanning
- remove any staples or paperclips
- ensure all pages are in chronological order
- for patient or staff files, ensure the front page has the following details:
- full name
- date of birth
- NHS number or employee reference number
- date of document
- any blank pages within a file must not be removed and must be scanned in the order they appear within the original document
- remove any poly pockets or plastic wallets
- check that all the information in the document pertains to the same patient (NHS number, name and date of birth), if misfiled information is found it must be removed and relocated in the appropriate record
5.3.2 Scanning equipment
All scanning should be carried out using a trust approved machine. Do not scan any images from a machine that does not belong to RDaSH.
All scanning should be carried out to the following resolution settings:
- black and white images, 200 DPI (dots per inch)
- coloured Images, 300 DPI
- photographs, 300 DPI
5.3.3 Quality control
The quality check of a scanned image must be carried out as soon as the scanning has taken place. To ensure all documents are scanned to a satisfactory quality, staff must ensure:
- every piece of a document is scanned, including blank pages and double-sided documents
- any scanned document is unchanged from its original format. Any amendments or additions made to a document must be made prior to scanning
- all aspects of the scanned document are legible
- pages should be positioned correctly and not at an angle
5.3.4 Indexing
All service areas within the trust will index scanned documents in a different way depending on the different needs for information. However, all scanned documents must include a specific set of metadata. This must include:
- title of document, this should be a meaningful title which accurately reflects the document.
- date the document was scanned
- initials of the staff member who carried out the scanning
The document should then be immediately placed within the appropriate system ensuring the correct electronic record has been identified. Good practice would also indicate that further notes are added to the system such as information regarding the scanning of the document and that the original document has now been destroyed.
5.3.5 Security and protection
Records that contain personal identifiable data should only be scanned by staff who are authorised to handle the information.
The scanned images should be immediately quality checked and stored within the correct system. No scanned document should be stored on a shared or personal drive, and, or desktop.
The original document should be confidentially destroyed as soon as possible after storing the scanned document. No persons should keep the paper version for their own needs. If you are unsure about destroying a document, do not scan it. Contact the trust’s Information governance manager for advice first. There should never be two versions of a document.
Scanning of records should take place in a secure environment where only authorised personnel have access.
5.3.6 Document retention
All physical documentation should be kept until sufficient quality checks have been carried out on a scanned image.
A scanned document must be securely stored and correctly indexed before destroying a physical record.
A scanned document must be destroyed from the area in to which it was originally scanned once it has been appropriately stored.
Original physical documents can be destroyed once:
- the scanned image is securely stored
- the scanned document is correctly indexed and noted
- the scanned document has been thoroughly quality checked to ensure the electronic version is a true and accurate copy of the original
Once these checks have been carried out, the original document can now be destroyed. This must be marked alongside the scanned document.
5.3.7 Legal admissibility
Any scanned document will be managed in accordance with the trust’s records management policy. The scanned copy will, for legal purposes, become the definitive record and will then be subject to correct records management and retention policies set in place for digital documentation. Scanned documents are admissible in court but can differ depending on the court action. In criminal cases a certified scanned copy can be used with proper authentication including how it was scanned and notations declaring it unaltered. In civil action cases, scanned copies can be produced with the court deciding on the evidential weight issued to the document. These principles arise from the Civil Evidence Act 1995 and the Policy and Criminal Evidence Act 1984.
6 Training implications
As a trust policy, all colleagues need to be aware of the key points that it covers. Colleagues can be made aware through a variety of means such as:
- local induction
- records management training
- team meetings
- one to one meetings or supervision
7 Monitoring arrangements
7.1 Policy
- How: Review policy practices through feedback and auditing.
- Who by: Information governance manager, I.T, and admin leads.
- Reported to: Information governance group.
- Frequency: Annually.
7.2 Incidents
- How: Review of all scanning incidents.
- Who by: Information governance manager, security advisor.
- Reported to: Information governance group.
- Frequency: Annually.
8 Equality impact assessment screening
To access the equality impact assessment for this policy, please see the overarching equality impact assessment.
8.1 Privacy, dignity and respect
The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi’s review of the NHS, identifies the need to organise care around the individual, ‘not just clinically but in terms of dignity and respect’.
As a consequence the trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided).
8.1.1 How this will be met
All staff must follow the guidelines stipulated within this policy. All staff must also follow the information governance in terms of confidentiality.
8.2 Mental Capacity Act (2005)
Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals’ capacity to participate in the decision-making process. Consequently, no intervention should be carried out without either the individuals informed consent, or the powers included in a legal framework, or by order of the court.
Therefore, the trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act (2005). For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act (2005) to ensure that the interests of an individual whose capacity is in question can continue to make as many decisions for themselves as possible.
8.2.1 How this will be met
All individuals involved in the implementation of this policy should do so in accordance with the guiding principles of the Mental Capacity Act (2005).
9 Links to any other associated documents
- Records management policy
- Information governance policy and management framework (includes data protection policy content)
- Data security and protection breaches or information governance incident reporting policy
- Information technology (IT) security policy
10 References
- Department of Health Informatics Directorate, Information Governance Policy. NHS Information Governance: Records Management, Guidance on Digital Document Scanning (2011).
- Digitisation at The National Archives (2015).
- British Standard BS 10008:2008 (2008).
- The Civil Evidence Act (1995).
- Policy and Criminal Evidence Act (1984).
Document control
- Version: 3.
- Unique reference number: 333.
- Approved by: Corporate policy approval group.
- Date approved: 5 December 2023.
- Name of originator or author: Head of information governance or DPO.
- Name of responsible individual: Director of health informatics.
- Date issued: 14 December 2023.
- Review date: 31 December 2026.
- Target audience: All staff.
Page last reviewed: December 23, 2024
Next review due: December 23, 2025
Problem with this page?
Please tell us about any problems you have found with this web page.
Report a problem