Scanning Documents Policy

Transcription

1 Scanning Documents Policy Reference No: Version: 3 Ratified by: P_IG_11 LCHS Trust Board Date ratified: 12 th September 2017 Name of originator/author: Name of approving committee/responsible individual: Date issued: September 2017 Review date: July 2019 Target audience: Distributed via: Kaz Scott, Information Governance Lead / DPO Information Governance Management Assurance Group All LCHS staff Website

2 Lincolnshire Community Health Services NHS Trust Scanning Documents Policy Version Control Sheet Version Section/Para/ Appendix 1 Original CG038 Version/Description of Amendments New Policy rebranded to reflect organisational change. Formatting throughout, Removal of Technical Content, EIA and NHSLA monitoring added. 1.1 Extension agreed at IGSC to allow for release for reviewed guidance and updated footers Date Feb 2013 Feb 2015 Author/ Amended by Rachel Markham Kaz Scott IGSC month extension agreed April 2015 IGSC 2 Full Review Minor changes and updated information links Sept 2015 Kaz Scott 3 Full Review Updated EIA, logo and references. Jul 2017 Kaz Scott Copyright 2017 Lincolnshire Community Health Services NHS Trust, All Rights Reserved. Not to be reproduced in whole or in part without the permission of the copyright owner. 2

3 Lincolnshire Community Health Services NHS Trust i. Version control sheet ii Policy statement Scanning Documents Policy Contents Legal Admissibility 4 Statement 4 Business Procedures and Process for Scanning 5 Responsibilities 5-6 Training 6 Enabling Technologies 7 Storage Media 7 Scanning into Information Systems 8-9 Scanning Process 10 Monitoring and Audit 11 NHSLA Monitoring 11 Appendix 1 - Equality Impact Assessment 12 Appendix 2 - Definitions 13 References 14 3

4 Legal Admissibility Legal admissibility is a core Records Management principle and if a document is scanned into SystmOne (S1) or Information System e.g. ESR, it must be a true representation of the original. Proving the authenticity of a scanned document is crucial if required as evidence in court and that any document created within the system has not been changed since the time of its storage. The Trust has a duty to ensure documents created or scanned, stored and migrated through electronic systems meet the evidential weight as outlined in the Civil Evidence Act 1995 to ensure Legal Admissibility should a Court require it Compliance within the Policy does not guarantee legal admissibility. It is possible to maximise the evidential weight of a record/document by setting up authorised procedures and being able to demonstrate in court that those procedures have been followed. Procedures are defined which need to be implemented in order to comply with the Policy. However, it does not follow that information stored on systems that do not comply with the Policy is not or will not be legally admissible. The Trust needs to demonstrate that it complies with the five principles of information management on which this Policy is based. For the avoidance of doubt they are: Recognise and understand all types of information Understand the legal issues and execute duty of care responsibilities Identify and specify business processes and procedures Identify enabling technologies to support business processes and procedures Monitor and audit business processes and procedures Statement The Policy is applicable to any Trust system that stores information electronically and its outputs. It covers aspects of the information management processes that affect the use of information in normal business transactions, even where legal admissibility per se is not an issue. Such aspects include the legibility, accuracy and completeness of the stored information, and the transfer of the information to other systems. This policy will establish guidelines for: Authenticity and Integrity of stored data Legal admissibility of scanned, stored and electronically communicated data The purpose of the Policy is to: Provide guidance on process, procedure, audit in order to ensure authenticity, integrity, security and legal admissibility of scanned, stored or migrated information Improve reliability of, and confidence in, communicated information, and electronic documents to which an electronic identity is applied Maximize the evidential weight which a court or other body may assign to presented information Provide confidence in inter-organisation information sharing Provide confidence to external inspectors (i.e. regulators and auditors) that the Trust s information and business practices are robust and reliable 4

5 Business Procedures and Processes for Scanning Each system which has a scanning process for the storage of documents should also develop a flow chart detailing the process for ease of reference. The procedure and processes must be audited annually to make sure that the approved procedures are being observed. Records Management Policies Freedom of Information and Environmental Information Regulations Policy Data Protection and Confidentiality Policy Computer Use Policy Policy and Procedure Information Security Policy The Policy may be used as a common reference standard for business activities within the Trust and between organisations and for subcontracting or procurement of information technology services or products. Responsibilities TITLE INDIVIDUAL RESPONSIBILITIES Chief Executive As Accounting Officer, has overall responsibility for risk. Senior Information Responsible Officer (SIRO) Ensure that the Compliance and admissibility issues are incorporated in systems and outputs are reflected in the Assurance Framework. Board lead for information risks thus ensuring risks associated with information systems are monitored and addressed. Caldicott Guardian Ensure that Caldicott Guardian principles are embedded and monitored in the Trust. Information Security Process Ensuring the security and integrity of systems owned by the Trust are appropriately maintained. Information Governance Acts as Data Controller for the Trust and therefore a lead role ICT Process Provide technical advice to ensure that appropriate technologies are applied. Training Provides appropriate training to staff to ensure scanning meets the required standards of compliance. Auditors Internal and External Undertake random checks on behalf of the Trust. Heads of Service Ensure services and all staff are aware of and complies with the provisions of the policy. 5

6 The Trust has a duty of care principle to ensure that patient, personal and other information is safe, secure and kept confidential but accessible when needed in accordance with: Caldicott Principles The Data Protection Act 1998 Freedom of Information Act 2000 The Trust Senior Information Risk Owner (SIRO) has the legal responsibility to ensure the integrity of systems and information, to take into account the security, safety and confidentiality of said information both within and beyond the Trust. The requirement to authenticate electronic documents that have evidential significance to a Trust may be vital to continued operations. Information security is key when discussing legal admissibility issues. The main discussion on this topic is likely to be the authenticity of the stored information in the form of robust audit trails that evidence; When the electronic information was captured, was the process secure? Was the correct information captured complete and accurate? During storage, was the information changed in any way, either accidentally or maliciously? What was the process for scanning paper originals into the system? Can the Trust evidence the quality and integrity of the original document has been maintained? Information security implementation and monitoring are key to demonstrating authenticity. It is essential at the planning stage to consult with appropriate third parties who will need to use, inspect or have a material interest in the results from authenticated systems. Examples of such third parties are: Receiving Parties, Auditors, Legal Experts, Technical and Operational Staff and The Courts The Trust should be aware of the value of its electronic identity management systems, and execute its responsibilities to those systems under the duty of care principle. To fulfil its duty of care obligations, the Trust should: Be aware of and demonstrably comply with legislation and regulatory bodies pertinent to its country Establish a chain of accountability and assign responsibility for all relevant activities Keep abreast of developments with the appropriate bodies and organisations Training Training needs of staff will vary according to the local scanning processes and procedures constructed to underpin this policy by local service needs. 6

7 Enabling Technologies A typical system will be comprised of many different technologies. Each of these technologies or their component parts will need to comply with BIP0008. The technologies include Storage media Access control mechanisms System and data integrity Image processing Compression techniques Compound documents Data migration Document deletion Storage media The issue of appropriate storage media is critical. There are two types of storage media, distinguished by the medium s ability to be written to many times or just once; Write Many Write Once (WORM) Data stored on magnetic disk can in principle be modified. However the risk of this happening, while significant, is small and the risk can be minimised if not eliminated altogether by ensuring that adequate controls are implemented in both the storage system and the information access control system. Users with read only access are unable to modify data but those with read/write can. Therefore it is essential to securely log at system level the users with read/write access so that unauthorised writes to the system can be detected. The Trust has Port Control which will only allow Read / Write to approved Trust issued equipment. 7

8 Scanning in an Information System Process This process applies to information scanned and electronically stored within an Information System and will provide guidance to ensure authenticity and integrity of scanned documents in regards to legal admissibility. The purpose of the process is to ensure: Authenticity and Integrity of stored data Legal admissibility of scanned, stored and electronically communicated data Improve reliability and confidence in communicated information and electronic documents. Provide confidence in inter-organisation information sharing Type of Document Identify documents for scanning. Check for ultra-shiny fax paper - this will not scan properly and needs to be photocopied before being scanned. Duplication If duplications are found these should be destroyed and not form part of the scanned document. It is imperative however that if a duplicate has any handwritten information that has been added after the date of the original document that this is retained and scanned. Misfiling Check that all the information in the document pertains to the same patient (NHS No: Name and DoB). If misfiled information is found it must be removed and relocated to the appropriate record. Preparation Prior to Scanning Documents should be examined prior to scanning to ensure their suitability. Such factors as their physical state (thin paper, creased, stapled, etc). Photocopies It is essential that any part of the document that is photocopied whilst following the above process looks exactly like the original, nothing more and nothing less. Quality of Original or Photocopy If the original document is of such poor quality that it is unreadable and photocopying and/or enhancing does not improve the readability of the original, then a note should be placed on file stating Parts of this document were unable to be scanned due to the poor quality of the original. Images Image processing is a post scanning technique to improve the quality of a scanned document. There may be good reasons for improving image quality but it is NOT permitted for clinical photography in case essential detail is removed. Staff should refer to the Clinical Photography and Video Recording Policy for further guidance. Images may be stored as a JPEG or Bitmap, TIF or GIF but storing as a file is recommended as it will help to retain the integrity of the image. Different file sizes will occur, dependent on the type of image stored. 8

9 Quality Control It is important to be able to demonstrate to a court that the quality controls are adequate and work. A peer audit will take place on random scanned items by Information Governance to ensure quality assurance is maintained. Following scanning a check should be made of the paper document against the scanned document, ensuring that:- The same amount of pages has been scanned and all pages are legible and exact replicas of what you hold. Once a document is scanned it should not be reprinted for clinical purposes, with the exception of outside agencies or the patient requesting the record. Retention No original documentation should be destroyed until quality checks have taken place and assurance the scanned documents are legible and stored securely. All original documentation to be kept for one month to ensure adequate time has been allowed before shredding under confidential conditions. Audit The procedure and processes will be audited annually to ensure that procedures are being observed. The audit trail as a minimum will log details of each significant event in the life of the document within the system. The audit rail will be generated by the system of the user, date and time and stored securely within a user s access role on the Local Area Network (LAN) and back up servers. Security and Protection Security and protection covers user access which will capture details about the User, Date and time of scanning took place. Users with read only access are unable to modify data but those with read/write can. Therefore it is essential to securely log at system level the users with read/write access so that unauthorised writes to the system can be detected. System and Data Integrity This will be covered by Data Quality and a robust Audit Trail. Document Deletion To meet Data Protection it may be necessary to amend or delete documents or parts of documents which will be identified via the system audit trail. In S1 this will be recorded under entries Mark in error with appropriate information recorded. For permanent removal, this can only be undertaken with Caldicott Guardian permissions and must meet the criteria before approval. 9

10 Scanning Process Simple Steps on How to Scan Paper Documents Scanning What to do first? Identify documents eligible for scanning Prepare documents for scanning How to prepare for scanning: Check for ultra-shiny fax paper - this will not scan properly and needs to be photocopied before being scanned to ensure legibility. Remove any staples or paperclips. If forms are folded these will need to be divided into separate pages and kept in order, however you should ensure that writing in the forms does not cross the central divide. It is essential that any part of the document that is photocopied whilst following the above process looks exactly like the original, nothing more and nothing less. Select correct resolution and type of document scan e.g. PDF, TIF, JPEG Audit Trail and Quality Checks The audit trail as a minimum will log details of each significant event in the life of the document within the system. The audit trail will be generated by the system of the user, date and time of the scanning. **Following scanning a check should be made of the paper document against the scanned document, ensuring that:- The same amount of pages has been scanned and all pages are legible and exact replicas of what you hold** When to destroy originals Nothing from the document should be destroyed until scanning and quality checks have taken place and the retention period has been met. (See **). All original documentation to be kept for one month to ensure adequate time has been allowed before shredding under confidential conditions. For example: All documents scanned in January need to be retained until end of February before destruction can take place. The one month retention period has been implemented by Information Governance and approved by the Trust to ensure we meet quality checks and to alleviate storage problems within the services. This simple steps process may be laminated and used as an aide memoire to assist scanning. 10

11 Monitoring and Audit The Trust will monitor compliance through regular audit, monitoring and review through the number and type of incidents related to network security and reported in the quarterly Assurance Report submitted to the Information Governance Management Assurance Group (IGMAG). NHSLA Monitoring Minimum requirement to be monitored Process for monitoring e.g. audit Responsible individuals/ group/ committee Frequency of monitoring /audit Responsible individuals/ group/ committee (multidisciplina ry) for review of results Responsible individuals/ group/ committee for development of action plan Responsible individuals/ group/ committee for monitoring of action plan IG Toolkit Standards Review / Audit / Reports IG Lead Annual IG Lead / IGMAG IG Lead / IGMAG IG Lead / IGMAG 11

12 Equality Analysis Appendix 1 A. B. C. D. Briefly give an outline of the key objectives of the policy; what it s intended outcome is and who the intended beneficiaries are expected to be Does the policy have an impact on patients, carers or staff, or the wider community that we have links with? Please give details Is there is any evidence that the policy\service relates to an area with known inequalities? Please give details Will/Does the implementation of the policy\service result in different impacts for protected characteristics? To provide clear and effective management and accountability structures, governance processes, documented policies and procedures, a comprehensive IG training programme and adequate resources to manage and embed Ig throughout the Trust. All Staff and Service Users No No Disability Sexual Orientation Sex Gender Reassignment Race Marriage/Civil Partnership Maternity/Pregnancy Age Religion or Belief Carers Yes If you have answered Yes to any of the questions then you are required to carry out a full Equality Analysis which should be approved by the Equality and Human Rights Lead please go to section 2 The above named policy has been considered and does not require a full equality analysis Equality Analysis Carried out by: Kaz Scott Date: 19th July 2017 No 12

13 Definitions Appendix 2 Definitions of terms used within a Scanning Document Process: Audit Trail Data Decompression Deletion Digital Image Digital Signature Document DPI Electronic Signatures Electronic Storage Encryption Expungement Information Management System Original Document Page Pixel Record Records Management Resolution Scanning System Data which allows the reconstruction of a previous activity, in its correct chronological place, or which enables the attributes of a change (such as date/time, operator) to be recorded Series of digital or analog signals or encoded characters stored or transmitted electronically, or marks (e.g. writing, printed characters, graphics) on paper or microform, which are intended to convey information Process of reconstituting a file which has been compressed back to its original form, or to a close approximation thereof Process of logically removing a document from a system, often by deleting an index reference Image consisting of pixels using ranges of discrete values Data appended to a data file that allow the recipient of the data file to authenticate the source and the integrity of the data file Information stored on media Dots Per Inch, a measure of resolution Computer data compilation of any symbols executed, adopted or authorized by an individual to be the legally binding equivalent of the individuals handwritten signature Storage medium or device used by an information management system to store information Reversible process of converting a data file into a secret code under the control of a key Process of removing a document from a system and leaving no evidence of the document ever having appeared on the system Any computer or other electronic system which stores and/or processes information in digital or analog form Document from which a copy is made or from which an image is captured Single image entity, such as one side of a sheet of paper, a drawing or plan, map, photograph, transparency; or a microform frame Smallest two-dimensional element of a digital image that can independently be assigned attributes such as colour and intensity Information created, received and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business (BS ISO 15489:2001) Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records (BS ISO 15489:2001) Ability of a scanner or image generation device to reproduce the details of an image Operation that converts the image of a document into a digital form, by detecting the amount of light reflected from elements of a document In the Policy, this always means information management system unless specifically noted 13

14 References Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2004) Code of Practice for Legal Admissibility and Evidential Weight of Linking Electronic Identity to Documents (2005) Records Management Code of Practice for Health and Social Care 2016 The Civil Evidence Act 1995 Confidentiality: NHS Code of Practice The Computer Misuse Act 1990 The Copyright, Designs and Patents Acts 1990 The Data Protection Act (DPA) 1998 The Electronic Communications Act 2000 The Freedom of Information Act (FOIA) 2000 The Public Records Act 1958 and 1967 Relevant Standards and Guidelines BSI BIP The NHS Information Governance Toolkit 14