5.1 Overview
This section covers the management of records once their business need has ceased and the minimum retention period has been reached.
5.2 Appraisal
Appraisal is the process of deciding what to do with records once their business need has ceased and the minimum retention period has been reached. The National Archives has produced guidance on appraisal.
Appraisal must be defined in a policy and any changes to the status of records must also be reflected in your organisation’s Record of Processing Activity. In no circumstances should a record or series be automatically destroyed or deleted without appraisal.
Ongoing use: You might need to keep the record for longer than the minimum period for care, legal or audit reasons. In these cases, you can set an extension to the minimum period, provided it is justified and approved (by a relevant board if you have one).
Recall rates: If a series of records is routinely accessed to retrieve records, then there may be justification for extending the retention period due to ongoing use. Whereas, for a series of records that has a very low recall rate, continued retention may be harder to justify.
You may have bespoke issues to consider as well.
If digital records have been organised in an effective file plan or an electronic record keeping system, this process will be made much easier. Decisions can then be applied to an entire class of records rather than reviewing each record in turn.
There will be one of three outcomes from appraisal:
- destroy or delete
- continued retention – this will require justification and documented reasons
- permanent preservation
All appraisal decisions need to be justified, follow policy or guidance, and be documented and approved by the relevant board, committee or group of the organisation.
5.3 Destroying and deleting records
If, as a result of appraisal, a decision is made to destroy or delete a record, there must be evidence of the decision. It is good practice to get authorisation for destruction or deletion, working to a policy or guidelines. Digital Care Hub has advice on contracts for secure disposal of personal data.
Destruction of paper records
Paper records selected for destruction can be destroyed, subject to following ISO 15489-1:2016. Destruction can be conducted in-house or under contract with an approved offsite company. If an offsite company is used, the care organisation is responsible for ensuring the provider chosen to carry out offsite destruction meets the necessary requirements and can evidence this.
This evidence should be checked as part of due diligence (for example, if the provider says they have the ISO accreditation, then ask for evidence of this). Other diligence activities, such as a site visit to the contractor, could also be carried out. Destruction provider companies must provide a certification of destruction for the bulk destruction of records. This certification must be linked to a list of records, so organisations have clear evidence that particular records have been destroyed.
Records that do not contain personal data or confidential material can be destroyed in a less secure manner (such as confidential waste bins that do not provide certificates of destruction). If in doubt, material should be treated as confidential and evidentially destroyed. Do not use the domestic waste or put records on a rubbish tip to destroy identifiable, confidential material, because they remain accessible to anyone who finds them. The British Security Industry Association (BSIA) has provided a guide on information destruction.
Destruction of digital records
Destruction implies a permanent action. For digital records “deletion” may not meet the ISO 27001 standard as the information can or may be able to be recovered or reversed. Destruction of digital information is therefore more challenging. If an offsite company is used, the care organisation should check with the ISO whether the provider meets the necessary requirements, similar to the process for the destruction of paper records.
One element of records management is accounting for information, so any destruction of hardware, hard drives or storage media must be auditable in respect of the information they hold. An electronic records management system will retain a metadata stub which will show what has been destroyed.
The ICO guidance – Deleting personal data – sets out that if information is deleted from a live environment and cannot be readily accessed, then this will suffice to remove information for the purposes of UK GDPR. Their advice is to only procure systems that will allow permanent deletion of records to allow compliance with the law.
Electronic systems will vary in their functionality. They may have the ability to permanently delete records from the system or not. Where a record that has reached its retention period and has been approved for destruction, then the record should be deleted if the system allows that function. A separate record should be kept of what record has been deleted.
If a system doesn’t allow permanent deletion, then all reasonable efforts must be made to remove the record from normal daily use. It should be marked in such a way that anyone accessing the record can recognise it as a dormant or archived record. All activity in electronic systems must be auditable, and (where appropriate) local policies and procedures should cover archived digital records.
The following are examples of when information cannot be destroyed or disposed of by a social care provider:
- if it is required for notified legal proceedings, for example, a court order, or where there is reasonable prospect of legal proceedings commencing (an impending court case). This information will possibly be required for the exercising or defending of a legal right or claim
- if it is required for a coroner’s inquest
5.4 Continued retention
The retention periods given in Appendix I are the minimum periods for which records must be retained for health and care purposes. In most cases, it will be appropriate to dispose of records once this period has expired.
Organisations must have procedures and policies for any instances where it is necessary to maintain specifically identified individual records, or group of records for longer than the stated minimum, including:
- temporary retention.
- public inquiries (e.g. Covid-19 Enquiry). Before any records relating to inquiries are destroyed, you must check with the Inquiries Team that they are no longer required.
- where there is a continued business need beyond the minimum retention period, and this is documented in local policy.
Where records contain personal data, the decision to retain must comply with UK GDPR. Decisions for continued retention beyond the periods laid out in this Code must be recorded, made in accordance with formal policies and procedures by authorised staff and set a specific period for further review.
Generally, where there is justification, records may be retained locally from the minimum period set in this Code, for up to 20 years from the last date at which content was added. For more information, refer to R v Northumberland County Council and the Information Commissioner (23 July 2015). This provides assurance that it is legitimate to vary common practice or guidance where a well-reasoned case for doing so is made.
It must be remembered that in some cases of social care, there may be gaps between episodes of care. If a person begins a new episode of care whilst their previous record is still within agreed retention periods, then these episodes of care will link, and the retention period will begin again at the end of the current episode. This may mean that some or all of the information from the previous episode will go over a stated retention mark, but this is acceptable as it links to a more recent care episode.
Organisations should always check current legislation.
