Learn, Do Not Copy!

Maintain healthcare records in line with legislation and organisational requirements

This page is designed to answer the following questions:

NOTE: Although this page has been marked as complete, it has not yet been peer-reviewed or quality-assured, therefore it should be considered a ‘first draft’ and any information should be fact-checked independently.

As a manager, it is your responsibility to ensure that health and care records are maintained in line with legislation and organisational requirements and that the systems and processes used are regularly monitored and reviewed.

The Data Protection Act 2018 and General Data Protection Regulations legislate how data should be collected, used and stored. Information should be stored using secure systems that only allow authorised persons access to the data. This supports your organisation’s duty of confidentiality and ensures that data is only shared on a need-to-know basis. Information may only be used for the purpose intended upon collection and individuals should be informed how their data will be used.

Further information relating to data obligations can be found at the Information Commissioners Office (ICO) website.

In addition, Regulation 17 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 has provisions for record keeping:

  1. maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided;
  2. maintain securely such other records as are necessary to be kept in relation to—
    1. persons employed in the carrying on of the regulated activity, and
    2. the management of the regulated activity;

Regulation 17: Good governance

Public authorities must appoint a Data Protection Officer to ensure that data risks and security breaches are identified and mitigated against and provide advice about data protection to the management team. More information about this role can be found here.

All records must be up-to-date, complete, accurate and legible. They should also be objective and factual and avoid the record-keeper’s views and opinions unless a professional judgment is required. Many records should also be signed and dated and it is good practice to write in black ink.

Robust policies and procedures should be in place for the recording, storing and accessing of information and team members should understand their responsibilities. All staff should be sufficiently trained in information management and their duty of confidentiality as well as being provided with training in how to use any proprietary systems your organisation has in place. This includes their responsibility to report any breaches of confidentiality to their manager – when a breach is reported, the management team must deal with it immediately.

The use of policies and procedures should also be monitored and they should be reviewed regularly as part of the quality assurance process.

As well as complying with regulations and legislation, good record-keeping practices also provide evidence of the care provided to service users. It ensures that service users receive consistently high-quality care in line with their needs, wishes and preferences.