Publication - Advice and guidance
Records Management Code of Practice for Health and Social Care
The Code of Practice is a guide to the required standards of practice in the management of data, information and records for those who work within or under contract to NHS organisations in Scotland. It is based on current legal requirements and professional best practice.
Annex A: Further Guidance
Further information on legal and professional obligations is available on the following websites:
Regulatory Bodies:
- National Records of Scotland
- Information Commissioner’s Office
- Scottish Information Commissioner’s Office
- Care Inspectorate
- General Chiropractic Council
- General Dental Council
- General Medical Council
- General Optical Council
- General Osteopathic Council
- General Pharmaceutical Council
- Health and Care Professions Council
- Healthcare Improvement Scotland
- Nursing and Midwifery Council
- Scottish Social Services Council
Legislation:
- Access to Health Records Act 1990
- Data Protection Act 2018
- Environmental Information (Scotland) Regulations 2004
- Freedom of Information (Scotland) Act 2002
- Inquiries Act 2005
- Network and Information System Regulations 2018
- Public Records (Scotland) Act 2011
- Scottish Public Sector Cyber Resilience Framework
- UK General Data Protection Regulations
Professional Bodies - Health Sector:
- British Medical Association
- College of Dentistry
- NHS Scotland Primary Care Informatics
- Royal College of General Practitioners
- Royal College of Midwives
- Royal College of Nursing
- Royal College of Obstetricians & Gynaecologists
- Royal College of Pathologists
- Royal College of Physicians
- Royal College of Physicians and Surgeons of Glasgow
- Royal College of Surgeons of Edinburgh
- Royal Pharmaceutical Society
- UK Caldicott Guardian Council
Professional Bodies – Social Work Sector:
- British Association of Social Workers
- Coalition of Care and Support Providers in Scotland
- Scottish Association of Social Work
- Social Work Scotland
Professional Bodies – Records Management Sector:
- Archives and Records Association
- Federation for Informatics Professionals
- Information and Records Management Society
- Professional Records Standards Body
- Scottish Council on Archives
- The Institute of Health Records and Information Management
International and British Standards:
- ISO8601 - Date and Time Format
- ISO13008 - Digital records conversion and migration process
- ISO15489 - Records management
- ISO16175 - Processes and functional requirements for software for managing records
- ISO17068 - Trusted third party repository for digital records
- ISO18128 - Risk assessment for records processes and systems
- ISO21965 - Records management in enterprise architecture
- ISO23081 - Metadata for records
- ISO22428 - Managing records in cloud computing environments
- ISO26122 - Work process analysis for records
- ISO30301 - Management systems for records - Requirements
- ISO30302 - Management systems for records - Guidelines for implementation
- BS10008 - Evidential weight and legal admissibility of electronic information
- BS10010 - Information classification, marking and handling
- BS10025 - Management of Records. Code of Practice
- BS15713 - Secure Destruction of Confidential Material
- ISO/IEC 27000 - Information security overview and vocabulary
- ISO/IEC 27001 - Information security management system requirements
- ISO/IEC 27002 - Code of Practice for Information Security controls
- ISO/IEC 27017 - Information security controls for cloud services
- ISO/IEC 27031 - Information security controls on business continuity
Contact
Email: DHCIG@gov.scot
There is a problem
Thanks for your feedback