Home
Publications
Progress Update Review - NHS Lanarkshire

Progress Update Reviews Records and archives

Progress Update Review - NHS Lanarkshire

Date published: 07 April 2025

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

Contents

Public Records (Scotland) Act 2011
Progress Update Review (PUR) Mechanism
Executive Summary
Authority Background
Assessment Process
Progress Update Review (PUR): NHS Lanarkshire
The Public Records (Scotland) Act Assessment Team’s Summary
The Public Records (Scotland) Act Assessment Team’s Evaluation

1. Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) received Royal Assent on 20 April 2011. It is the first new public records legislation in Scotland since 1937 and came into force on 1 January 2013. Its primary aim is to promote efficient and accountable record keeping by named Scottish public authorities.

The Act has its origins in The Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950-1995 (The Shaw Report) published in 2007. The Shaw Report recorded how its investigations were hampered by poor recordkeeping and found that thousands of records had been created, but were then lost due to an inadequate legislative framework and poor records management. Crucially, it demonstrated how former residents of children’s homes were denied access to information about their formative years. The Shaw Report demonstrated that management of records in all formats (paper and electronic) is not just a bureaucratic process, but central to good governance and should not be ignored. A follow-up review of public records legislation by the Keeper of the Records of Scotland (the Keeper) found further evidence of poor records management across the public sector. This resulted in the passage of the Act by the Scottish Parliament in March 2011.

The Act requires a named authority to prepare and implement a records management plan (RMP) which must set out proper arrangements for the management of its records. A plan must clearly describe the way the authority cares for the records that it creates, in any format, whilst carrying out its business activities. The RMP must be agreed with the Keeper and regularly reviewed.

2. Progress Update Review (PUR) Mechanism

Under section 5(1) & (2) of the Act the Keeper may only require a review of an authority’s agreed RMP to be undertaken not earlier than five years after the date on which the authority’s RMP was last agreed. Regardless of whether an authority has successfully achieved its goals identified in its RMP or continues to work towards them, the minimum period of five years before the Keeper can require a review of a RMP does not allow for continuous progress to be captured and recognised.

The success of the Act to date is attributable to a large degree to meaningful communication between the Keeper, the Assessment Team, and named public authorities. Consultation with Key Contacts has highlighted the desirability of a mechanism to facilitate regular, constructive dialogue between stakeholders and the Assessment Team. Many authorities have themselves recognised that such regular communication is necessary to keep their agreed plans up to date following inevitable organisational change. Following meetings between authorities and the Assessment Team, a reporting mechanism through which progress and local initiatives can be acknowledged and reviewed by the Assessment Team was proposed. Key Contacts have expressed the hope that through submission of regular updates, the momentum generated by the Act can continue to be sustained at all levels within authorities.

The PUR self-assessment review mechanism was developed in collaboration with stakeholders and was formally announced in the Keeper’s Annual Report published on 12 August 2016. The completion of the PUR process enables authorities to be credited for the progress they are effecting and to receive constructive advice concerning on-going developments. Engaging with this mechanism will not only maintain the spirit of the Act by encouraging senior management to recognise the need for good records management practices, but will also help authorities comply with their statutory obligation under section 5(1)(a) of the Act to keep their RMP under review.

3. Executive Summary

This Report sets out the findings of the Public Records (Scotland) Act 2011 (the Act) Assessment Team’s consideration of the Progress Update template submitted for NHS Lanarkshire. The outcome of the assessment and relevant feedback can be found under sections 6 – 8.

4. Authority Background

NHS Lanarkshire provides a wide range of healthcare services through numerous locations. There are three district general hospitals in the area - Hairmyres, Monklands and Wishaw General Hospital. Each of these hospitals has an accident and emergency (A&E) department and provides a range of specialist medical and surgical services. Maternity services are based at Wishaw General Hospital. Primary health care is provided in the community and includes general practitioners (GPs), dentists, pharmacists, health visitors and a wide range of health professionals. NHS Lanarkshire's primary care facilities include health centres and community and day hospitals.

NHS Lanarkshire employs approximately 12,000 staff.

http://www.nhslanarkshire.org.uk/Pages/default.aspx

5. Assessment Process

A PUR submission is evaluated by the Act’s Assessment Team. The self-assessment process invites authorities to complete a template and send it to the Assessment Team one year after the date of agreement of its RMP and every year thereafter. The self-assessment template highlights where an authority’s plan achieved agreement on an improvement basis and invites updates under those ‘Amber’ elements. However, it also provides an opportunity for authorities not simply to report on progress against improvements, but to comment on any new initiatives, highlight innovations, or record changes to existing arrangements under those elements that had attracted an initial ‘Green’ score in their original RMP submission.

The assessment report considers statements made by an authority under the elements of its agreed Plan that included improvement models. It reflects any changes and/or progress made towards achieving full compliance in those areas where agreement under improvement was made in the Keeper’s Assessment Report of their RMP. The PUR assessment report also considers statements of further progress made in elements already compliant under the Act.

Engagement with the PUR mechanism for assessment cannot alter the Keeper’s Assessment Report of an authority’s agreed RMP or any RAG assessment within it. Instead the PUR Final Report records the Assessment Team’s evaluation of the submission and its opinion on the progress being made by the authority since agreeing its RMP. The team’s assessment provides an informal indication of what marking an authority could expect should it submit a revised RMP to the Keeper under the Act, although such assessment is made without prejudice to the Keeper’s right to adopt a different marking at that stage.

Key

Green

The Assessment Team agrees this element of an authority’s plan.

Amber

The Assessment Team agrees this element of an authority’s progress update submission as an ‘improvement model’. This means that they are convinced of the authority’s commitment to closing a gap in provision. They will request that they are updated as work on this element progresses.

Red

There is a serious gap in provision for this element with no clear explanation of how this will be addressed. The Assessment Team may choose to notify the Keeper on this basis.

6. Progress Update Review (PUR): NHS Lanarkshire

Element 1: Senior Officer

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 8 March 2018

Show this section

Update required on any change.

Self-assessment update - 3 July 2023

Show this section

With effect from 01 July 2023, the Executive Lead is now Brian Chittick, Chief Executive of NHS Shetland.

Progress review - 31 January 2024

Show this section

The Assessment Team thanks NHS Shetland for this update which has been noted.

Self-assessment Update as submitted by the Authority since 3 July 2023

Show this section

No change.

Progress update review - 21 February 2025

Show this section

Thank you for confirming that there have been no changes to this Element. Update required on any future change.

Element 2: Records Manager

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

Update required on any change.

Self-assessment update - 27 July 2022

Show this section

Lorraine Taggart appointed as Head of Information and Records Management in November 2021.

Quarterly reports specific to Health Records continue to be tabled at IGC (attached).

Progress review - 29 December 2022

Show this section

Thank you for this update and the recent Health Records Report, noted with thanks.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

Quarterly reports specific to Health Records continue to be tabled at IGC (attached).

Progress update review - 24 March 2025

Show this section

Thank you for confirming there have been no changes to the person responsible for day-to-day implementation of NHS Lanarkshire’s Records Management Plan. Update required on any change.

Thank you for confirming that IGC Health Records Report continue to be tabled quarterly.

Element 3: Policy

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

NHS Lanarkshire move towards greater reliance on electronic records they will ensure that arrangements are in place to permanently delete these records from systems. These will be embedded within the Health and Administrative Records Policies. As these policies will be reviewed in December 2015 the authority has committed to update the Keeper with any changes. The Keeper welcomes this and looks forward to being updated on the revised policies.

Self-assessment update - 27 July 2022

Show this section

NHS Lanarkshire are committed to keeping Information Governance and Security policies updated.

The Health Records Management Policy reviewed at IGC on 12 April 2022. Amendments made and policy approved at IGC on 24 May 2022 (attached). Policy now part of the corporate policy library.

The Administration Records Management policy was updated and presented to the IGC on 28 June 2022 (attached). Policy now part of the corporate policy library.

Updated copy of IG policy register attached.

Progress review - 29 December 2022

Show this section

The Assessment Team thanks you for this update on Records Management Policy statement. It is also excellent to hear that relevant policies are periodically reviewed and being kept up to date. See also Element 13.

The receipt of attached evidence is noted with thanks.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

NHSL continue to ensure their policy and procedures are up to date; the following policies and procedure were updated at April 2024 Information Governance Committee:

Mass staff and patient contact policy
Transfer of sensitive data policy
Records management policy
Subject Access Request protocol

Progress update review - 24 March 2025

Show this section

Thank you for this update on keeping the records management policy and procedures up to date. The accompanying evidence is also noted with thanks.

Element 4: Business Classification

Status:

16 May 2016 - agreed plan - Amber
29 December 2022 - review - Amber
24 March 2025 - review - Amber

Keeper's Report - 16 May 2016

Show this section

There is an indication in NHS Lanarkshire’s Plan that certain records held on the ‘R’ drives sit outwith the Business Classification Scheme. There is a commitment in the Action Plan section to develop the Business Classification Scheme and the Information Asset Register and to develop standard operating practices for the maintenance of the R drives. The Keeper requests updates as work in these areas progress.

The Keeper agrees this element under ‘improvement model’ terms. This means that he is convinced that having identified a gap in provision NHS Lanarkshire has committed to a series of actions to close that gap. The Keeper agrees this element on condition that he is kept informed as these projects progress.

Self-assessment update - 27 July 2022

Show this section

NHSL have newly appointed a Health Records Service Manager (April 2022) and a Health Records Facilitation & Support Analyst (June 2022). As these staff members settle into their new roles it is expected that NHSL will see much more progress in this area. These staff members will provide support to health records specific projects.

NHSL are represented at the NHSS Records Management Forum where discussions on business classification has taken place including mapping and labelling. Further decision required within the Board around the corporate records management structure.

NHSL project team established to implement O365. Work is ongoing to progress phase 2 of this project.

The Administration Records Management policy was updated and presented to the IGC on 28 June 2022. See element 3 for policy.

Progress review - 29 December 2022

Show this section

Thank you for this update on the Business Classification project. It is good to hear that this area will be addressed in the near future as new members of staff settle into their roles.

The continuing engagement with fellow NHSS bodies exploring records management matters is commended.

It is noted that NHSL is continuing the phased implementation of O365. The setting up of a new eDRM system is likely to take a significant amount of time to bed in properly.

This element remains at Amber. The Team look forward to receiving updates on the progress in consecutive PURs.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

NHS Lanarkshire has a Records and Information Classification Scheme Protocol (RICs) Protocol and User Guide in place.

NHS Lanarkshire has an established and annually updated IAR to record information assets, blank copy attached.

NHS Lanarkshire is in the process of migrating to M365, a national record management platform. A project team is established to implement M365. Work is ongoing to progress phase 3 of this project.

Progress update review - 24 March 2025

Show this section

The Assessment Team is grateful for this update indicating that NHS Lanarkshire now has a Records and Information Classification Scheme Protocol in place with associated user guidance, and the attached documentation. That an IAR is in place is also noted with thanks. These are particularly important as NHS Lanarkshire continues to implement M365.

While significant progress under Element 4 has been made, this will remain at Amber as work continues. At the time of the Keeper’s Agreement, the use and maintenance of records on the R: drive, in particular, was identified as actionable.

Element 5: Retention schedule

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

Update required on any change.

Self-assessment update - 27 July 2022

Show this section

No change to the organisations approach to retention schedules.

We continue to comply with the Scottish Governments code of practice.

Progress review - 29 December 2022

Show this section

Thank you for this update. It is reassuring to hear that NHS Lanarkshire continues to adhere to SG records management Code of Practice.

Update required on any future change.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

No change to the organisations approach to retention schedules.

NHSL representatives are active members of the national group created to review and update the CoP. The final draft of the updated CoP was issued on 19 August 2024, NHSL are now in the process of reviewing their policies to ensure they comply the latest version.

Progress update review - 24 March 2025

Show this section

The update given on retention schedules has been noted with thanks. Update required on any future change.

Element 6: Destruction arrangements

Status:

16 May 2016 - agreed plan - Amber
29 December 2022 - review - Amber
24 March 2025 - review - Amber

Keeper's Report - 16 Mat 2016

Show this section

The update given on retention schedules has been NHS Lanarkshire recognise that some further work is required in order to formalise arrangements for the destruction of paper records held with the third-party storage company. Actions have been identified and been added to the RMP. The Keeper would like to receive updates on the work being done in this area.

The RMP also states that with the move to a greater reliance on electronic records they will ensure that arrangements are in place to permanently delete records from the systems. The Keeper acknowledges this commitment and requests updates on this on-going work.

Upon the renewal of contracts a Data Processing Agreement will be signed between NHS Lanarkshire and third party contractors to establish standards for certifying destruction while simultaneously creating metadata about documents destroyed. The Keeper commends this initiative and would welcome having sight of the Agreement once approved.

At the moment, the Keeper can only agree this element under ‘improvement model’ terms: That NHS Lanarkshire has identified a gap in provision (electronic record destruction procedures and tightening up on written procedures with third party providers) and has committed to a series of actions to close that gap. The Keeper agrees this element on condition that he is kept informed as these projects progress.
noted with thanks. Update required on any future change.

Self-assessment update - 27 July 2022

Show this section

NHSL currently have records stored at Oasis (an external third-party storage company). Protocol in place for the destruction of these records.

The national contract with Oasis has ended however work is underway to renew. In the interim NHSL have a contract in place (1 October 2022 – 30 September 2023).

Workplan in place for culling projects: Monklands, secondary store and digital records. Work has commenced; scoping exercise underway and protocols updated/approved at July 2022 Business Meeting.

The review of legacy files has been paused due to several national inquiries taking place (i.e. infected blood, child sexual abuse and the recently announced Covid).

Progress review - 29 December 2022

Show this section

Thank you for this update on the continuing use of a third-party storage provider, and sharing the attached Oasis Protocol. It is also good to know that an interim contract is in place while the national contract is being renegotiated.

It is clear that work is still ongoing with regard to culling projects, but very positive to hear that a scoping exercise is now underway, and that protocols have recently been updated and formally approved.

NHS Lanarkshire is encouraged to continue with this work and to allocate resource to it accordingly.

This Element remains at Amber. The Team look forward to progress updates in subsequent PUR submissions.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

NHS Lanarkshire has procedures in place for the confidential destruction of expired records in all formats. The culling project continues within NHSL. Since the last PUR phase 1 of the project has been completed. Copy of shredding certificate provided.

The culling of paper records is impacted by a number of national inquires:

UK Infected Blood Inquiry
Scottish Child Abuse Inquiry
Pharmaceutical Litigation
Mesh Implants
Covid Inquiry

NHSL’s Health Records department are currently reviewing their files stored at off-site storage, with an aim to repatriate to NHSL’s secondary store.

Progress update review - 24 March 2025

Show this section

Thank you for this update on records destruction arrangements. While identifiable progress has been made, particularly with regard to outsourced paper records destruction, this will remain at Amber as work continues.

Element 7: Archiving and transfer

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

Update required on any change.

Self-assessment update - 27 July 2022

Show this section

No change to the organisations approach to archiving.

Continue to meet with partners in NLC a twice a year.

Progress review - 29 December 2022

Show this section

Update required on any change.

Self-assessment Update as submitted by the Authority since 29 December 2023

Show this section

No change to the organisations approach to archiving.

Continue to meet with partners in NLC a twice a year. NHSL and NLC archiving have reviewed and updated the MoA. A draft Data Processing Agreement has been created and awaiting Corporate approval.

Progress update review - 24 March 2025

Show this section

The Assessment Team confirms that archiving agreement continue to be in place, and that the formal transfer agreement has recently been updates.

Element 8: Information security

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

As the Information Security Policy is due for review in September 2017 the Keeper would be pleased to receive updates, particularly if this review leads to the creation of a revised policy document.

Self-assessment update - 27 July 2022

Show this section

CE accreditation ran out in June 2021. Work continues to complete the remaining actions. Regular meetings and action tracker in place.

NHSL has an overall NIS compliance status of 68% this is an increase of 16% since the previous audit in 2020. (The 85% which was recorded at Jun 2020 update was based on a NHSL self-assessment, when the NIS audit was undertaken a compliance status of 52% was achieved). NHSL’s risk exposure has been reduced to a very low (originally 16% down to 1%). Monthly NIS meetings taking place which Heads of Function attend to update and monitor progress. NHSL are currently meeting 2 of the recently set (31/05/22) KPI targets. Work underway to achieve the 3rd KPI which relates to error message handling. The next NIS audit is scheduled for 4 October 2022.

Information security training numbers reported at IGC. The number of staffed trained @ 30/06/22:

Learnpro Information Security –13,732.

Cyber Security Group (CSG) meets every 6 weeks and reports into the IGC. The CSG monitors progress of both CE and NIS.

Progress review - 29 December 2022

Show this section

Thank you for this update. It is positive that NHSL continues to pursue actions key to Cyber Essentials certification, even though the certification has now run out.

The NIS compliance figures are noted with thanks. Based on this update, the Assessment Team has no immediate concerns over NHSL’s approach to Information Security.

Staff training is addressed under element 12 below.

Update required on any future change.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

Outstanding CE+ recommendations are now being monitored via NHSL’s Datix system and the Digital Risk Management Forum.

NHSL were audited by NIS in 2023 and achieved a compliance status of 68%. Monthly meetings taking place with the Digital Service Managers to monitor progress. Auditors comments:

In a clear commitment to the NIS Audit programme the audit preparations were well-organised with the staff meetings arranged well in advance. The evidence presented was cross-referenced to individual controls it would however have been strengthened by a more extensive narrative to offer explanation to the relevance of the documents provided.

The board has achieved a high level of compliance across the board, with 13 categories and 46 of the 68 sub¬ categories achieving a compliance of 60% or more; six categories attained levels of over 80%. The board has therefore achieved two of the 60-60-0 Key Performance Indicators, with the third close to achievement; being prevented by only seven subcategories with <30% compliance.

Overall compliance is at 68% a noteworthy achievement, showing strength across the organisation and a high level of performance. This analysis is against the new framework controls which has 42 (10%) new or revised controls in comparison with the framework used in the first audit cycle; for interest only, against the old controls this would represent an overall compliance of 76%.

Based on the auditor's feedback an action plan has been developed to target the 7 subcategories < 30% compliant as a priority.

Progress update review - 24 March 2025

Show this section

The Assessment Team thanks you for this update on information security arrangements at NHS Lanarkshire, particularly with regard to audit results and planned future actions based on these.

Element 9: Data protection and element 14: Shared information

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

NHS Lanarkshire has committed to establishing a Subject Access Request link on their website. The Keeper considers this an example of good practice and would like to be informed once this is available.
As the Data Protection Policy is due for review in September 2017 the Keeper would be pleased to receive updates, particularly if this review leads to the creation of a revised policy document.

Self-assessment update - 27 July 2022

Show this section

No change to the organisation’s approach to data protection.

The ICO will be conducting an audit of NHSL on November 2022. Work is underway to ensure that NHSL are complying with the accountability principles.

A child Data Protection Notice is now available on NHSL’s website:

https://www.nhslanarkshire.scot.nhs.uk/download/data-protection-childrens-notice/

A generic email address to request access to health records is available (Lan.healthrecords.legalteam@lanarkshire.scot.nhs.uk) this is available on NHSL’s website: Health records | NHS Lanarkshire (scot.nhs.uk).

Progress review - 29 December 2022

Show this section

Thank you for letting us know that there have been no major updates to this Element.

An upcoming ICO audit is noted with thanks.

Thank you also for sharing a link to the Child Data Protection Notice, and the information required to access one’s health records.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

No change to the organisation’s approach to data protection.

The ICO noted a high level of assurance during their audit in November 2022, noting that the processes and procedures were in place and were delivering data protection compliance. The audit identified only limited scope for improvement in existing arrangements and as such it was not anticipated that significant further action was required to reduce the risk of non-compliance with data protection legislation. An action plan was developed with all actions completed within 6 months of the audit.

The DP team have also worked through the ICO accountability framework identifying areas for improvement and work continues around this.

Progress update review - 24 March 2025

Show this section

Thank you for confirming that NHSL continues to comply with its Data Protection requirements, and that continual improvement is being implemented.

Element 10: Business continuity and vital records

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

Update required on any change.

Self-assessment update - 27 July 2022

Show this section

No change to the organisation’s approach to Business Continuity and Vital Records. NHSL Digital has a DR Plan which is tested annually, there was a test exercise planned for early 2022, however, due to the Board’s code “black status” this was postponed. Test to be rearranged. This is regularly maintained on the basis of testing and lessons learned. Oversight is provided by the Health Resilience Board.

Progress review - 29 December 2022

Show this section

Thank you for letting the Assessment Team know that there have been no major changes to this Element. Thank you for letting us know that the DR plan is continuing to be tested regularly, regardless of a recent postponement. Update required on any future change.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

NHSL has a DR Plan which is tested annually. The last occasion was October 2023 with a yearly exercise scheduled. This is regularly maintained on the basis of testing and lessons learned.

Progress update review - 24 March 2025

Show this section

Thank you for this positive update which has been noted.

Element 11: Audit trail

Status:

16 May 2016 - agreed plan - Amber
29 December 2022 - review - Amber
24 March 2025 - review - Amber

Keeper's Report -16 May 2016

Show this section

Tracking of administrative records is at an early stage and staff guidance on version control is currently in development. The Keeper asks that he is kept informed of progress in these areas.
The Keeper can agree this element under ‘improvement model’ terms. This means that he is convinced that, having identified gaps in provision (including mental health records in the clinical system and version control guidance), NHS Lanarkshire has committed to a series of actions to close that gap. The Keeper agrees this element on condition that he is kept informed as this project progresses.

Self-assessment update - 27 July 2022

Show this section

The O365 migration should greatly increase the control over document tracking although it will take some time for this to be universally applied within NHSL. Local team working to fully implement O365. NHSL represented at the national O365 implementation meeting.

The Administration Records Management policy was updated and presented to the IGC on 28 June 2022. See element 3 for policy.

Progress review - 29 December 2022

Show this section

NHSL’s approach to digital records’ audit trail management is expected to improve with the implementation of O365, but as the authority recognises, this is going to take some time to bed in properly.

This Element will remain at Amber as the work on this continues. In the meantime, it is reassuring to know that key Policies remain up to date.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

Work continues to implement O365 which will improve the audit trail of files within NHSL. NHSL continue to be represented at the national O365 implementation meeting.

NHSL have both a RICS Protocol and Business Classification Scheme in place (see element 4).

NHSL’s Admin Records policy is currently under review.

Progress update review - 24 March 2025

Show this section

NHSL’s continuing implementation of O365 is noted. This will impact arrangements on digital records’ audit trail management. The improvements made in terms of RICS protocol and BCS is noted with thanks.

This Element will remain at Amber as the work on this continues.

Element 12: Competency framework

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

NHS Lanarkshire have committed to extending their staff training provisions, for example by creating a records management module in LearnPro. The Keeper commends this commitment and looks forward to receiving updates concerning this work.

Self-assessment update - 27 July 2022

Show this section

The number of staff trained @ 30/06/22:

Learnpro Records Management – 12,785 (previously 14,069).

Learnpro Safe Handling of Information Awareness – 12,838 (previously 13,077).

There has been a decrease in the total number of staff within NHSL, as temporary staff working within the Covid Immunisation centre and Test and Protect have been released. Therefore the number of staff completing the Records Management Training has decreased.

Organisational Development are also undertaking a culling process to ensure all old accounts are removed from the Learnpro system.

Progress review - 29 December 2022

Show this section

Thank you for this update on the number of staff members receiving Learnpro training in records management, information management and information security (see update under Element 8).

Thank you also for accounting for the slight decrease in numbers as compared to the previous year due to temporary staff members.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

The number of staff trained @ 31/07/24:

Learnpro Records Management – 14,609 (previously 12,785).

Learnpro Safe Handling of Information Awareness – 15,736 (previously 12,838).

Progress update review - 24 March 2025

Show this section

Thank you for this update on staff training which has been noted with thanks.

Element 13: Assessment and review

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

The Plan will be reviewed every three years by the named records managers supported by the Information Assurance Committee and by the NHS Lanarkshire Internal Audit. Individual key policies accompanying the Plan have also been assigned review dates. The Keeper commends this approach and asks that he receive updates following any such reviews, especially if they lead to the revision or creation of new policies and procedures.

Self-assessment update - 27 July 2022

Show this section

A Health Records Management report is submitted to IGC quarterly.

See element 2 for sample of report.

Progress review - 29 December 2022

Show this section

Section 1(5)(i)(a) of the Act states that an authority must keep its RMP under review. As reported under Element 3, NHSL continues to review relevant Policy documents regularly. It is also welcome information that quarterly reports to IGC on Health Records Management are taking place.

Update required on any change.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

A Health Records Management report is submitted to IGC quarterly. See element 2 for sample of report.

Clinical records are subject to regular review by the Clinical Audit Department. This includes both national and local audits.

NHS Lanarkshire’s Internal Audit department has information assurance as part of the audit universe which they use to prepare their audit plan.

NHSL continue to review their Records Management Plan. It is NHSL’s intention to submit a voluntary RMP at the end of 2024.

Progress update review - 24 March 2025

Show this section

Section 1(5)(i)(a) of the Act says that an authority must keep its RMP under review.
It stipulates that records management arrangements are regularly and systematically reviewed with actions taken when required.

Thank you for providing this update on review and audit plans. Confirming that RMP is kept under review is noted with thanks, as well as the planned voluntary resubmission. Participation in the PUR process is also commended.

Element 14: Shared information

Status:

16 May 2016 - agreed plan - Green
29 December 2022 - review - Green
24 March 2025 - review - Green

Keeper's Report - 16 May 2016

Show this section

NHS Lanarkshire have committed upon renewal of contracts with third party contractors to include references to the requirements of PRSA and their obligations to ensure compliance with the RMP. The Keeper welcomes this initiative and requests that he be kept informed of developments in this area.

Self-assessment update - 27 July 2022

Show this section

This is kept under review and we continue to work with our procurement colleagues to embed into contractual reviews.

All 3rd party contractors reviewed annually.

Progress review - 29 December 2022

Show this section

The Assessment Team thanks you for this update. It is great to hear that contractual reviews are completed annually in order to maintain necessary, lawful and controlled information sharing procedures.

Self-assessment Update as submitted by the Authority since 29 December 2022

Show this section

NHSL continue to undertake regular contractual reviews with third party contractors to include references to the requirements of PRSA and their obligations to ensure compliance with the RMP.

Progress update review - 24 March 2025

Show this section

Thank you for confirming that NHSL continues to comply with the requirements of PRSA with regarding to information-sharing.

7. The Public Records (Scotland) Act Assessment Team’s Summary

Version

The progress update submission which has been assessed is the one received by the Assessment Team on 28th August 2024. The progress update was submitted by Michelle Drever, Facilitation and Support Analyst - Records Management.

The progress update submission makes it clear that it is a submission for NHS Lanarkshire.

The Assessment Team has reviewed NHS Lanarkshire’s Progress Update submission and agrees that the proper record management arrangements outlined by the various elements in the authority’s plan continue to be properly considered. The Assessment Team commends this authority’s efforts to keep its Records Management Plan under review.

General Comments

NHS Lanarkshire continues to take its records management obligations seriously and is working to bring all elements into full compliance.

Section 5(2) of the Public Records (Scotland) Act 2011 provides the Keeper of the Records of Scotland (the Keeper) with authority to revisit an agreed plan only after five years has elapsed since the date of agreement. Section 5(6) allows authorities to revise their agreed plan at any time and resubmit this for the Keeper’s agreement. The Act does not require authorities to provide regular updates against progress. The Keeper, however, encourages such updates.

The Keeper cannot change the status of elements formally agreed under a voluntary submission, but he can use such submissions to indicate how he might now regard this status should the authority choose to resubmit its plan under section (5)(6) of the Act.

8. The Public Records (Scotland) Act Assessment Team’s Evaluation

Based on the progress update assessment the Assessment Team considers that NHS Lanarkshire continue to take their statutory obligations seriously and are working hard to bring all the elements of their records management arrangements into full compliance with the Act and fulfil the Keeper’s expectations.

The Assessment Team recommends authorities consider publishing PUR assessment reports on their websites as an example of continued good practice both within individual authorities and across the sector.

This report follows the Public Records (Scotland) Act Assessment Team’s review carried out by

Iida Saarinen
Public Records Officer

File downloads

Document cover image

NRS Public Records (Scotland) Act (PRSA) NHS Lanarkshire Progress Update Review (PUR) 2024 Final Report Web Version 24 March 2025

File type: PDF,
File size: 342.18 KB

Contact details

Was this page helpful? *

Yes

Yes, but

Choose a reason for your feedback *

Your comments Your feedback helps us to improve our services.
Do not give any personal information.