E: support@e-carehub.co.uk



Records and Record Keeping — People Who Use Services (Scotland) Policy

Policy Statement

This policy sets out the values, principles and procedures underpinning {{org_field_name}}’s approach to record keeping. It is produced in line with the national health and social care standards set out in My Support, My Life, particularly statements made under Standard 4: “I have confidence in the organisation providing my care and support”. It should be read and used in relation to other record keeping, information governance and data protection policies.

{{org_field_name}} works to the following principles of good record keeping.

  1. Records required for the protection of people who use the services, and for the effective and efficient running of {{org_field_name}} are maintained, are up to date and are accurate.
  2. People have access to their records and information about them held by {{org_field_name}}, as well as opportunities to help maintain their personal records.
  3. All records are kept in a secure fashion, are up to date and in good order, and are constructed, maintained and used in line with data protection laws, relevant Care Inspectorate guidance and related record-keeping policies on access to records, confidentiality, information sharing and data protection.

Access to Records

{{org_field_name}} considers that access to information and security and privacy of data is an absolute right of every person and that everyone is entitled to see a copy of all personal information held about them and to correct any error or omission in it.

See the Access to Social Care Records — People Receiving Care (Scotland) Policy.


Staff must do the following.

  1. Store all files or written information of a confidential nature in a secure manner in a locked filing cabinet, which can be only accessed by staff who have a need and a right to access them.
  2. Be aware that the relatives of a person who uses the service do not have any automatic right of access to that person’s files and would need to have their permission to see any information on that person.
  3. If the person lacks the mental capacity to give their permission, a “best interests” procedure would then need to be followed in line with the Mental Capacity Act 2005. (See also the Access to Records (Wales) and Data Protection and Compliance with General Data Protection Regulation policies.)
  4. Do not leave files or written information of a confidential nature where they can be read by unauthorised staff or others.
  5. Wherever practical or reasonable fill in all care records and daily notes in the presence of and with the co-operation of the person concerned and checked with them.
  6. Sign and date all care records and notes on the person using the service, including care plans.
  7. Check regularly on the accuracy of data being entered into computers.
  8. Always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.
  9. Use computer screen locking to ensure that personal data is not left on screen when not in use.

Mobile Devices Containing Personal Data

Personal data relating to people who use the services or staff should not be kept or transported on laptops, USB sticks or similar devices, unless authorised by the care manager. Recording data on such devices should be made only where absolutely necessary:

  1. using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
  2. with access or theft by unauthorised people prevented by not leaving laptops or USB drives lying around.

Procedures for Borrowing and Transfer of Files and Records

Staff will always check:

The following information is recorded and regularly monitored.

Retention and Destruction of Records

All records are kept and destroyed in line with established (eg local authority) protocols and Care Inspectorate guidance.

Personal records of people receiving care are always kept for a minimum of three years after they leave the service or after their death.


All staff receive training on {{org_field_name}}’s policy and procedures on record keeping as part of their induction training.

Training to update staff with changes in record-keeping systems and procedures is provided as required.

All staff receive up-to-date training on data protection principles, access to records procedures, confidentiality and good practice in entering information on records on people receiving care.

The nominated data controller and staff responsible for data protection and information governance receive appropriate specialised training to equip them for their respective roles and responsibilities.

All staff who use the service’s computers receive training to develop the required skills and to know how to keep electronic data safe and secure.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}

Reviewed on: {{last_update_date}}

Copyright ©2024 {{org_field_name}}. All rights reserved

Leave a Reply

Your email address will not be published. Required fields are marked *