Portsmouth Cardiac Associates
 
Please call us on 023 9236 5010 to discuss your requirements or email info@portsmouthcardiac.co.uk
 
 
 

Portsmouth Cardiac Associates Limited Data Retention Policy

Retention Summary
The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. However, it is a fundamental requirement that all of Portsmouth Cardiac Associates Ltd's healthcare records are retained for a minimum period of time for legal, operational, research and / or safety reasons. The length of time for retaining records will depend on the type of record. Below you will find a summary of the various types of data we hold about you and how long each will be kept.

1. Purpose
1.1
The purpose of this policy is to detail the procedures for the retention and disposal of information to ensure that we carry this out consistently and that we fully document any actions taken. Unless otherwise specified the retention and disposal policy refers to both hard and soft copy documents.
2. Review
2.1
Review is the examination of closed records to determine whether they should be destroyed, retained for a further period.

3. How long we should keep our records
3.1
Records should be kept for as long as they are needed to meet the operational needs of Portsmouth Cardiac Associates Ltd, together with legal and regulatory requirements. We have assessed our records to:

  • Determine their value as a source of information for Portsmouth Cardiac Associates Ltd to continue to provide healthcare.
  • Determine their value for fulfilling contract for the delivery of healthcare.
  • Assess their importance as evidence of business activities/decisions and ensure accounts and billing is accurate and up to date.
  • Establish whether there are any legal and regulatory responsibilities required by law or regulators in providing healthcare (including: GMC, EU General Data Protection Regulation 2018).

4. Disposal schedule
4.1
A disposal schedule is a key document in the management of records and information. It is a list of series or collections of records for which predetermined periods of retention have been agreed between groups and the DPO.

4.2 Records on disposal schedules will fall into 2 main categories:
1. Destroy after an agreed period – where the useful life of a series or collection of records can be easily predetermined (for example, destroy after 3 years; destroy 2 years after the end of the financial year).
2. Review – see 2 above.

4.3 Records can be destroyed in the following ways:

  • Destruction
  • Personal information – cross cut shredded and pulped or burnt.
  • Special categories of personal information– cross cut shredded and pulped or burnt.
  • Electronic equipment containing information – hard drives destroyed by using physical destruction and individual folders they will be permanently deleted from the system.

4.4 Destruction of electronic records should render them non-recoverable even using forensic data recovery techniques.

5. Sharing of information
5.1
Duplicate records should be destroyed. Where information has been shared between business areas, only the original records should be retained.

5.2 Where we share information with other bodies, we will ensure that they have adequate procedures for records to ensure that the information is managed in accordance with the relevant legislation and regulatory guidance.

6. An audit trail
6.1
You do not need to document the disposal of records, which have been listed on the records retention schedule. Documents disposed of out of the schedule either by being disposed of earlier or kept for longer than listed will need to be recorded for audit purposes.

6.2 This will provide an audit trail for any inspections conducted by the Information Commissioner and will aid in addressing Freedom of Information requests, where we no longer hold the material.

7. Monitoring
7.1
Responsibility for monitoring the disposal policy rests with the DPO. The policy should be reviewed annually.

Type of record Start of retention period Minimum Retention Period Comments
Records Management   Until superseded  
Credit Card details with no outstanding debt on patient's account Receipt of credit card details 6 months  
Credit Card details with outstanding debt on patient's account Discharge of debt 6 months  
Invoices to patients regarding their treatment Close of financial year to which the invoice relates 7 years  
Contracts End of contract 7 years from end of contract  
Medical Records/Patient Letters Conclusion of treatment 30 years  
Litigation records Case closure 8 years  
Patient enquiries - Email Conclusion of treatment 30 years  
Complaints case file Closure of incident 8 years