medical notes and keeping records

[Want2BSelfemployed]

Does anyone know the rules on storing notes electronic and paper. If I have assessments on laptop and written notes in filing cabinet at home. What are the rules with laptop and written storage and back ups if ie my house caught fire and destroyed the paper and electronic information? Do I have to store the reports for ie 15 years also?

What sort of medical records? I'm the medical record co-ordinator in a GP practice & all notes are kept there, I'm not allowed to take them away (not that I'd want to!). Records are kept in locked cupboards if they're not behind security coded staff doors.

I have to go out but I'll pop back later.

Hi Lemon thanks for replying. It would be private diagnosis assessment reports. Also the assessment tools used (paper or could buy electronic if it makes storing it easier). I have a lockable filing cabinet at home for paper records if I decide to have paper notes. Need to know full rules on this.
Also if on laptop what lengths do I go to to ensure privacy, storage and back up incase of fire etc

Speak to your professional association. They should be able to put you in touch with someone who can advise you.

I'm in a different field. We have to keep records for seven years after they are still useful, and in two formats (eg electronic and paper). They don't have to be easily accessible, though, so most of us use outside records storage companies for things that aren't active.

You can get fireproof safes and cloud electronic storage. That's probably the best solution around for a small business at the moment.

You could easily run into serious privacy and security problems with cloud electronic storage.

You would need a very clear contract specifying where the data is being kept, who owns the data, who is allowed to take back-ups of the data (and what happens to those), and the full security and privacy provisions. You'd also need a good grasp of the laws covering your sort of data, and how they interact with your provider's activities (eg some data cannot be processed out of the country without explicit permission from the subjects).

A lot of bigger companies have suddenly gone "Woah" about the cloud since recent major hacks plus the Snowden thing.

Yes, it is more complicated for bigger companies. Small businesses or sole traders, on the other hand, are what we are talking about here. Using a good provider with a watertight contract goes without saying, surely?

If it's medical records, though, the same level of security will be required regardless of company size.

And yer'd be amazed at the shit people upload to fuckknowswhere without thinking.

Friend at tech multinational found colleagues converting confidential bid documents to PDFs by uploading them to an online application. They're IT professionals, and yet...

::shudder::

It's like some people have never heard of encryption.

Have a look at the NHS Records Managament Code of Practice. It'll give you guideance for 'best practice' to follow.