Are you sure you comply with BS 10008?

In this brave new digital world, we are all inexorably moving towards the time where sharing health records electronically is becoming a reality.

In so doing, legitimate concerns arise such as how can we be reassured that the information received from another provider is trustworthy? How will you know the information is authentic and that the original paper documents have not been altered? The BS 10008 Standard provides such re-assurance.

When scanning health records and storing them electronically, complying with BS 10008 (Evidential weight and legal admissibility of electronic information) is not an option or a nice-to-have. It’s a requirement laid out in the NHS Records Management Code of Practice.

We already comply with BS 10008...

We regularly come across organisations who think they comply because their software vendors have told them their systems and hardware comply, perhaps because they have an ISO certification… “don’t worry about it, you’re covered”… they may say. Unfortunately the reality is not that simple.  

BS 10008 is not only about the electronic systems in place.  In practice, it is principally about the procedural systems in place.  In simple terms, complying with a standard is about documenting how you comply via written policies and procedures; and then making sure staff apply those policies and procedures via audits.

The difference between BS 10008:2008 and 2014

Many NHS Trusts and organisations have sought to attain compliance with BS 10008:2008, or at least its predecessor BIP0008.  However, a new version of the BS 10008 standard: BS 10008:2014 was released late in 2014. This means that unless they have recently been reviewed and updated, the processes, policies and procedures documented previously are now out of date.

The scope of compliance, i.e. which systems and electronic information are covered by the BS10008 compliance may be such that you are not affected by the change.  

At a glance, the main areas where differences between the two editions can be found are as follows:
•    The structure of the standard itself has changed to align with the new ISO/IEC Directives;
•    Inclusion of structured data (i.e. data stored in structured databases);
•    Inclusion of big data;
•    Inclusion of stewardship of electronic information as an important organisational activity.
Let us know if you need help with your 2014 edition gap analysis. We will make sure you still comply.

How to find out if you comply

To help you determine if you really do comply, we have put together a quick self-evaluation questionnaire. If you can answer yes to all the questions, you probably comply.

Whether you are in the process of obtaining external certification with BSI, or have decided to self-certify, we can ensure you comply and have no surprises.  Contact us to see how we can help you.