Record Keeping

The British Dietetic Association (BDA) and Sports and Exercise Register (SENR) proudly represent the dietetic workforce, and accredited professionals within the speciality of sports and exercise nutrition, respectively. Registrants have a professional and legal obligation to keep an accurate record of their interaction with service users or clients.

This record keeping guidance is intended for use by all members of the BDA and SENR, who include registered dietitians, dietetic support workers/assistants, student members and sports nutritionists. These guidelines apply to all roles and settings in which they work.

This guidance document comes at a time when there is huge variability in terms of the use of paper or digital records across the profession. Therefore, has been written in such a way as to provide members of the BDA and SENR registrants with the principles that underpin good record keeping no matter what format their records are in or where they are employed.

This guidance is necessarily broad and cannot provide definitive answers to every situation a member/registrant may encounter. Nor does it provide a rigid framework for an auditable standard. It does however, provide the principles that will guide dietitians, the wider dietetic workforce and sports and exercise nutritionists in making, protecting and sharing of clinical records and any other personal data that they hold. These guidelines should be used alongside any record keeping guidelines set out by your employer.

Traditionally, health records have been thought of as having both primary and secondary purposes. As the digital world evolves around us, and service users increasingly expect data from their record to be used (anonymously) for service reporting and clinical research to enhance both the quality and diversity of service provision. The boundary between what is considered a primary and secondary purpose is becoming blurred.

Making the record

Records are fundamental to safe and effective service provision.

Protecting the record

All record keeping is governed by the European Union General Data Protection Regulations (GDPR).

Sharing the record

Your duty to share information in line with GDPR, is as important as your duty to maintain patient confidentiality.

Being able to make and maintain records is a requirement of HCPC and SENR Code of Professional Conduct and all those who provide direct care are required to keep records. You have a duty to communicate fully and effectively with colleagues to ensure that they have all the necessary information to provide safe and effective care.

• You should complete the record as soon as possible after the consultation or event and certainly within timescales stipulated in local policies. This should normally be within the working day. Click here to read a case study on the possible consequences of not completing a record in a timely fashion. 
• You should communicate clearly and concisely in an appropriate style so that your message is understood.
• You must write in a way that the person you are caring for could understand your entry.
• Records should be structured in a way that is conducive to capturing relevant information efficiently and in a way that information is accessible when needed. Review the record template in the key resources section which can help guide you to structure your notes and improve them.
• You should embrace information standards, realising that the record is only part of the health and social care jigsaw. You should proactively seek to implement and adopt existing standard templates and terminology that enable consistent recording of quality data across systems and organisational boundaries. Click here to visit The Professional Records Standards Body (PRSB) which develops national standards for the structure and content of health and social care records.
• Where possible the BDA’s SNOMED (Systematized Nomenclature of Medicine) subsets should be incorporated into electronic record templates to promote consistent practice across the profession. (Not applicable to SENR registrants).
• You should avoid approximations, jargon, meaningless phrases, irrelevant speculation, bias.
• The BDA and SENR does not have a definitive list of abbreviations. Use of abbreviations varies nationally, locally and even within different departments of the same organisation, it is good practice to check if your organisation has a ratified list of acceptable abbreviations or acronyms and adhere to it.
• If you are recording that a decision has been made you should record how those decisions were made; including the information that lead to that the decision, to include who was involved in the decision-making process.
• If your records are hand written they must be legible, written in permanent ink and be legible when photocopied or scanned.
• You should adhere to local policy regarding signing and dating record entries including signing in and out of computers using your own unique ID. You are responsible for your records.
• The decision to delegate tasks (e.g. completing a client record) and the subsequent countersigning of said record must be a reasoned and individual decision. If there is no local policy, the ultimate responsibility about when and how delegation and countersigning take place lies with the supervising dietitian or sports and exercise nutritionist. All student entries into the record must be countersigned by the supervisor.
• You should check your record for mistakes
• If you need to alter a record you must adhere to local policy and ensure that all changes are clear, non ambiguous and signed and dated (electronically or by hand). Electronic patient recording systems should have a built in audit trail that meets ISO standard ISO 27789:2013.
• Records should be audited regularly and action taken to ensure best practice, patient safety and quality of care. Review the audit tool in the key resources section which has been developed by the BDA to help you audit your own records.

A health or care record is any record of information relating to someone’s physical or mental health that has been made by (or on behalf of) a health professional. Such records are extremely personal and sensitive.

A record is comprised of all data relating to an identifiable individual including but not limited to written records, emails, letters, diaries, photos, scans and monitoring charts. From paper to hard drives to the cloud, client data may be stored in a variety of platforms.

All personal data in the UK is governed by the 2018 Data Protection Act and EU General Data Protection Regulations (GDPR) 2018. There are 6 principles of the GDPR which must be adhered to. GDPR goes beyond the health care record and is applicable in all aspects of work where the processing of data that could personally identify an individual occurs.

Therefore, GDPR covers the whole business. For example, application would include but is not limited to personal data held as part of recruitment tasks, employment, running events and marketing services.

• You must recognise your duty as a data processor or a data controller and abide by the regulations stipulated in the GDPR.
• Every organisation and sole trader who processes personal data must register with the Information Commissioners Office (ICO). If you work for an organisation (such as an NHS Trust, health board or private company), your organisation must be registered. If you provide patient care as a freelancer you must register yourself via the ICO website. Click here to register via the Information Commissioners Office (ICO) website. 
• If you are employed, you must acquaint yourself with local systems and adhere to policies and procedures that safeguard records. This may include possessing a smartcard, using electronic passwords, filing and storing records securely.
• If you are a freelancer you must map the flow of personal data through your business, identify and mitigate risks and have your own policy on how you process personal data. You should create a privacy notice and ensure that clients and prospective clients understand what data you need and how you will process it. Consent for sharing can be obtained via a privacy notice.
• You should only access the records of patients and clients for legitimate purposes and should never access records for yourself, family or friends.
• You should take all reasonable steps to ensure that records are stored securely to prevent unauthorised access or loss.
• You should not hold conversations regarding the content of records in public and should ensure that the content of records in not made visible on trolleys, computer screens or desks.
• You should report issues of missing/ accessing records to your line manager if you are employed. If you are a private practitioner, you must keep a record of any data protection breaches and follow ICO guidance if they occur. This may involve informing the ICO of the breach.
• Do not keep records for any longer than is necessary. There are legal requirements for how long health records should be kept. Each UK country sets out minimum retention periods for NHS health records. You can review the record retention policy set out by your country below:
  • England:  The Records Management Code of Practice for Health and Social Care 2016
  • Scotland: Scottish Government records management: code of practice
  • Wales: Welsh Non-Clinical and Clinical Record Schedule
  • Northern Ireland: Northern Ireland Department of Health, Social Services and Public Safety. Good management, good records - health acute and community
  • Additionally you may find the following guidance from the British Medical Association useful.
  • The minimum retention periods apply to all formats/mediums which contain components of information relating to the health record. Although the retention policies outlined apply to the health departments in the devolved nations, private practitioners would be advised to apply the same retention periods.

The duty to share information can be as important as the duty to protect client confidentiality. You have a legal duty to disclose confidential information if there is risk of harm to the service user, yourself or others. This may mean sharing information without consent. If you work for the NHS you should discuss your scenario with your trust’s Caldicott guardian.

• You must gain consent and record that you have obtained consent to share data about a patient. If you are employed you must adhere to local policies. If you are a freelancer you should include a privacy statement as part of your data processing policy .
• You should understand how any information you share is going to be used and be able to articulate this to the patient
• You should check that systems for sharing records are secure such as email, fax, letter.
• You should take care when using social media that information is not shared inadvertently.

Record Card Audit (Example)

Dietetic Care Record (Digital)