The Chief Executive Officer is accountable for records management and for ensuring compliance with the Data Protection Act in an NHS Board.
All NHS staff are responsible for the records they create or use. This responsibility is established and defined by the law 'Public Records (Scotland) Act 1937'. All staff whether clinical or administrative, who create, receive and use corporate or personal health records have records management responsibilities and must manage these in accordance with the NHS Boards Records Management Policy.
There should be up-to-date written policies and procedures to cover all aspects of the management of corporate and personal health records. These policies and procedures should cover the privacy, confidentiality and security of records through all stages of the records lifecycle including physical transportation within and out-with NHS Boards boundaries.