skip to Main Content

Thinking inside the box

0845 602 7006 | 0117 322 6163

Should I scan my records, or just keep them in storage?

To scan or not to scan, that is the question. New technology is marvellous, until it isn’t. Filofile has been on hand to help clients sort out their hard copies of documents when the client has tried to scan records to disk and then discovered the disk has corrupted and all the data lost. That is precisely the moment that keeping hard copies of everything seems extremely wise.

This question is what’s better for you and your company, team, or organisation: to keep physical copies of your documents or to scan them into an electronic format?

When it comes to document scanning versus document storage, everyone has their own opinion and it can be hard to decide which is the best option for you; it’s a bit like comparing apples to oranges.

Scanning medical records is a particularly thorny issue. According to the NHS Resolution website, there are very clear potential risks to patients should there be any change to patient information, and Trusts need to be alive to those risks and potential liabilities.

The website advises that should a patient suffer harm as a result of an inadvertent, accidental or malicious change to any health information/record, or merely because that record did not upload with the same clarity as the original (as a result of it being sliced and uploaded) then that individual would be entitled to bring a claim against the Trust.

As well as the whole scanning issue, there are other potential technological pitfalls. Filofile recently helped a client in the hospitality sector which had lost the records of its entire electronic archive thanks to a data merge. Fortunately Filofile‘s system of bar codes on all the hundreds of boxes housing the organisation’s archives meant it was an easier task to sort out the different records which ranged from project work, to HR documentation, employment records and accounts.

Recently cyber-attacks on health bodies appear to be on the rise again after a hiatus early in the pandemic. For those who haven’t come across the term, a ransomware attack is when a group gains access to an entity’s computer system, sometimes via an email “phishing” attack. They have also involved entering a virtual private network (VPN) that is used by employees to access their employer’s internal computer systems when, for example, they are working from home.

Once inside, rogue actors deploy a piece of malware – malicious software – that encrypts computers, making it impossible to access their content. The bad actor then demands money in exchange for decrypting or unlocking the computers.

While data is not always taken during attacks, if it is it can be used as part of the negotiations. Ransomware gangs have created websites where stolen data is displayed.

It’s clear that there is a lot to consider when embracing digitisation and some excellent advice provided by the NHS Resolution website which could be applied outside of the medical field includes:

  • The same minimum retention period applies to computerised as to paper records. The retention schedules for different types of records are set by various professional bodies.  After the end of the relevant retention period, systems should be in place to ensure that records are safely destroyed in a secure way so that obsolete records are not inappropriately retained.
  • Care needs to be taken to prevent corruption or deterioration of the data stored on computer.
  • Future migration of data will need to be considered as equipment and software become obsolete.
  • Organisations need to ensure that they have good information handling systems in place:
  • Appropriate technical and organisational measures should be taken to prevent the unlawful processing or disclosure of data.
  • Appropriate security measures need to be in place to protect data (records) and unauthorised access.
  • Depending on the digitisation process, organisations will need to consider where the scans are stored – will there be a central location, or will they be uploaded locally? This in turn may give rise to ensuring that there are appropriate encryptions and safeguards to prevent sensitive data being inappropriately available if equipment is stolen, for example.
  • Organisations should consider which staff have access to the records and to what degree.
  • There should also be safeguards in place to ensure that those accessing the system cannot amend records unless the time, manner and author of any change are captured.

Also it’s important to remember, hard copy records are covered by the Data Protection Act and digital ones by GDPR. Organisations should always familiarise themselves with the essential demands of these regulating acts.

Without doubt most companies and businesses will be looking at digitisation in the future, but it is always good to keep hard copies of those essential documents that would be impossible to replace and Filofile’s personalised high-tech document management service is always available to help. Contact us today to discuss which option maybe best for your organisation.

Back To Top