Retention, Access and Storage of Medical Records
How long should we retain various records in our practices? This question often causes confusion and in this article it is hoped that some common myths can be dispelled. We need to look at statutory requirements and recommended retention periods where no statutory retention periods exist.
What are the statutory requirements for retaining records?
The Consumer Protection Act 1987 states that clinical records should be retained for a minimum of 11 years or until the patient is 25 years old, whichever is the longer. Medicolegal organisations prefer that all health records are kept indefinitely. This act also states that patient complaint details should be retained for 11 years. The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) states that accident book details need to be kept for 3 years after the date of the last entry. The Ionising Radiations Regulations 1999 states that accidental exposure to radiation records must be kept for a minimum of 50 years.
The Control of Substances Hazardous to Health Regulations 2002 (COSHH) states that COSHH assessment records must be kept for 5 years, from the date on which the tests were carried out. COSHH regulations also state that health surveillance records should be retained for a minimum period of 40 years and that the HSE should be notified if the employer ceases trading.
Management of Health and Safety Work Regulations 1999 suggest that health and safety risk assessments are updated regularly and retained permanently. Section 221 of the Companies Act 1985 states that accounting records should be kept for 3 years for private companies, 6 years for public limited companies. However in general 6 years are recommended for all companies. The Income Tax (Employments) Regulations 1993 state that Income tax and NI returns, income tax records and correspondence with the Inland Revenue are retained for no less than 3 years after the end of the financial year - to which they relate and, again, 6 years are recommended.
The Statutory Maternity Pay (General) Regulations 1986 state that Statutory Maternity Pay records, calculations and certificates are retained for 3 years after the end of the tax year, in which the maternity period ends. The Statutory Sick Pay (General) Regulations 1982 state that Statutory Sick Pay records, calculations, certificates and self-certificates are retained for 3 years after the end of the tax year, to which they relate. The Taxes Management Act 1970 states that Salary records & overtime, bonuses and expenses records are retained 6 years.
The Employers’ Liability (Compulsory Insurance) Regulations 1998 states that the Employers’ liability insurance certificate be retained for 40 years. The Provision and Use of Work Equipment Regulations 1993 requires that compressors, plugs and fire equipment records are retained until the next inspection. The Special Waste Regulations 2002 requires that waste disposal certificates (Transfer Notes) are kept for 3 years. Health Service Circular (HSC) 1999/053, Records management: code of practice (Apr 2006) state that washer-disinfector and steriliser logbooks and records are kept for a minimum of 2 years.
The GDC requires that Statement of Manufacture of Dental Appliance documents are maintained for the life of the appliance. It is recommended that interview notes and application forms for unsuccessful candidates are kept for 1 year.
Access to clinical dental records
The right of access to records by patients is either under the Data Protection Act or the Access to Health Records Act. Patients can be charged a fee of up to £10 (£50 for manual records) and disclosure must take place as quickly as possible, but in any event within 40 days of receipt of the signed patient request. If a fee is charged then the practice should be able to justify the amount.
Difficulties can arise when someone other than the patient asks for copies of dental records. For example, if the Police request access then it is advisable to contact your indemnity organisation for advice. A court order would normally be required if a disclosure is to be considered.
Storage of Records
Principle 7 of The Data Protection Act requires security for all personal data, whether held on computer or in manual files. This includes physical security from unauthorised access as well as protection against accidental loss, destruction or damage. It also requires security for all personal data, whether held on computer or in manual files. This includes physical security from unauthorised access as well as protection against accidental loss, destruction or damage.
*All information is correct at the time of publishing