COVID-19 information and FAQs >>
Find out if you’re eligible for substantial savings on your professional indemnity insurance
Find out if you're eligible for substantial savings on your professional indemnity insurance
Good quality medical records are essential to the
proper ongoing care of patients and the defence of any claims made
A 'medical record' is a general term for all of the information
collated about a patient for the purpose of treating that patient,
Medical records should include the following information:
Medical records should also comply with any relevant legislation
for record keeping.
PracticeHub is an online practice management platform providing you with essential tools and resources to help reduce complexities, risks and costs involved with managing a practice.
Find out more
In a private medical practice, the ownership of the medical
records depends on the structure of the practice in which the
doctor works. It is advisable for doctors to clarify ownership of
the medical records at the beginning of a contract to avoid any
disputes when the doctor leaves the practice as to whether copies
of the medical records can be taken with the doctor.
Subpoenas or summonses seeking production of medical records for
legal proceedings should be addressed to the owner of the
Medical records may be kept in paper or electronic format, or a
combination of both. Where a 'hybrid' of paper and electronic
records is used, a system is required to cross reference the
records for each patient. Electronic records need to be kept in a
form that allows them to be printed out as required.
Medical records should be retained for as long as required by
relevant Australian, state or territory government legislation.
Generally, this means that inactive individual patient medical
records should be kept until the patient has reached the age of 25
years or for a minimum of seven years from the time of last contact
- whichever is the longer.
Medical records checklist
Disposing of paper copies of notes that have been transferred or
scanned into the electronic records is allowed as long as the
disposal is done in a manner which preserves confidentiality and
complies with legislative requirements. In New South Wales, a
register of all records that have been destroyed should be kept.
Whilst this is not a requirement in other states, it would be
considered good practice to keep a record in other states as
Organisations that hold health information must take reasonable
steps to protect the information from loss and unauthorised use or
To ensure that electronic records are kept safe from damage,
loss or theft complete backup of the computer record should be
performed on a regular basis and the backup discs stored off-site.
Computers should be password protected and the passwords changed on
a regular basis.
Seek advice from an IT specialist regarding protection against
unauthorised access, amendment of records, computer viruses,
firewalls and quality of resolution of scanned documents.
See: RACGP Computer and information security standards
At common law, a patient does not have a right of access to his
or her medical records. However, under privacy legislation,
patients have a right to request access to their records. Access must be provided subject to any limitations and
procedures set out in the legislation.
Patients should ideally provide a written request for access to their records
or to request a transfer of their records. A copy of the request
should be kept in the patient's medical record.
If a patient wishes to transfer to another doctor, the new
practitioner is entitled to a treatment summary or a copy of the
records. The transfer date and location of transferred records
should be maintained in a register, and the transfer date added to
A reasonable cost can be charged for providing copies of medical
Article: A practical guide to managing medical record requests
Since July 2012, Australians have had the option of registering
for a personally controlled electronic health record (PCEHR). This
patient-controlled record is kept completely separate from the
patient's electronic medical record. The fact that a patient may
have a PCEHR does not alter the doctor's obligation to maintain a
medical record for the patient.
Access to, and disclosure of, information in the PCEHR is
subject to the PCEHR Act 2012 (Commonwealth) and associated rules
and regulations. Organisations registered with the PCEHR system
should be aware of their obligations under the legislation.
The Office of the Australian Information Commissioner (OAIC)
regulates the handling of information under the PCEHR system. It
recommends that health care providers should:
RACGP Electronic health records
RACGP Computer and Information security standards
Privacy obligations of medical practitioners in regard to patients' records and health information:Nationally, the Privacy Act 1988In New South Wales - Health Records and Information Privacy Act 2002In Victoria - Health Records Act 2001In Australian Capital Territory - Health Records (Privacy and Access) Act 1997