- Your practice must ensure the health information it collects, uses or discloses is relevant, accurate, up-to-date and complete.
- Your practice must ensure health information that is no longer practically or legally needed is destroyed or de-identified.
- Medical records are usually owned by the practice, not the patient.
Maintaining accurate and complete medical records
It is important medical records are accurate, up-to-date, comprehensive and legible. GPs must take reasonable steps to ensure the health information and consultation notes they hold are well organised. Medical records should always be sufficiently detailed and accessible to allow another GP to continue management of the patient. Your practice should use a follow-up system (subject to patient consent) to ensure patients are regularly seen and medical records are maintained accurately with current information.
Patients own the information in their medical record but do not own the medical record itself. Ownership might vary as follows:
- Sole practitioners retain full ownership over their medical records.
- Contract and employee GPs are likely to be creating medical records for their principal or employer and unlikely to own these themselves.
- GPs operating in a partnership might have a claim to a shared partnership interest over some, or all, of the medical records.
- GPs who own an incorporated practice own its assets and this usually includes the medical records. In the absence of any agreement specifying otherwise, multiple owners own the medical records jointly.
It is recommended the ownership of medical records is clarified and documented before GPs commence at a new practice. This will assist in preventing future disagreements when a departing GP intends to take records with them. It is recommended that advice is sought before entering into an agreement.
Despite the above, GPs are required under the Medical Board of Australia’s Good medical practice: A code of conduct for doctors in Australia to promptly facilitate the transfer of health information when requested by a patient.5
Retention and destruction of medical records
Your practice should retain health information as required and in accordance with the applicable laws.
The Privacy Act requires health information to be destroyed or permanently de-identified once it is no longer needed for any authorised use or disclosure.
However, the ACT, NSW and Victoria require medical records to be retained until a young person turns 25, and for adults, for seven years from the date of the provision of the last health service. This overrides the Privacy Act.
Under some state and territory legislation, the destruction of any medical record is prevented when the record is likely to be involved in legal proceedings. It is recommended to seek advice on the current limitation periods that apply to your practice.
GPs must appropriately destroy or permanently de-identify health information following the expiry of these periods.
Retention and destruction of records
- General practices should keep health records for the length of time specified in state or territory legislation.
- Once this time has expired, the APPs require you to appropriately destroy or permanently de-identify health information.
- APP 11 requires that reasonable steps are taken to destroy or de-identify personal information that is no longer needed. The reasonable steps will be dependent on whether the personal information is held in paper or electronic format.
Your practice might choose to permanently de-identify health information rather than destroy it. Care should be taken to ensure there is no prospect of the patient being identified from the remaining information.
The de-identification of health information is more than simply removing the patient’s name. Any identifying information contained in the medical record must be deleted or destroyed to ensure confidentiality.
Whenever the information is in the form of individual data sets, there is a risk the data set could be linked to a particular individual based on details of age, postcode and medical condition. The more information included in the data set, the greater the risk of re-identification.
Even where data is combined, care is needed to ensure the number of people in each ‘cohort’ or sub-group is sufficient to ensure the privacy of the individuals is not breached. For example, the relevant NHMRC guidelines specify a minimum of five sets of individual’s data in each cohort.11