Shelf of medical records

Medical records - the essentials

The requirements for medical records include clinical guidelines and legal responsibilities. They are also a key communication tool, important evidence of the care you have given for colleagues, to Medicare, during a complaint process, or in a court of law. Key requirements are outlined in this factsheet.

Monday, 2 December 2019

Quick guide

  • Good medical records are essential for patient care and can also assist in the defence of a claim or complaint against you.
  • Patients are entitled to access their medical records. This is a right under privacy legislation and applies regardless of who owns the records.
  • As well as creating good records, it is important to understand and comply with your legal obligations to store, retain and dispose of medical records appropriately.


Detailed medical records are essential for the efficient and safe ongoing care of patients. When creating, maintaining, storing and using medical records, there are a range of legal obligations you must uphold, and ethical considerations to keep in mind.

What are medical records

The term ‘medical record’ refers to many types of health data and includes a patient’s progress notes (handwritten or electronic), referral letters, specialist letters, hospital discharge summaries, pathology and radiology images and reports, other test results, videos, photographs, driver licence medicals, medical certificates and applications for disability certificates and medico-legal reports.

What should medical records include?

Medical records are more than notes to assist your memory. Good records are essential for patient care and can also assist in the defence of a claim or complaint against you.

As a general rule, records need to contain enough information to allow another practitioner to identify the patient and continue their care. They should be clear, contemporaneous and, if handwritten, legible.

Records should include any information relevant to the diagnosis or treatment of the patient, such as:

  • the patient’s medical history, social history and habits
  • the results of any physical examination
  • the patient’s mental state
  • the provisional diagnosis
  • any differential diagnosis considered
  • the results of any tests performed on the patient
  • allergies or other factors that may require special consideration
  • any plan of treatment
  • details of any medication prescribed.

Also include the following details of any medical treatment:

  • the date of the treatment
  • the nature of the treatment
  • information or advice given to the patient (including diagrams and information sheets), for example about material risks
  • documentation of patient consent to treatment
  • the name of any person involved in the treatment
  • details of any anaesthetic given to the patient
  • any tissues sent to pathology
  • the results or findings made in relation to the treatment.

Patients are entitled to access their medical records, so keep this in mind when adding content.

For information on whether you can alter a medical record, listen to the Avant podcast: Making changes to a medical record.

Storing medical records

You can keep medical records in paper or electronic format, or a combination of both. Where there is a hybrid of paper and electronic records, use a system that allows you to cross-reference records for each patient.

Keep records in a reasonably accessible manner to ensure continuity of medical treatment. For example, keep electronic records in a form that allows them to be printed out as required.

Privacy legislation requires you to preserve the confidentiality of the patient’s information, and prevent damage, loss or theft of records. While it is unlikely you would be considered responsible for the theft of records from a properly secured surgery premises, you may be responsible for a theft from the seat of an unlocked car.

Privacy legislation also requires you to protect your records against unauthorised access, disclosure or modifications. If this does occur, for example, a data breach of the practice’s electronic record keeping system, you may be required to notify the patients affected and the Office of the Australian Information Commissioner. You are also required to investigate suspected data breaches.

You can find more information on data security and avoiding or responding to data breaches on Avant’s website: Cyber security – what you need to know 

Patient and third-party access to medical records

Privacy legislation gives patients (with limited exceptions) a right of access to their medical records, including:

  • having a copy of the records
  • inspecting their records
  • having a copy provided to a third party authorised by the patient (for example, a solicitor).

You can generally provide copies of records to third parties where a patient provides consent. To provide valid consent, the patient should give a clear indication of who the records can be released to and which records are covered by the consent. Ideally, the consent should be in writing and signed by the patient. If you receive verbal consent to release records to a third party, you should carefully document the details of the consent. The consent should generally be no more than 12 months old.

You may also be compelled by law to provide documents to a third party. This might be through legislative requirements, a summons or subpoena, a notice of non-party disclosure or a warrant from police.

You can find more information in the Avant podcast: Providing medical records to a third party.

Who owns the medical records?

Ownership of records and access to records are two separate issues. Australian law gives patients a right to access their medical records, regardless of who actually owns the record (as discussed above). The question of ownership can come up when a doctor leaves or closes a practice.

Generally, the doctor who prepares medical records is the owner of those records. However, there are circumstances where the medical records may belong to a practice rather than an individual doctor. This would be the case where doctors work in a centre that has a system for creating, maintaining, storing and accessing patient records, with ready and continuing access to those records being vital in the interests of the patients, doctors and administrative staff.

Where doctors practise together or are in shared premises the question of ownership can become complicated without an express agreement. It is useful to clarify these matters when you start work in your practice.

Transfer of medical records

If a patient seeks to transfer to another practitioner at a different practice, the new practitioner is entitled to information required for the proper ongoing care of the patient. This includes a treatment summary or, preferably, a copy of the patient’s medical records.

There is no obligation to provide original records. The patient is responsible for the reasonable cost of providing this information but failure to pay should not prevent relevant information being provided to the new practitioner. In some states, the cost of providing this information is capped by regulation.

Patients must sign an authority to transfer their care and records to another practitioner. The authority should:

  • request the transfer of a copy of the records to the new practitioner
  • contain the name and date of birth of the patient
  • be signed by the patient (or parent/guardian) and dated.

When records are transferred to a new or relocating practitioner, the practice should keep a record of:

  • the patients transferring to the new or relocating practitioner
  • the date the authority is received
  • the date of transfer of the records
  • whether the original record has been transferred and a copy made
  • the location of the records and the name of the new practitioner.

If you are a relocating practitioner, you need to negotiate transfer of patient medical records with the previous practice and keep a copy of the patient’s signed consent form in the patient record at your new practice.

Retaining and disposing of medical records

Avant recommends all doctors retain the complete medical record of an adult patient for at least seven years from the date of last entry in the record. For children, the record should be kept until they would have reached 25 years old. Some states and territories have legislation that specifies these minimum periods for record-keeping, and these periods provide a useful guide for doctors practising in other states.

Maintaining confidentiality is paramount when you destroy any medical records. Legislation in some states and territories requires you to keep a register of health records that are destroyed. This is good practice in any event.

You can find more information in the Avant factsheet: Storing, retaining and disposing of medical records.

For information on managing records after a patient dies, see the Avant factsheet: Medical records of deceased patients; or listen to the Avant podcast: Deceased patients’ medical records.

More information

For medico-legal advice, please contact us here, or call 1800 128 268, 24/7 in emergencies.

Download factsheet

Medical records: the essentials (PDF)

Disclaimers

This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practice proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgment or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published. [November 2019]

To Top