Not too late to join! Request a quote for your indemnity insurance.

Get a quote

Management of patient records

Ben Ryan, Avant Law - Senior Associate, Commercial & Corporate

Michael Mobberley, Avant Law - Senior Associate, Estate Planning & Probate

Sunday, 5 May 2024

woman walking through patient records

How do you manage patient records?

The expectations for practices and health professionals when dealing with patient records can be confusing and often overwhelming. While these expectations are understandable given the nature of the information, it can leave practices often asking more questions. In light of recent developments and changes in the way some practices operate, it is important to review how you manage your patient records.

How do I collect patient information?

From a patient’s first contact with the practice, it should be clear how the practice is collecting, storing, using and otherwise dealing with the patient’s information. Practitioners should ensure that there is a privacy policy on the practice website explaining how the personal information will be collected, used and stored, and the patient’s registration/consent form completed on arriving to the practice authorising such collection and use of their personal information.

How do I store patient records and how long do I need to store them for?

Patient records must be stored as either a physical or electronic file (or both) that can be easily accessed and in a manner which:

·      Protects the records from damage, loss or theft/unauthorised access (including       (including if stored electronically having measures in place to protect against       cyber theft and data breaches).
·      Preserves the patient’s confidentiality and privacy. 

All records for adults should be stored for at least seven years from the date you last saw/dealt with the patient. Where a patient is under the age of 18, the record should be kept until they would have reached 25 years old.  When storing electronic copies of patient records, we recommend engaging with an IT Provider medical practice specialist who will be able to support you with active data protection measures (including encryption, multi-factor authentication and regular backups (within Australia).

What do I do if someone requests a copy of the patient record?

Before you can disclose a patient’s records, you must ensure that you have the patient’s consent to do so, or are otherwise authorised by law to do so” to take into account the situations where you can disclose patient information without consent.

The patient’s consent should be signed and specify:
·      Who they are authorising a copy of the file be provided to (e.g. their doctor, their lawyer or themselves); and
·      What records they are authorising to be released (i.e. specific records or their entire file).

Once you have the patient’s consent, you can provide the copies as directed in the authorising consent.  

You are entitled to charge your reasonable costs of making the records available. This can include fees that your practice management software provider charges to extract the records from your system. Subject to where your practice is located, there may be specific regulations addressing the recovery of fees.

Who owns the patient records?

The issue of ownership of patient records is complex. It depends on many factors, including the terms of the contract between the practice and practitioner, and has several practical implications, particularly when a practitioner leaves a practice. If a practitioner is part of a partnership or incorporated practice, multiple practitioners may be entitled to a copy of the records.

Ownership of records and access to records are two separate issues. Regardless of who actually owns the record, patients have a right to request access to their records, subject to any exceptions under the privacy legislation, and records can only be disclosed with the patient’s consent or as otherwise authorised by law.  

What if I work in a hospital or for a government entity?

As a general principle, if you work in a public hospital/facility, the patient records will be managed by that hospital and its policies. If you also see a patient privately then you would need to ensure that you are complying with the legislation and rules which apply to your private practice as well.

What do I do if I sell the practice?

In selling your practice, you may need to obtain the consent of a patient to the release/transfer of their records to the new practice owner subject to where your practice is located.   

As part of any settlement period, practitioners will need to be careful to protect the records and maintain patient confidentiality. In some circumstances a consent may not be required and there are several exceptions that may apply. For example, where a practitioner sells their interest in the company that owns the practice as the entity running the practice will remain the same. 

It is important to note that in some states/territories, there is specific legislation that details how records are to be dealt with when selling a practice. In Victoria and the ACT, practices must advertise in a local newspaper the sale of the practice and how records will be dealt with in the process. 

The practice and practitioners will also need to be mindful of retaining patient records for the required periods outlined above and for their own off-risk purposes.

What do I do if I close the practice or am no longer able to operate the practice?

Similar to the sale of a practice, in some states/territories there is specific legislation that details how records are to be dealt with when closing or shutting down a practice. In Victoria and the ACT, practices must advertise in a local newspaper the closure of the practice and how patients will be able to access their records once closed.

The practice and practitioners will also need to be mindful of retaining their patient’s records for the required periods outlined above and for their own off-risk purposes. 

We can help you

If you have any questions, or would like more information about how we can assist you or your practice, please call 1800 867 113, or to organise a confidential discussion at a time that suits you, please click here 

Want more information?

Medical records - the essentials

Storing, retaining and disposing of medical records

Planning for retirement: wat you need to know

Providing medical records to a third party

Medical records: Chapter two - legal requirements (member only eLearning course)

Topic

Other resources

  1. chat gpt

    “Chat GPT for medical practice websites - what medical practices need to consider”

  2. lock

    Potential changes to privacy rights and impact on health practices

  3. data segregation

    Data segregation

More ways we can help you

Indemnity insurance
Health insurance
Practice solutions
Finance
Legal services
Life & income protection

About the authors

Ben Ryan

Ben Ryan is a Senior Associate in the commercial and corporate law practice at Avant Law, based in Brisbane. Ben has been working with medical practices since 2013. Ben works primarily on commercial structuring and intellectual property matters to help clients achieve strategic and commercially sensible results. He pursued a career in law to provide reliable and honest support to those in need of legal assistance and enjoys working with clients to develop solutions-oriented legal strategy and advice.

Michael Mobberley

Michael Mobberley

Michael Mobberley is a Senior Associate in the estate planning and commercial law practices at Avant Law, based in Sydney. Michael is an accredited specialist in Wills & Estates and holds a Masters degree in Corporate, Commercial and Taxation Law. Michael provides advice to both individuals and businesses on a range of matters, as well as acting for clients in contested estate and family provision claims.

Disclaimers

The information in this article does not constitute legal advice or other professional advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of this content. The information in this article is current to 6 May 2024. Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law Pty Limited are members of the scheme. © Avant Mutual Group Limited 2024.

To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation, Avant acknowledges the Traditional Custodians of Country throughout Australia, and their connections to land, sea and community. As a national organisation, we pay our respects to Elders past and present, of the lands on which we gather and work, and extend that respect to all Aboriginal and Torres Strait Islander peoples.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Finance is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.