Guidance on Record Retention

Incision Indemnity
Surgeons - Medical Professionals -
4th February 2021
3 mins read

Storage, retention and access to confidential medical records is an ongoing activity for surgeons and doctors in private practice. It is not only a professional conduct requirement, but is also crucial to a defence in the event of a claim.

For independent surgeons and doctors who personally hold any records about a patient, even just a few notes and clinic letters, the minimum periods of retention set out in The Private and Voluntary Health Care (England) Regulations 2001 (Schedule 3) are:

  • For patients under 17 years of age at the date of the last treatment, retain until patient’s 25th birthday.
  • For patients aged 17 years of age at the date of the last treatment, retain until patient’s 26th birthday.
  • For patients who died before age 18 years of age, retain for eight years from the patient’s death.
  • For patients treated for a mental disorder, retain for 20 years from the last entry or eight years from the patient’s death.
  • All other cases, retain for eight years from the last entry in the patient records.

These are minimum periods. In certain situations, it may be sensible for an independent surgeon or doctor to retain records for longer, for example if it is foreseeable that they might be needed for long-term clinical reasons. From a legal perspective, the records may be needed to defend a claim, so consider when the patient’s ability to bring a claim expires. The patient usually has three years to bring a claim starting from the date of injury or the date of knowledge of it (usually both dates are close to each other). But there are exceptions, and the court has a discretion to extend the period.  Also, the ‘date of knowledge’ can in some cases be many years after the index surgery. Joint replacements in orthopaedics can be an example, where any error may only come to light if the joint fails early.  Individual surgeons and doctors should consider whether their practice involves the risk of ‘latent’ errors that may take years to come to light. If so it might be prudent to consider retaining records for longer.

Retaining records forever is not possible. A GDPR principle is ‘data minimisation’, so you should not keep the data for longer than necessary.

There is no prescribed method for storage of medical records by independent surgeons and doctors.  Storage of hard copy or electronic records each have their own logistical, security and cost implications. Independent surgeons and doctors should consider the following:

  • How and when you create records as well as who is responsible for transferring these to the relevant file or storage location.
  • Security of the records, short and long term.
  • Ease of access, short and long term, and avoiding getting ‘locked out’.
  • Plans for destruction or deletion of the records once the relevant retention period has expired.

Finally, consider your insurance. If you have any concerns that medical records have been lost, destroyed prematurely or stolen, then immediately contact your medical indemnity provider for guidance. You may need specialist advice, particularly where a data loss requires a report to the ICO, and you may also need to notify your insurers to protect your position. Incision members have access to a medico-legal helpline staffed by specialists who can assist with any necessary notification to insurers as well as ensuring that they get specialist assistance to deal with the incident.