Health records

Good record keeping is a key part of being a skilled and safe health practitioner and in the provision of quality care. Inadequate or incomplete record keeping on the other hand can be a sign of wider problems within a practice, and cause a variety of problems for patients and practitioners.

Taking the time to put a system in place which allows a practice to easily maintain comprehensive health records in paper based, electronic or hybrid formats, is essential.

Why are records so important?
Good health records are vital for continuity of quality health care to patients.

Accurate information about treatment and planning assist in early identification of health problems and also promotes better communication of information between members of a multidisciplinary care team.

Quality health records are a practitioner’s best defence when they need to respond to complaints or claims about the care provided to patients. You will need to rely on your notes if one of the following occurs:
  • AHPRA/professional board or council, or health complaint entity complaints and investigations
  • Coronial investigations and inquests
  • Civil claims for compensation
  • Medicare Australia Professional Services Review (PSR) reviews and investigations.
Missing, incomplete, or illegible documentation can seriously impede patient care and the ability to respond to any of these matters.

Altering and compromising records will impact upon the prospects of success of the defence as this damages a practitioner’s credibility.  Records should not be altered.  Instead, records can be corrected or clarified through a subsequent entry.

Strong, supportive expert opinions are more readily obtained when clinical reasoning, even in the presence of adverse outcomes, is well documented.

What should be included?
The Medical Board of Australia’s Good Medical Practice: A Code of Conduct for Doctors in Australia requires medical practitioners to keep ‘adequate’ records, which are:
  • Clear and accurate
  • Up-to-date
  • Legible
  • Relevant details of clinical history, clinical findings, investigations, information given to patients, medication and other management in a form that can be understood by other health practitioners
  • Sufficient to facilitate continuity of patient care
  • Contemporaneous
  • Respectful. 
Medicare Australia
It is a requirement of the Medical Benefits Schedule (MBS) that all practitioners who provide a service to which a Medicare benefit is payable, maintain accurate and contemporaneous health records which demonstrate how they have met the requirements of the MBS item descriptor. In particular, there are obligations around records being adequate and contemporaneous, similar to the requirements in the Board’s code. For more information review Medicare's Administrative Record Keeping Guidelines.
Key ways to minimise the risk of Medicare concerns leading to a Medicare or PSR review or investigation include:
  • Ensuring you have a clear clinical justification for management decisions, including referrals and prescriptions which accords with generally accepted, competent professional practice
  • Ensuring your notes are legible and contain sufficient detail of history taken, examinations, investigation results, diagnosis and management plans to allow another practitioner to provide ongoing care
  • When claims are made for less common Medicare items there is sufficient reason and notes to justify why the claim was appropriate
  • Avoid breaching Medicare’s 80 – 20 rule
  • Ensuring complete compliance with all Medicare requirements including all item descriptors such as liaising with other care providers and completing certain forms/plans
  • Keeping up to date with item descriptors you use, as they can change
  • If in doubt about whether a certain claim can be made, contact Medicare for clarification or, if that does not assist, speak with colleagues. 
Other resources:
Whether paper, electronic or hybrid health records are utilised, the Commonwealth Privacy Act 1988 sets out legislative requirements with regard to managing the privacy of health records. Commonwealth Privacy Act
The associated Australian Privacy Principles (APP) are legally binding principles based upon the Act which set out standards, rights and obligations in relation to handling, holding, accessing and correcting personal information. For more information consider the Privacy Management Framework.

Practitioners are required to have a privacy policy.  The Office of the Australian Information Commissioner (OAIC) has provided some guidance for developing a privacy policy. The RACGP has also developed a privacy policy template for general practices.

MIGA recommends that:
  • You make a record of all requests and correspondence regarding access to records
  • Only a signed written authority from the patient should be accepted as evidence of consent for release of health information to a third party
  • If you think that access should be denied (even only in part), contact MIGA's claims solicitors for advice
  • A record of all documents being transferred including document date, name, and the address of where the records are being transferred be kept on file
  • A dedicated staff member, with a clear understanding of the legislative requirements, is responsible for managing all access to record requests
  • The staff member should liaise with the relevant practitioner for all requests to clarify any uncertainty about what access should be provided or denied
  • Discussions with MIGA's claims solicitors, or with any other solicitors, should be kept in a separate file as they are likely to be privileged and confidential. 
For more information
OAIC Health and eHealth – list of privacy fact sheets
OAIC draft health privacy guidance
Amendments and alterations
Health records should not be altered. Do not erase, obliterate or attempt to edit notes once they have been made. All corrections, retrospective notes, entries made out of date or time sequence and addenda should be clearly marked as such in the record. They need to be dated and timed on the day they are made, not the date that they refer to.

Retention and destruction
In general, MIGA does not recommend the destruction of health records, however it is accepted that storage of records indefinitely is often impractical.

The Office of the Australian Information Commissioner (OAIC) has produced a Guide to securing personal information which provides practical suggestions to help your practice meet these requirements.

MIGA recommends that you keep some health records indefinitely, such as those listed below:
  • If there have been investigations or treatment for cancer or any other condition where there is a potential for recurrence
  • If the patient or family has expressed dissatisfaction with care in the last three years
  • If there has been an adverse outcome in the last three years
  • If a patient has commenced, threatened or suggested any kind of claim or complaint
  • It is felt there may be a medico-legal concern or potential concern to the practitioner.
For more information on privacy and access to records see the Australian Privacy Principles Guidelines.

With the move to electronic health records scanning of health record documents is ubiquitous in practices. You need to be sure that scanned documents are acceptable as evidence for legal purposes. To do this:
  • The copy must be an exact replica of the original (including colours if applicable)
  • Be unable to be edited
  • Be able to be printed
  • Instituting a scanning policy including using a standardised format for saving the records is useful
  • If scanning is outsourced, ensure a confidentiality agreement is in place with the suppliers which provides for them to comply with Australian privacy laws
  • Ensure the software used provides an automatic audit trail such as use identification of the person who scanned the record as well as the date and time it was scanned
  • Maintain a service log for the equipment utilised
  • Original paper records should not be destroyed solely because a scanned copy has been made, unless satisfied of the reliability of the system used to scan and store the record.
Transferring records
When transferring records, it is important to maintain evidence of where or to whom the record was transferred. This includes the recipient’s name, address and the organisation they are representing.

The best way to protect documents sent via email is to encrypt to ensure the safe exchange of confidential information. Alternatively, transfer records by securely copying password protected records onto a disc or USB device.

Regular mail is generally a reliable and appropriate method of transfer for health records including referrals and test results; however, there may be some circumstances where a more ‘secure’ method of transfer is appropriate.

When sending information outside of Australia, regardless of the purpose, you must obtain the individual’s informed authorisation to disclose the information to a country that may not have similar privacy protections to Australia. This documented authorisation should include user-friendly information on the practical effects of signing it and the patient can opt out or withdraw at any time.

Medical imaging
All medical imaging images are owned by the patient. The corresponding report is the property of the practice, although the patient is entitled to access that information and obtain a copy of it. For more information see MIGA’s Factsheet.

Legal correspondence
Any legal correspondence regarding patient complaints or claims should be kept in a separate file and not the patient’s health record. This includes correspondence to or from MIGA concerning a patient.

It may be that such correspondence is protected by legal professional privilege and accordingly should not be disclosed to the patient.

Insurance policies are issued by Medical Insurance Australia Pty Ltd.  MIGA has not taken into account your personal objectives or situation.  Before you make any decisions about our policies, please review the relevant Product Disclosure Statement (which can be found here) and consider your own needs.