Best Practices To Follow While Storing Medical Records

shutterstock_132232103Gone are the days where your doctor would sit opposite you and have your paper file out ready to make handwritten notes. Remember the rotoscans that took up valuable floor and storage areas? You may still have paper files in your clinic or held offsite in secure storage. The move to practice management systems in healthcare was a welcome change. This revolutionised the way we use, stored and shared personal information.

Considerations when managing medical records: -


For paper records, options include storing them onsite (if you have the room and security), storing them offsite in an appropriate secure storage facility or scanning them into your PMS. EHR (Electronic Health Records) held on your PMS will remain there indefinitely as your practice record of consultations.


Requests to share personal information comes from Insurance companies, Accident Compensation Corporation, other medical providers and the Police to name a few.

I recommend scanning ALL hardcopy requests into the patient records as well as a copy of the information sent. Note in your PMS system the date, details of the request and when it was sent (in Medtech in the contacts field) for reference where any staff can view.

Insurance companies that are not part of SureMed need to provide evidence of a signed consent as part of the documentation from their client (your patient) that authorises the collection of the specific information. Similarly, ACC requests for more information are at the consent of the patient upon them signing the ACC declaration for their injury.

Disclosing mental health information

Patients under the care of mental health services are entitled to their privacy. Information sharing is dependent on the individual diagnosis and if there is a concern for their safety or the safety of others.

Click for more information.

Phone Inquiries

Inquiries come directly to your receptionists for patient information through phone calls. Ensure your receptionists are skilled in managing phone inquiries. I recommend you discuss any challenging requests at meetings/huddles to further support your team and empower them with the confidence to manage the more difficult queries.

Some examples of the more challenging calls: -

Mother calling to check if her daughter has a booked appointment (daughter is fifteen)

Insurance company calling on behalf of their client (your patient) to verify the diagnosis on a claim that has been lodged.

Employer phoning to verify their employee attended an appointment

Quiz time

How long do we need to keep medical records?

Health information should be kept for no longer than they a have a lawful purpose. Medical records MUST be kept for ten years from the last time the patient received services. Exceptions would be if the patient transferred to another medical provider for care, if the patient has received their complete file or if the patient had died, and a complete copy was requested by the executor of their estate.

Have any question or want to book a meeting me, use the links below. 

Connect with me on LinkedIn
Read my staff bio
Book a meeting with me

Kerry Wilson
"It isn’t about the technology, it’s about the information you need to expand your business."

Kerry Wilson
Think I.T. Team


Are your employees up to date on their security awareness?

Cyberwarfare is a part of a new reality as evidenced by the distributed denial-of-service (DDoS) attacks targeting the websites of the Ukrainian defence ministry, army, and two of the country’s largest banks several days before the Russian invasion. These were the most significant attacks of this kind the country has ever faced, according to government officials. The U.S....  more...