This article is under review
Why keep records?
Dental professionals are required to make and keep accurate dental records of care provided to patients, whether NHS or private. Dental Protection is frequently contacted by members who want to understand how long records should be retained by the practice.
There are a number of pieces of legislation that require both NHS and private practitioners to keep records. These include: The Consumer Protection Act 1987 under which an action could arise for a defective product, the Medical Devices Directive (Directive 93/42/EEC), which relates to custom-made devices, the Medicines Act 1968 and the Misuse of Drugs Regulations 2001.
The Health and Professional Social Services General Dental Services Regulations (Northern Ireland) 1993 as amended by the Health and Personal Social Services General Dental Services (Amendment) Regulation (Northern Ireland) 2008, requires all NHS treatment records to be retained for a period of not less than six years from that date on which the last treatment took place.
The NHS GDS contract requires that records are made of any treatment provided. It also specifies the length of time that records must be kept, in accordance with the contract. The NHS contract currently requires records to be kept for six years in Northern Ireland, but Dental Protection’s advice is that clinical records should be kept for longer than this minimum period.
The RQIA, which was established by the Health and Personal Social Services (Quality, Improvement and Regulation) (Northern Ireland) Order 2003, is the Northern Ireland equivalent to the CQC. The main responsibilities of the RQIA are the registration, monitoring, inspecting and overseeing the quality of health and social care services in Northern Ireland provided by both statutory and independent providers.
Any dental practitioners providing private dental services have since 2011 been required to be registered with the RQIA.
What do the regulations say?
The regulations also advise that records should be kept up to date, available for inspection at all times. Under the 2011 regulations practitioners are required to retain records for a period of not less than 10 years from the date of the last entry. Therefore dentists registered with RQIA are required to keep clinical records for a minimum period of not less than 10 years.
The Consumer Protection (Northern Ireland) Order 1987 provides for a patient to bring an action against a supplier within ten years for the supply of defective products. This could include laboratory fabricated materials such as dentures. Therefore this could explain why the RQIA advises practitioners to retain records for a minimum period of ten years.
What does the GDC say?
The GDC imposes a professional obligation to create records to document dental treatment that is provided to patients. This obligation is set out in Standards for the Dental Team; Standard 4.1
‘You must make and keep contemporaneous, complete and accurate patient records’
Accurate dental records can help practitioners to reach a diagnosis, by providing detailed information about the changing oral health status of a patient. Detailed records can also help to prevent adverse incidents occurring, for example, if the records are not clear, the wrong tooth could be treated or a previously noticed carious cavity overlooked.
Access to records
Patients have a statutory right to see records made about their dental care. While they live this is under the Data Protection Act 1998. If they die, the right passes on to those who may have a claim against their estate and arises under the Access to Health Records (Northern Ireland) Order 1993.
Complaints and claims
Despite a practitioner's efforts to ensure that patients are satisfied with their treatment, unfortunately complaints and claims may arise. Without reference to contemporaneous records a dentist will be heavily disadvantaged in defending allegations. Detailed records of treatment can make the difference between robustly defending or needing to settle a case.
How long should records be retained?
This decision is not as simple as it seems. The Data Protection Act states that someone holding sensitive personal data (which includes, dental records) should retain that information no longer than necessary. There is no definition of ‘necessary’; this will depend on individual circumstances.
The Department of Health, Social Services and Public Safety has come to practitioners’ assistance by setting out some guidelines in the Record Management, Good Management, and Good Records guidance. By that guidance practitioners are encouraged to put a maximum period of 30 years on retention.
Short of 30 years, the NHS code suggests the following:
- 11 years (adults)
- To the age of 25 years (children)
- 8 years (adults)
- To 25 years or 8 years post death (children)
Dental Protection’s advice would be to adopt the period of time set out under the NHS Code for Community care as an absolute minimum and to retain records for as long as possible. Dental Protection advises that records that relate to complex treatment or particularly difficult patients should be kept for longer, up to 30 years.
If a dentist decides that it is no longer necessary to keep a dental record, for example, 12 years have passed since an adult last attended for treatment, the record should be destroyed by choosing a method that will ensure that confidentiality is maintained (see section below). If that patient subsequently asks to see their record it is reasonable to say that it was destroyed because it was no longer necessary to be kept. Nowhere is there any suggestion that the patient should be told before destruction.
There are time limits for patients to make claims for compensation. Generally the time limit is three years from the date of knowledge, but the court does have the discretion to extend this period. Additionally for children time does not start to run until they are 18 years of age or the date of knowledge, whichever is the later date. This means that if a patient does not become aware of the problem for many years, for example, if a patient has undiagnosed and untreated periodontal disease, the case against the practitioner may not be brought until many years after the treatment was provided.
A patient has indefinite entitlement to access his/her records if he is under a ‘disability’, as a result of an 'unsound mind'. If a patient falls into this category the usual time limits for patients to bring a claim do not apply. A dentist who is aware of a patient suffering such disability as would prevent him from conducting his life unassisted would be wise to make a note on the records and avoid destroying those in order to ensure that, if a claim were to develop or the patient’s representatives later to seek access, they are available.
Legal obligations about storage of dental records
A dentist must keep records safely and securely (Data Protection Act principle 7). Keeping them securely also requires that they are kept confidential (employed staff who have been instructed on your security policy are exempt). Access to the records by others must only be given if necessary, and with necessary and appropriate safeguards. The dentist is expected to make, and be able to demonstrate, an assessment of risk in deciding on appropriate security measures.
Is there a legal requirement about disposing of paper or computer held records?
The Information Commissioner gives detailed and useful guidance on security measures and how safely to destroy records, in particular computer records which, though deleted, often remain accessible. Provided you can show you have looked into your obligations, advised staff and attempted to take recommended steps, you are unlikely to be penalised.
Does a dentist have an obligation to disclose patient records whilst retained in their possession?
The right of access to records is either under the Data Protection Act or the Access to Health Records Act as above. Disclosure must take place as quickly as possible but in any event within one calendar month of receipt of the signed patient authority (request).
What should a dentist do if someone other than the patient asks for access to his confidential records?
A common example is that of the police contacting a dentist requesting access to the dental records of patients who attended a particular surgery to establish an address for what is obviously a known suspect. A dentist faced with this difficulty should contact Dental Protection for advice. It may be that the police have a Court Order or a Statutory Right to compel disclosure. In that situation there would be no breach of the dentist’s professional or common law duty to maintain confidentiality. If a request is made for the confidential information in connection with legal proceedings it is very unlikely that disclosure should take place unless a Court Order is produced. In any event, if a dentist is satisfied it is necessary to disclose, he must consider whether he should ask for the patient’s consent, whether he can anonymise the disclosure and limit the disclosure to the extent necessary. He should also think about whether any other individual name identified has consented to the disclosure and whether the records should be redacted before disclosure.
As a general rule, if a patient has not consented to disclosure of the confidential information, in the absence of a Court Order, disclosure is likely to be unreasonable. Dental Protection will give advice in relation to any request.
What about scanning records?
It is sensible to store records by scanning them and then destroying the originals but the 30 year maximum storage period applies in any event.
Scanning of orthodontic study models for long-term storage may also be appropriate, provided the scanned image files three-dimensional visualisation and do not lose any information that could be obtained from the original models. As study models may need to be referred to during active treatment and retention, Dental Protection’s advice would be that this is the minimum amount of time for which the original models should be retained before relying on scanned images alone.