Select location
Membership information
0800 561 9000
Dentolegal advice
0800 561 1010
Refine my search

Record Keeping in England

Post date: 22/08/2017 | Time to read article: 6 mins

The information within this article was correct at the time of publishing. Last updated 16/03/2020

This article is under review

Why keep records?

Dental professionals are required to make and keep accurate dental records of care provided to patients, whether NHS or private. Dental Protection is frequently contacted by members who want to understand how long records should be retained by the practice.

Practising elsewhere in the UK?

Record Keeping in Northern Ireland

Record Keeping in Scotland

Record Keeping in Wales

The law

The GDC imposes a professional obligation to create records to document  dental treatment that is provided to patients. This obligation is set out in Standards for the Dental TeamStandard 4.1

‘You must make and keep contemporaneous, complete and accurate patient records’ 

The NHS GDS contract requires that records are made of any treatment provided. It also specifies the length of time that records must be kept, in accordance with the contract. The NHS contract currently requires records to be kept for two years in England, Wales and Scotland and six years in Northern Ireland from the end of treatment, but Dental Protection’s advice is that clinical records should be kept for longer than this minimum period.

There are a number of pieces of legislation that require both NHS and private practitioners to keep records. These include: The Consumer Protection Act 1987 under which an action could arise for a defective product, the Medical Devices Directive (Directive 93/42/EEC), which relates to custom-made devices, the Medicines Act 1968 and the Misuse of Drugs Regulations 2001. In England, the Health and Social Care Act 2008 has led to the formation of the Care Quality Commission (CQC), which sets out detailed requirements for records. It is likely that the other UK jurisdictions will adopt similar requirements.


What do the regulations say?

Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (No 2936) states that:

  1. The registered person must ensure that service users are protected against the risks of unsafe or inappropriate care and treatment arising from a lack of proper information about them by means of the maintenance of:
    1. an accurate record in respect of each service user which shall include appropriate information and documents in relation to the care and treatment provided to each service user; and
    2. such other records as are appropriate in relation to.
  2. The registered person must ensure that the records referred to in paragraph (1) (which may be in paper or electronic form) are:
    1. kept securely and can be located promptly when required;
    2. retained for an appropriate period of time; and
    3. securely destroyed when it is appropriate to do so.

What should people who use services experience?

People who use services can be confident that:

  • Their personal records including medical records are accurate, fit for purpose, held securely and remain confidential.
  • Other records required to be kept to protect their safety and well-being are maintained and held securely where required.

This is because providers who comply with the regulations will:

  • Keep accurate personalised care, treatment and support records secure and confidential for each person who uses the service.
  • Keep those records for the correct amount of time.
  • Keep any other records the Care Quality Commission asks them to in relation to the management of the regulated activity.
  • Store records in a secure, accessible way that allows them to be located quickly.
  • Securely destroy records taking into account any relevant retention schedules.

Clinical benefits

Accurate dental records can help practitioners to reach a diagnosis, by providing detailed information about the changing oral health status of a patient. Detailed records can also help to prevent adverse incidents occurring, for example, if the records are not clear, the wrong tooth could be treated or a previously noticed carious cavity overlooked.

Access to records

Patients have a statutory right to see records made about their dental care. While they live this is under the Data Protection Regulations 2018. If they die, the right passes on to those who may have a claim against their estate and arises under the Access to Health Records Act 1990.

Complaints and claims

Despite a practitioner's efforts to ensure that patients are satisfied with their treatment, unfortunately complaints and claims may arise. Without reference to contemporaneous records a dentist will be heavily disadvantaged in defending allegations. Detailed records of treatment can make the difference between robustly defending or needing to settle a case.

How long should records be retained?

This decision is not as simple as it seems. The Data Protection Regulations say that someone holding sensitive personal data (which includes, dental records) should retain that information no longer than necessary. There is no definition of ‘necessary’; this will depend on individual circumstances.

The Department of Health has come to practitioners’ assistance by setting out some guidance in the Code of Practice on Retention/Disposal of Records under the NHS. By that guidance practitioners are encouraged to put a maximum period of 11 years on retention of records for adults and until 25 years old for minors.

Then they should be destroyed from paper files and computer files and back-ups and archives.

Community care

  • 11 years (adults)
  • To the age of 25 years (children)

Hospital care

  • 8 years (adults)
  • To 25 years or 8 years post death (children)

Dental Protection’s advice would be to adopt the period of time set out under the NHS Code for Community care. Only in exceptional circumstances should they be kept longer.

If a dentist decides that it is no longer necessary to keep a dental record, for example, 11 years have passed since an adult last attended for treatment, the record should be destroyed by choosing a method that will ensure that confidentiality is maintained (see section below). If that patient subsequently asks to see their record it is reasonable to say that it was destroyed because it was no longer necessary to be kept. Nowhere is there any suggestion that the patient should be told before destruction.

There are time limits for patients to make claims for compensation. Generally the time limit is three years from the date of knowledge, but the court does have the discretion to extend this period. Additionally for children time does not start to run until they are 18 years of age or the date of knowledge, whichever is the later date. This means that if a patient does not become aware of the problem for many years, for example, if a patient has undiagnosed and untreated periodontal disease, the case against the practitioner may not be brought until many years after the treatment was provided.

A patient has indefinite entitlement to access his/her records if he is under a ‘disability’, as a result of an 'unsound mind'. If a patient falls into this category the usual time limits for patients to bring a claim do not apply. A dentist who is aware of a patient suffering such disability as would prevent him from conducting his life unassisted would be wise to make a note on the records and avoid destroying those in order to ensure that, if a claim were to develop or the patient’s representatives later to seek access, they are available. It will only be rare exceptions that allow longer storage.

Legal obligations about storage of dental records

A dentist must keep records safely and securely (Data Protection Regulations). Keeping them securely also requires that they are kept confidential (employed staff who have been instructed on your security policy are exempt). Access to the records by others must only be given if necessary, and with necessary and appropriate safeguards. The dentist is expected to make, and be able to demonstrate, an assessment of risk in deciding on appropriate security measures.

Is there a legal requirement about disposing of paper or computer held records?

The Information Commissioner gives detailed and useful guidance on security measures and how safely to destroy records, in particular computer records which, though deleted, often remain accessible. Provided you can show you have looked into your obligations, advised staff and attempted to take recommended steps, you are unlikely to be penalised.

Does a dentist have an obligation to disclose patient records whilst retained in their possession?

The right of access to records is either under the Data Protection Regulations or the Access to Health Records Act as above. No fee can be charged and disclosure must take place as quickly as possible but in any event within 40 days of receipt of the signed patient authority (request).

What should a dentist do if someone other than the patient asks for access to his confidential records?

A common example is that of the police contacting a dentist requesting access to the dental records of patients who attended a particular surgery to establish an address for what is obviously a known suspect. A dentist faced with this difficulty should contact Dental Protection for advice. It may be that the police have a Court Order or a Statutory Right to compel disclosure. In that situation there would be no breach of the dentist’s professional or common law duty to maintain confidentiality. If a request is made for the confidential information in connection with legal proceedings it is very unlikely that disclosure should take place unless a Court Order is produced. In any event, if a dentist is satisfied it is necessary to disclose, he must consider whether he should ask for the patient’s consent, whether he can anonymise the disclosure and limit the disclosure to the extent necessary. He should also think about whether any other individual name identified has consented to the disclosure and whether the records should be redacted before disclosure.

As a general rule, if a patient has not consented to disclosure of the confidential information, in the absence of a Court Order, disclosure is likely to be unreasonable. Dental Protection will give advice in relation to any request.

What about scanning records?

It is sensible to store records by scanning them and then destroying the originals but the 11 year maximum storage period applies in any event.

Scanning of orthodontic  study models for long-term storage may also be appropriate, provided the scanned image files three-dimensional visualisation and do not lose any information that could be obtained from the original models.  As study models may need to be referred to during active treatment and retention, Dental Protection’s advice would be that this is the minimum amount of time for which the original models should be retained before relying on scanned images alone.

« Complaints Handling

Support with CQC »

Share this article

Load more reviews

You've already submitted a review for this item

New site feature tour

Introducing an improved
online experience

You'll notice a few things have changed on our website. After asking our members what they want in an online platform, we've made it easier to access our membership benefits and created a more personalised user experience.

Why not take our quick 60-second tour? We'll show you how it all works and it should only take a minute.

Take the tour Continue to site

Dentolegal advice
0800 561 1010
Membership information
0800 561 9000

Key contact details

Should you need to contact us, our phone numbers are always visible.

Personalise your search

We'll save your profession in the "I am a..." dropdown filter for next time.

Tour completed

Now you've seen all of the updated features, it's time for you to try them out.

Continue to site
Take again