This article is under review
Why keep records?
Dental professionals are required to make and keep accurate dental records of care provided to patients, whether NHS or private. Dental Protection is frequently contacted by members who want to understand how long records should be retained by the practice.
The law
The GDC imposes a professional obligation to create records to document the dental treatment that is provided to patients. This obligation is set out in Standards for the Dental Team, Standard 4.1:
‘You must make and keep contemporaneous, complete and accurate patient records’
The NHS GDS contract requires that records are made of any treatment provided. It also specifies the length of time that records must be kept, in accordance with the contract. The NHS contract currently requires records to be kept for two years in England, Wales and Scotland and six years in Northern Ireland from the end of treatment, but Dental Protection’s advice is that clinical records should be kept for longer than this minimum period.
There are a number of pieces of legislation that require both NHS and private practitioners to keep records. These include: The Consumer Protection Act 1987 under which an action could arise for a defective product, the Medical Devices Directive (Directive 93/42/EEC), which relates to custom-made devices, the Medicines Act 1968 and the Misuse of Drugs Regulations 2001. In England, the Health and Social Care Act 2008 has led to the formation of the Care Quality Commission (CQC), which sets out detailed requirements for records. Healthcare Inspectorate Wales (HIW) acts as the regulator of healthcare services in Wales, under the Care Standards Act 2000.
Healthcare Inspectorate Wales
What do the regulations say?
Standard 20 of the National Minimum Standards for Independent Healthcare Services requires that records are managed in accordance with legislation and guidance to ensure that they are:
-
Designed, prepared, reviewed and accessible to meet the required needs.
-
Stored safely, maintained securely, are retrievable in a timely manner, and disposed of appropriately.
-
Accurate, complete, understandable and contemporaneous in accordance with professional standards and guidance.
There should be a records management policy to ensure that records are managed in accordance with the Data Protection Regulations 2018, with a nominated person responsible for records management. There should be induction and ongoing staff training with clear procedures for staff to follow to ensure that confidential information is appropriately handled and safeguarded, that records are retained in accordance with legislation, and that there is effective back up of electronic records.
Clinical benefits
Accurate dental records can help practitioners to reach a diagnosis, by providing detailed information about the changing oral health status of a patient. Detailed records can also help to prevent adverse incidents occurring, for example, if the records are not clear, the wrong tooth could be treated or a previously noticed carious cavity overlooked.
Access to records
Patients have a statutory right to see records made about their dental care. While they live this is under the Data Protection Regulations 2018. If they die, the right passes on to those who may have a claim against their estate and arises under the Access to Health Records Act 1990.
Complaints and claims
Despite a practitioner's efforts to ensure that patients are satisfied with their treatment, unfortunately complaints and claims may arise. Without reference to contemporaneous records a dentist will be heavily disadvantaged in defending allegations. Detailed records of treatment can make the difference between robustly defending or needing to settle a case.
How long should records be retained?
This decision is not as simple as it seems. The Data Protection Regulations say that someone holding sensitive personal data (which includes, dental records) should retain that information no longer than necessary. There is no definition of ‘necessary’; this will depend on individual circumstances.
The Department of Health has come to practitioners’ assistance by setting out some guidance in the Code of Practice on Retention/Disposal of Records under the NHS. By that guidance practitioners are encouraged to put a maximum period of 11 years on retention of records for adults and until 25 years old for minors.
Then they should be destroyed from paper files and computer files and back-ups and archives.
Community care
- 11 years (adults)
- To the age of 25 years (children)
Hospital care
- 11 years (adults)
- To 25 years or 8 years post death (children)
Dental Protection’s advice would be to adopt the period of time set out under the NHS Code for Community care. Only in exceptional circumstances should they be kept longer.
If a dentist decides that it is no longer necessary to keep a dental record, for example, 11 years have passed since an adult last attended for treatment, the record should be destroyed by choosing a method that will ensure that confidentiality is maintained (see section below). If that patient subsequently asks to see their record it is reasonable to say that it was destroyed because it was no longer necessary to be kept. Nowhere is there any suggestion that the patient should be told before destruction.
There are time limits for patients to make claims for compensation. Generally the time limit is three years from the date of knowledge, but the court does have the discretion to extend this period. Additionally for children time does not start to run until they are 18 years of age or the date of knowledge, whichever is the later date. This means that if a patient does not become aware of the problem for many years, for example, if a patient has undiagnosed and untreated periodontal disease, the case against the practitioner may not be brought until many years after the treatment was provided.
A patient has indefinite entitlement to access his/her records if he is under a ‘disability’, as a result of an 'unsound mind'. If a patient falls into this category the usual time limits for patients to bring a claim do not apply. A dentist who is aware of a patient suffering such disability as would prevent him from conducting his life unassisted would be wise to make a note on the records and avoid destroying those in order to ensure that, if a claim were to develop or the patient’s representatives later to seek access, they are available. It will only be rare exceptions that allow longer storage.
Legal obligations about storage of dental records
A dentist must keep records safely and securely (Data Protection Regulations). Keeping them securely also requires that they are kept confidential (employed staff who have been instructed on your security policy are exempt). Access to the records by others must only be given if necessary, and with necessary and appropriate safeguards. The dentist is expected to make, and be able to demonstrate, an assessment of risk in deciding on appropriate security measures.
Is there a legal requirement about disposing of paper or computer held records?
The Information Commissioner gives detailed and useful guidance on security measures and how safely to destroy records, in particular computer records which, though deleted, often remain accessible. Provided you can show you have looked into your obligations, advised staff and attempted to take recommended steps, you are unlikely to be penalised.
Does a dentist have an obligation to disclose patient records whilst retained in their possession?
The right of access to records is either under the Data Protection Regulations or the Access to Health Records Act as above. No fee can be charged and disclosure must take place as quickly as possible but in any event within 40 days of receipt of the signed patient authority (request).
What should a dentist do if someone other than the patient asks for access to his confidential records?
A common example is that of the police contacting a dentist requesting access to the dental records of patients who attended a particular surgery to establish an address for what is obviously a known suspect. A dentist faced with this difficulty should contact Dental Protection for advice. It may be that the police have a Court Order or a Statutory Right to compel disclosure. In that situation there would be no breach of the dentist’s professional or common law duty to maintain confidentiality. If a request is made for the confidential information in connection with legal proceedings it is very unlikely that disclosure should take place unless a Court Order is produced. In any event, if a dentist is satisfied it is necessary to disclose, he must consider whether he should ask for the patient’s consent, whether he can anonymise the disclosure and limit the disclosure to the extent necessary. He should also think about whether any other individual name identified has consented to the disclosure and whether the records should be redacted before disclosure.
As a general rule, if a patient has not consented to disclosure of the confidential information, in the absence of a Court Order, disclosure is likely to be unreasonable. Dental Protection will give advice in relation to any request.
What about scanning records?
It is sensible to store records by scanning them and then destroying the originals but the 11 year maximum storage period applies in any event.
Scanning of orthodontic study models for long-term storage may also be appropriate, provided the scanned image files three-dimensional visualisation and do not lose any information that could be obtained from the original models. As study models may need to be referred to during active treatment and retention, Dental Protection’s advice would be that this is the minimum amount of time for which the original models should be retained before relying on scanned images alone.