My membership Search

Guidance

Medical records - an essential guide

Everything you need to know about medical record keeping in healthcare practice and patient care.

An introduction to medical records

Medical records are essential for the delivery of high-quality healthcare. Medical records consist of information relating to the physical or mental health or condition of an individual made by a healthcare professional in connection with the care of that individual. A number of different healthcare providers may contribute to patient care, so an important purpose of any record is to assist in providing continuity of care.

The main purpose of the record is to provide an account of a patient’s contact with the healthcare system.

Records may be held electronically, manually, or a mixture of both.

Medical records are also used for other purposes, including administrative and managerial decision-making, clinical audit, and clinical research.

Why are medical records important?

Medical records, or health records, and the practice of good record keeping are essential to the provision of healthcare. Without them, it is impossible to diagnose and treat patients reliably. Health records may also be used as evidence in legal proceedings, as the Medical Council of Hong Kong states: .

A medical record documents the basis for the clinical management of a patient…It protects the legal interest of the patient and the healthcare provider.”

Clear and detailed records are important in providing the factual base necessary for responding to complaints and claims and for producing legal and other reports, such as reports for an insurance company or at the request of the coroner. Poor records and a lack of clear documentation can make dealing with requests like this very difficult, especially if the request is made many years after the record was made.

Medical records include a wide variety of documents for example:

  • Handwritten clinical notes
  • Computerised/electronic clinical records
  • Emails
  • Scanned records
  • Text messages / messages sent on social media platforms (both outgoing from the doctor and incoming from patients)
  • Correspondence between health professionals
  • Laboratory results
  • X-ray films and other imaging records
  • Photographs
  • Videos and audio recordings
  • Printouts from monitoring equipment, particularly in anaesthesia and obstetrics
  • Consent forms

What do medical records contain?

Good medical records should be legible and clear and contain the following information:

  • Relevant medical history
  • Examination and other relevant clinical findings – include important positives and negatives and details of objective measurements such as blood pressure.
  • Differential diagnosis
  • Investigations – details of any investigations requested.
  • Treatment – details of drugs, doses, amount prescribed, and any other treatment organised (include the batch number and expiry date of any medications personally administered).
  • Capacity and consent – details of the patient’s capacity to consent (or lack of) and their consent to proposed investigations, treatments or procedures. Details also of all treatment options discussed (including not receiving treatment), the benefits and risks of each option and any questions that the patient asked.
  • Referrals and follow-up – arrangements that have been made for follow-up tests, future appointments, and referrals.
  • ‘Safety-netting’ - advice given to the patient about when to seek more urgent review.

Under the Personal Data (Privacy) Ordinance (“PDPO”), patients have the right to access their medical records and so it is important that the record made is factual, objective and free from subjective comments about patients or their relatives.

If handwritten, good records must be understandable, and each entry should be legibly signed with the date and time.

Abbreviations should be avoided in medical records, as unconventional or unfamiliar abbreviations could lead to confusion. 

Medical records should be contemporaneous and made as soon as possible after a consultation to ensure accuracy and clarity. If information is provided by anyone other than the patient, this should be recorded, identifying the individual and the information provided.

Personal data in medical records

The PDPO governs the processing of medical records in HK and anyone responsible for using personal data must follow the ‘six data protection principles

The principles state that personal data must:

  • be processed for specified, explicit and legitimate purposes and not in any manner incompatible with those purposes
  • be accurate and not kept for longer than necessary
  • be relevant and limited to what is necessary in relation to the purposes
  • be secure
  • be processed lawfully, fairly and in a transparent manner
  • provide data subjects the right to request access to and correction of their personal data

More information on the The Personal Data (Privacy) Ordinance.

Making changes to medical records

Medical records should be accurate and up to date and should not be retrospectively amended without making clear when the amendments were made and why.

In the event that records contain a factual error, the original entry should not be removed. Instead, a single line should run through the entry so it can still be read, and the correction should be added including a date and signature. Failure to do this could lead to allegations of dishonesty and attempting to pass amendments off as part of the original record. Amendments to electronic records can be tracked by audit trail and should be clearly marked on the record.

In line with one of the principles of the PDPO, patients do have a right to request access to the records, and a right to correct their own data. Further details on this can be found at The Personal Data (Privacy) Ordinance

Keeping records secure

Records that contain personal information about patients must be treated confidentially and kept securely, in line with professional, ethical and legal responsibilities. There are requirements under the PDPO to keep personal data, including medical records, secure and it is a condition of registration with a medical regulator such as the Medical Council of Hong Kong to respect patient confidentiality.

Confidential records should not be left where other people may have casual access to them and information about patients should be sent under private and confidential cover, with appropriate measures to ensure that they do not go astray.

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

Confidentiality is not absolute and there are some situations where disclosure of medical records can be made and this includes disclosure within the healthcare team and disclosure with the patient’s consent.

Disclosure without the patient’s consent may also be made in some cases for example

  • If required by the law
  • If it is in the public interest

For more information, please see our guide to Confidentiality.

Storage and retention of medical records

It is advisable to be familiar with the confidentiality, data protection, and record management policies and procedures at your workplace and know where to get advice on these issues. This includes policies on the use of laptops and mobile devices.

If personally responsible for managing patient records or other patient information, it is essential to ensure familiarity with the requirements of the PDPO D and ensure that the records are made, stored, transferred, protected, and disposed of in accordance with the PDPO. As detailed above, the Privacy Ordinance sets out six data protection principles, with one of these principles being Data Security which requires a data user to take practical steps to safeguard personal data from authorised or accidental access, processing, erasure, loss or use. 

In general, the PDPO requires a data user (i.e. a doctor holding patient records) to ensure that the personal data collected is not kept longer than is necessary for the fulfilment of the purpose for which it is intended to be used. Therefore, the user must take all practical steps to ensure erasure of personal data held by the data user where the data is no longer required for the purpose for which the data was used.

Based on usual practice within Hong Kong, provided the records are not likely to be required to defend a civil claim, we would advise doctors to retain records for at least 7-10 years from the date of the patient’s last consultation. However, this situation differs in cases which involve minors, patients who do not have mental capacity and deceased patients. In general, records should not be kept for longer than necessary.

Ceasing medical practice

In Section 1.3 of The Code, the Medical Council outlines specific obligations on clinicians who are intending to stop practising medicine to ensure the records are handled appropriately. The records or a copy of the records should be provided to the patient or they should be transferred to the doctor taking over the care of the patient. Patients should be informed of the arrangements either individually or publicly. The doctor receiving the records should also inform the patient of the transfer of medical records and seek the patient’s consent to take over their medical care as well as possession of the medical records, prior to making reference to these records unless in the patient’s best interest.

Useful resources

Explore this page