WITH hundreds or even thousands of patients on your list, dental practices can quickly become overwhelmed with records, reports, photos and study models. But before you decide to have a mass clear-out, be sure you are not getting rid of anything vital.
As a starting point, it is good practice to have a comprehensive written policy in place relating to record keeping. This should address both the specific legal requirements and also the relevant procedural dimensions set out in the NHS terms of service arrangements.
The applicable NHS regulations require general dental practitioners in England, Wales and Scotland to retain patient treatment records, associated radiographs, photographs and study models for a period of two years (six years in Northern Ireland) following on from the completion of the course of treatment and care under a continuing care/ capitation agreement, or treatment on referral, including occasional treatments undertaken.
But from a dento-legal point of view, the Practitioner Services Division in Scotland and the Department of Health and Social Care both advise dentists to retain records for far longer periods, up to a maximum of 30 years.
This is important when it comes to managing complaints, negligence claims and potential regulatory investigations by the General Dental Council (GDC). NHS complaints procedures in general allow a patient or their representatives to lodge a complaint up to one year from the incident they are complaining about, or from when they first became aware of it.
Clinical negligence claims allow an action to be notified for a period of three years following the relevant incident or from the date of knowledge of the potential claim; and in the case of children until their 21st birthday (or up to three years from their date of knowledge). While there is no specific rule on time limits, in practice the GDC is more likely to look at fitness to practise issues arising from treatment provided within the last five years.
The availability of clear, comprehensive treatment records can be invaluable when responding to a claim/action as well as in the preparation of a robust defence to the allegations being made. Concise, comprehensive dental records can and do stop a claim in its tracks. Poor quality or nonexistent records mean that a practitioner is left to rely solely on their memory of events and their usual practice, but the court tends to assume that a patient’s recollection is more likely to be accurate when deciding any conflicts of factual evidence.
In certain circumstances the Consumer Protection Act 1987 may also apply to dentists as suppliers and users of products. Such records have to be retained for at least 10 years following the patient’s last attendance, irrespective of whether your practice uses manual or electronic records.
On this subject, where a practice has scanned all handwritten dental records, these should be backed up in line with system provider protocols. At this point they become the permanent record and all original handwritten records can be disposed of securely. This also satisfies the Data Protection Act 2018 (DPA) which prohibits “excessive” personal information being processed. One important step in digitising records is to ensure your system allows records to be printed if required for legal or regulatory purposes, or for subject access requests.
MDDUS therefore recommends:
- Treatment records, X-rays, study models and all other correspondence, are retained for at least 10 years after the patient’s last attendance at the practice.
- For children, retention of records as above until the patient is at least 25.
- Orthodontic models – retaining original pre- and post-operative models as above but discarding intermediate models after a period of five years.
Current data protection principles advise not to hold or process personal information for longer than necessary, but in the circumstances we have examined in this article the relevant regulatory or legal incentives for retention of records will trump data protection considerations.
You must ensure your chosen method of destroying patient records is effective and fully protects confidentiality. The recommended methods are shredding, pulping or incineration. If you have contracted this service to a third party, you must firstly seek written assurances that they comply with the DPA.
Likewise, computer data storage devices should either be overwritten or destroyed. Your software provider can assist.
When considering culling older paper-based records, for example for patients who have had no contact with you for at least 10 years, it is good practice to use a manual log book or electronic spreadsheet to note the date, patient name, date of birth, last date of attendance, reason for destruction, destruction authorised by and method of destruction. This will allow you to provide a full response to anyone submitting an access request after the 10-year retention period.
Alan Frame is a risk adviser at MDDUS