Storing, Retaining and Disposing of Medical Records in Australia
Medical records contain some of the most sensitive personal information about a patient. Because of this, healthcare providers in Australia must follow strict guidelines when storing, retaining, and disposing of these records.
Failure to manage medical records properly can lead to privacy breaches, legal consequences, and loss of patient trust. This guide explains the key responsibilities for healthcare practices and how to manage medical records securely throughout their lifecycle.
What Is a Medical Record?
A medical record refers to all health information collected about a patient during their treatment and care.
This may include:
Patient progress notes
Correspondence between healthcare providers
Communication with the patient
Pathology and radiology reports
Test results
Clinical images
Medical certificates and assessments
Treatment history
Medico-legal reports prepared by treating doctors
Because these records contain confidential information, they must always be handled with strict security and privacy protections.
Storing Medical Records Securely
Healthcare providers must store medical records in a way that:
Protects patient confidentiality
Prevents unauthorised access
Avoids damage, theft, or loss
Allows access for ongoing treatment when needed
Medical records can be stored in electronic, paper, or hybrid systems.
Electronic Medical Records
Electronic files should be protected with strong security systems, including:
Password-protected access
Regular backups
Offsite backup storage
Antivirus protection
Encrypted files
Secure management of portable devices
Cybersecurity is extremely important, as healthcare organisations are common targets for cyber-attacks.
Hard Copy Medical Records
Paper medical files should be stored in:
Locked filing cabinets
Secure rooms within the practice
Professional secure storage facilities
Healthcare practices must ensure only authorised staff can access these records.
How Long Should Medical Records Be Kept?
Australian healthcare providers must retain patient records for a specific minimum period.
Standard Retention Periods
| Patient Age | Retention Period |
|---|---|
| Adults (18+) | Minimum 7 years from the last entry |
| Children | Until the patient turns 25 years old |
| Obstetric records | 25 years from the birth of the child |
The date of last entry usually refers to the patient’s last consultation but may also include updates such as receiving test results.
Several Australian jurisdictions, including NSW, Victoria, and ACT, have specific legislation covering medical record retention. Practices in other states often follow the same guidelines to remain compliant with privacy laws.