LAW REPORT
Review Your Responsibilities in Keeping Records
Ingrid Pagura | BA , LLB
A
complementary therapist keeps many records while running their practice : client files , employment records , tax records , superannuation records and business records . Given the many data breaches that have recently occurred , I thought it might be useful to do a review of this area and remind you of all your responsibilities .
Client files
A therapist must take reasonable steps to protect all health information held by them , from misuse , loss and unauthorised access . This means that they must have security safeguards to protect this information . This applies to all health information whether it is paper , electronic , photos or x-rays , as many of these documents may be irreplaceable .
Under the Unregistered Health Practitioners Code of Conduct 2010 ( NSW ), cl 15 requires that all health practitioners are required to maintain accurate , legible and contemporaneous clinical records for each client consultation . There is no specific mention of how long they are meant to be kept .
Medical records may be used as evidence in legal proceedings , so from this perspective records should be kept until there is little or no risk of legal action arising from a client ’ s treatment . This will depend upon the statutory limitation period in particular jurisdictions , which in New South Wales is 7 years , but courts have the discretion to extend this in certain circumstances .
In New South Wales then , the minimum time that a client record for adults should be kept is 7 years after the date of the last entry . For children it is a little more complex , and the law suggests that all records be kept until that child is 25 years old . Files that are inactive can be moved into an inactive file section .
A practitioner must take reasonable steps to destroy or permanently de-identify health information that is no longer needed . Do not keep files longer than necessary . It leads to the potential for people to access your data . Do not simply discard them . This is not deemed to be satisfactory . Records need to be deidentified .
If you need to destroy old files , it is best to shred them and ensure that they are completely destroyed . If you can ’ t shred them , make sure they are de-identified by removing all names , addresses and phone numbers . Check for letters and reports that might have someone ’ s name on them . Dispose of them securely - don ’ t let them be blown down the street in the wind !
Some other simple things you can do to protect your data :
• If you keep files at Reception , make sure that they are in a locked cabinet and don ’ t leave the keys in it . Ideally , they should not be in the client area at all . Make sure that only people who need access to these files have a key . For example , the cleaner doesn ’ t need to have this key , so don ’ t give them one .
• Don ’ t leave client records lying around waiting to be filed or actioned . This would include any correspondence about the client . Keep your office area away from your reception area where possible . If this isn ’ t possible , keep things to be filed or actioned in a locked draw .
218 | vol28 | no4 | JATMS