Management of Medical Records

Medical records serve important patient interests for present health care and future needs, as well as insurance, employment, and other purposes.

  1. Ensure that the practice or institution has and enforces clear policy prohibiting access to patients’ medical records by unauthorized staff.
  2. Use medical considerations to determine how long to keep records, retaining information that another physician seeing the patient for the first time could reasonably be expected to need or want to know unless otherwise required by law, including:
    1. immunization records, which should be kept indefinitely;
    2. records of significant health events or conditions and interventions that could be expected to have a bearing on the patient’s future health care needs, such as records of chemotherapy.
    1. as requested or authorized by the patient (or the patient’s authorized representative);
    2. to the succeeding physician or other authorized person when the physician discontinues his or her practice (whether through departure, sale of the practice, retirement, or death);
    3. as otherwise required by law.
    AMA Principles of Medical Ethics: IV, V

    Council Reports

    Related Opinions

    Opinion 1.1.1

    Patient-Physician Relationships

    At the heart of medicine lie relationships founded in a “covenant of trust” between patient and physician in which physicians commit themselves to responding to the needs and promoting the welfare of patients.

    Opinion 1.1.3

    Patient Rights

    The health and well-being of patients depends on a collaborative effort between patient and physician in a mutually respectful alliance.

    Opinion 1.1.5

    Terminating a Patient-Physician Relationship

    Physicians’ fiduciary responsibility to patients entails an obligation to support continuity of care for their patients.

    Opinion 3.2.1

    Confidentiality

    Physicians have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient. With rare exceptions, patients are entitled to decide whether and to whom their personal health information is disclosed.

    Opinion 3.2.4

    Access to Medical Records by Data Collection Companies

    Information gathered and recorded in association with the care of a patient is confidential. Disclosing information to third parties for commercial purposes without consent undermines trust, violates principles of informed consent and confidentiality, and may harm the integrity of the patient-physician relationship.

    Opinion 3.3.2

    Confidentiality & Electronic Medical Records

    Information gathered and recorded in association with the care of a patient is confidential, regardless of the form in which it is collected or stored.

    Opinion 3.3.3

    Breach of Security in Electronic Medical Records

    When there is reason to believe that patients’ confidentiality has been compromised by a breach of the EMR, physicians have a responsibility to follow ethically appropriate procedures for disclosure. The degree to which an individual physician has an ethical responsibility to address inappropriate disclosure depends in part on his or her awareness of the breach, relationship to the patient(s) affected, administrative authority with respect to the records, and authority to act on behalf of the practice or institution.