Our medical records are arguably some of the most sensitive documents that follow us throughout our lives. As well as containing information about our medical history, they also contain details about our lifestyles, finances and private addresses.

All of this information is like gold dust to cybercriminals who can sell medical data for a high price on the black market. In fact, some experts now warn that your medical information is 10 times more valuable to fraudsters and hackers than your credit card details! It’s a scary thought but it just goes to show the increasing threats facing our online data.

A recent data breach in the US where 12 million patients had their medical records hacked is just the latest in a long line of such incidents. As a result, more people are taking an active interest in their medical data and asking serious questions about medical records storage and accessibility.

In this post, we’ll answer the most commonly asked questions regarding medical records so that you’ll be in a better position to ensure the protection of your confidential medical data.

How long are medical records kept?

In England, Wales and Northern Ireland, the Records Management Code of Practice for Health and Social Care 2016 outlines the retention periods for people working with or in the NHS. In summary, they are as follows:

  •      GP Records – 10 years after death or after leaving the UK (unless they remain in the EU). Electronic patient records (ERPs) must be stored for the foreseeable future.
  •      Maternity Records – 25 years after the birth of the last child.
  •      Children and Young People – until the patient’s 25th birthday or 8 years after their death.
  •      Mental Health Records – 20 years or 8 years after their death.

In Scotland, medical records retention periods are slightly different than the rest of the UK. They are as follows:

  •      Adult Medical Records – 6 years after the last entry or 3 years after death.
  •      GP Records – 3 years after death. ERPs must be stored for the foreseeable future.
  •      Maternity Records – 25 years after the birth of the last child.
  •      Children and Young People – until the patient’s 25th birthday or 3 years after death.
  •      Mentally Disordered Person as defined by the Mental Health Act – 20 years after last contact between patient and healthcare professional or 3 years after death.

How do I access my medical records?

In the UK, the NHS records information about you and the healthcare you receive in both online and physical paper form. Most GP medical records are a combination of paper records (such as Lloyd George records) and digital records, either stored on the surgery’s computer system, in filing cabinets or stored externally at a document storage facility.

There are many different types of medical records and healthcare professionals are legally obliged to allow you to see them.

To access your GP records, you can sign up to GP online services. You will then be able to view parts of your medical records, including information about medication, allergies, vaccinations, previous illnesses and test results. While this service is free, you will need to be registered with a GP before you can sign up.

To access your Summary Care Record or to correct your health record, speak to your GP as you will not be able to view or change it online.

Who can access my medical records?

As medical records are highly confidential, only you and authorised healthcare professionals have automatic access to your medical records. However, other people can be granted access to your medical records if:

  •      They are acting on your behalf and with your consent, or
  •      They have the legal authority to make decisions on your behalf (such as with power of attorney), or
  •      They have another legal basis to access your medical records.

A request for access to someone’s medical records can be made directly to the healthcare provider, i.e. GP surgery, hospital or dentist. These are known as Subject Access Requests (SARs) and are outlined by the Data Protection Act of 1998. They can be submitted by email or post but will require the patient’s written consent or legal permission.

Medical records and storage security

Now that you know how long medical records need to be stored, as well as how you and others can access them, you’ll have a better understanding of how your medical records are managed and stored.

If you’re concerned about the safety of your medical records, contact your healthcare providers to discuss the security measures they have put in place to protect your data. While the threats to online medical data are becoming increasingly difficult to mitigate, there are still some sure-fire ways they can ensure the safety of your physical paper medical records. Chief of which is storing your medical records with a professional document storage facility.

At Flexible Storage, we provide secure document storage solutions for numerous healthcare organisations and currently store thousands of medical records. Our medical document storage service allows providers to securely store, retrieve and professionally destroy medical records, all in compliance with GDPR and Data Protection regulations. Get in touch with our team today to find out more.

June 12, 2019

What’s Next?

Document Storage

A guide to keeping track of company archives

Our medical records are arguably some of the most sensitive documents that follow us throughout our lives. As well as containing information about our...

Document Storage

What business documents should be shredded?

Our medical records are arguably some of the most sensitive documents that follow us throughout our lives. As well as containing information about our...

Document Storage

The risks of storing physical documents in-house

Our medical records are arguably some of the most sensitive documents that follow us throughout our lives. As well as containing information about our...