Reading time: 5 minutes

If you run a medical centre, you must consider your legal obligations when collecting health information and storing medical records. The requirements for storing and destroying medical records vary across Australia. It is crucial to know which requirements apply in your location and what is considered best practice. This article will explain how:

  • long you can store medical records;
  • you can keep storage secure; and
  • you can destroy health information.

NSW, VIC and the ACT

If you work in New South Wales (NSW), Victoria (VIC) or the Australian Capital Territory (ACT), you will need to comply with specific laws applying to private medical services. These laws include a minimum timeframe for keeping medical records.

For example, for an adult, the minimum timeframe is seven years from the date of the last entry in the patient’s record.

For anyone under 18, the minimum timeframe is until that person is 25 years of age.

These timeframes are minimums, and it is often prudent to keep medical records for longer periods of time. This is because these records may be subject to legal proceedings. If you think there is a chance of a legal case relating to any documents, you should hold on to that record until the risk of any legal proceedings has passed. If the risk continues to exist, you should keep the records indefinitely, or for seven years after the patient’s death.

Other States and Territories

Other states and territories in Australia do not have laws which apply specifically to the storage of medical records by private medical providers. Instead, if you hold health information, you will need to comply with Australia’s privacy laws under the Privacy Act.

Under the Privacy Act, you can only keep personal medical information until the purpose that you collected the information has ended.

Some exceptions to this are if:

  • you need the information to perform a related but different health service;
  • the person whose information you have has consented to using their information for a secondary purpose; or
  • you are legally authorised to use the information.

Once the treatment for your patient has ended, it may seem that the purpose of collection has ended and you can get rid of the medical records. However, as these records may be needed again, you should always hold on to them. While the Privacy Act does not set a minimum period for storing medical records, you will likely need to keep medical records for:

  • a minimum of seven years from the last entry of an adult; and 
  • until any patients who are children are 25 years of age.

As above, these are minimums. If legal proceedings are likely, you may need to keep the record for a more extended period of time.

How Should I Store Medical Records?

Medical records will contain sensitive information, and you will need to store them securely.

Examples of secure storage options include:

Paper Records Electronic Records
Holding the records within a premises that is alarmed. Using software designed to store medical information.
Keeping the records within a locked cabinet, where only select people have access to the key. Encrypting the information in the electronic files.
Noting down every time someone accesses the records. Installing firewalls and anti-virus software.
Not leaving any records unsupervised. Using strong passwords for entry into the files.

How Should I Destroy Medical Records?

If you no longer require medical records, you must securely destroy the information. To destroy personal information, you can choose only to remove the parts that identify the person. If you wish to remove the identifiable parts of the medical record, you need to make sure you complete this effectively. There must be a very low risk of the person to be able to be identified. 

For example, if you black out details with a black marker, but you can still see the text by holding the page up to the light, this will not be true de-identification.

De-identifying information can be a time consuming and complicated process. Therefore, if you have no further purpose for the health information, it is often easier and safer to destroy the record entirely.

To effectively destroy a medical record, you should use a commercial service provider who is experienced in carrying out the destruction of confidential information. You should sign a contract with this service provider which will legally protect you if they fail to do their job correctly. Once the destruction is complete, you should hold on to a record or receipt of the destruction.

If you destroy any health records in NSW, VIC or the ACT, you must keep a record of the:

  • name of the person that the medical record related to;
  • time period of the health record (i.e. the date of the first entry through to the date of the last entry); and
  • date that the record was destroyed.

In the other states and territories, it is best practice to keep a record with this same information.

Key Takeaways

If you run a private medical centre, you have a legal obligation to hold on to medical records for prescribed periods of time. You will also need to keep a record of any destruction of medical records with details of the record that you have destroyed. The Privacy Act sets out your obligations for storage and destruction across Australia, but it is best practice to follow the requirements of the laws in NSW, VIC and the ACT. If you are uncertain about any of your legal obligations surrounding your patient records, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.


Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Jacqueline Gibson
Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards