The terms medical record, health record, and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction. A medical record includes a variety of types of "notes" entered over time by healthcare professionals, recording observations and administration of drugs and therapies, orders for the administration of drugs and therapies, test results, x-rays, reports, etc. The maintenance of complete and accurate medical records is a requirement of health care providers and is generally enforced as a licensing or certification prerequisite.
The terms are used for the written (paper notes), physical (image films) and digital records that exist for each individual patient and for the body of information found therein.
Medical records have traditionally been compiled and maintained by health care providers, but advances in online data storage have led to the development of personal health records (PHR) that are maintained by patients themselves, often on third-party websites. This concept is supported by US national health administration entities and by AHIMA, the American Health Information Management Association.
In 2009, Congress authorized and funded legislation known as the Health Information Technology for Economic and Clinical Health Act  to stimulate the conversion of paper medical records into electronic charts. While many hospitals and doctor's offices have since done this successfully, electronic health vendors' proprietary systems haven't always been compatible with one another, and an untold number of patients undergo duplicate procedures -- or fail to get them at all -- because key pieces of their medical history are missing.
Because many consider the information in medical records to be sensitive private information covered by expectations of privacy, many ethical and legal issues are implicated in their maintenance, such as third-party access and appropriate storage and disposal. Although the storage equipment for medical records generally is the property of the health care provider, the actual record is considered in most jurisdictions to be the property of the patient, who may obtain copies upon request.
The information contained in the medical record allows health care providers to determine the patient's medical history and provide informed care. The medical record serves as the central repository for planning patient care and documenting communication among patient and health care provider and professionals contributing to the patient's care. An increasing purpose of the medical record is to ensure documentation of compliance with institutional, professional or governmental regulation.
The traditional medical record for inpatient care can include admission notes, on-service notes, progress notes (SOAP notes), preoperative notes, operative notes, postoperative notes, procedure notes, delivery notes, postpartum notes, and discharge notes.
A patient's individual medical record identifies the patient and contains information regarding the patient's case history at a particular provider. The health record as well as any electronically stored variant of the traditional paper files contain proper identification of the patient. Further information varies with the individual medical history of the patient.
Traditionally, medical records were written on paper and maintained in folders often divided into sections for each type of note (progress note, order, test results), with new information added to each section chronologically. Active records are usually housed at the clinical site, but older records are often archived offsite.
The advent of electronic medical records has not only changed the format of medical records but has increased accessibility of files. The use of an individual dossier style medical record, where records are kept on each patient by name and illness type originated at the Mayo Clinic out of a desire to simplify patient tracking and to allow for medical research.
Maintenance of medical records requires security measures to prevent from unauthorized access or tampering with the records.
The medical history is a longitudinal record of what has happened to the patient since birth. It chronicles diseases, major and minor illnesses, as well as growth landmarks. It gives the clinician a feel for what has happened before to the patient. As a result, it may often give clues to current disease state. It includes several subsets detailed below.
Within the medical record, individual medical encounters are marked by discrete summations of a patient's medical history by a physician, nurse practitioner, or physician assistant and can take several forms. Hospital admission documentation (i.e., when a patient requires hospitalization) or consultation by a specialist often take an exhaustive form, detailing the entirety of prior health and health care. Routine visits by a provider familiar to the patient, however, may take a shorter form such as the problem-oriented medical record (POMR), which includes a problem list of diagnoses or a "SOAP" method of documentation for each visit. Each encounter will generally contain the aspects below:
Written orders by medical providers are included in the medical record. These detail the instructions given to other members of the health care team by the primary providers.
When a patient is hospitalized, daily updates are entered into the medical record documenting clinical changes, new information, etc. These often take the form of a SOAP note and are entered by all members of the health-care team (doctors, nurses, physical therapists, dietitians, clinical pharmacists, respiratory therapists, etc.). They are kept in chronological order and document the sequence of events leading to the current state of health.
The results of testing, such as blood tests (e.g., complete blood count) radiology examinations (e.g., X-rays), pathology (e.g., biopsy results), or specialized testing (e.g., pulmonary function testing) are included. Often, as in the case of X-rays, a written report of the findings is included in lieu of the actual film.
Many other items are variably kept within the medical record. Digital images of the patient, flowsheets from operations/intensive care units, informed consent forms, EKG tracings, outputs from medical devices (such as pacemakers), chemotherapy protocols, and numerous other important pieces of information form part of the record depending on the patient and his or her set of illnesses/treatments.
Medical records are legal documents that can be used as evidence via a subpoena duces tecum, and are thus subject to the laws of the country/state in which they are produced. As such, there is great variability in rules governing production, ownership, accessibility, and destruction. There is some controversy regarding proof verifying the facts, or absence of facts in the record, apart from the medical record itself.
Demographics include patient information that is not medical in nature. It is often information to locate the patient, including identifying numbers, addresses, and contact numbers. It may contain information about race and religion as well as workplace and type of occupation. It also contains information regarding the patient's health insurance. It is common to also find emergency contact information located in this section of the medical chart.
In the United States, written records must be marked with the date and time and scribed with indelible pens without use of corrective paper. Errors in the record should be struck out with a single line (so that the initial entry remains legible) and initialed by the author. Orders and notes must be signed by the author. Electronic versions require an electronic signature.
Ownership and keeping of patient's records varies from country to country.
In the United States, the data contained within the medical record belongs to the patient, whereas the physical form the data takes belongs to the entity responsible for maintaining the record per the Health Insurance Portability and Accountability Act. Patients have the right to ensure that the information contained in their record is accurate, and can petition their health care provider to amend factually incorrect information in their records.
There is no consensus regarding medical record ownership in the United States. Factors complicating questions of ownership include the form and source of the information, custody of the information, contract rights, and variation in state law. There is no federal law regarding ownership of medical records. HIPAA gives patients the right to access and amend their own records, but it has no language regarding ownership of the records. Twenty-eight states and Washington, D.C. have no laws that define ownership of medical records. Twenty-one states have laws stating that the providers are the owners of the records. Only one state, New Hampshire, has a law ascribing ownership of medical records to the patient.
Under Canadian federal law, the patient owns the information contained in a medical record, but the healthcare provider owns the records themselves. The same is true for both nursing home and dental records. In cases where the provider is an employee of a clinic or hospital, it is the employer that has ownership of the records. By law, all providers must keep medical records for a period of 15 years beyond the last entry.
The precedent for the law is the 1992 Canadian Supreme Court ruling in McInerney v MacDonald. In that ruling, an appeal by a physician, Dr. Elizabeth McInerney, challenging a patient's access to their own medical record was denied. The patient, Margaret MacDonald, won a court order granting her full access to her own medical record. The case was complicated by the fact that the records were in electronic form and contained information supplied by other providers. McInerney maintained that she didn't have the right to release records she herself did not author. The courts ruled otherwise. Legislation followed, codifying into law the principles of the ruling. It is that legislation which deems providers the owner of medical records, but requires that access to the records be granted to the patient themselves.
In the United Kingdom, ownership of the NHS's medical records has in the past generally been described as belonging to the Secretary of State for Health  and this is taken by some to mean copyright also belongs to the authorities.
In Germany, a relatively new law, which has been established in 2013, strengthens the rights of patients. It states, amongst other things, the statutory duty of medical personnel to document the treatment of the patient in either hard copy or within the electronic patient record (EPR). This documentation must happen in a timely manner and encompass each and every form of treatment the patient receives, as well as other necessary information, such as the patient's case history, diagnoses, findings, treatment results, therapies and their effects, surgical interventions and their effects, as well as informed consents. The information must include virtually everything that is of functional importance for the actual, but also for future treatment. This documentation must also include the medical report and must be archived by the attending physician for at least 10 years. The law clearly states that these records are not only memory aids for the physicians, but also should be kept for the patient and must be presented on request.
In addition, an electronic health insurance card was issued in January 2014 which is applicable in Germany (Elektronische Gesundheitskarte or eGK), but also in the other member states of the European Union (European Health Insurance Card). It contains data such as: the name of the health insurance company, the validity period of the card, and personal information about the patient (name, date of birth, sex, address, health insurance number) as well information about the patient's insurance status and additional charges. Furthermore, it can contain medical data if agreed to by the patient. This data can include information concerning emergency care, prescriptions, an electronic medical record, and electronic physician's letters. However, due to the limited storage space (32kB), some information is deposited on servers.
In the United States, the most basic rules governing access to a medical record dictate that only the patient and the health-care providers directly involved in delivering care have the right to view the record. The patient, however, may grant consent for any person or entity to evaluate the record. The full rules regarding access and security for medical records are set forth under the guidelines of the Health Insurance Portability and Accountability Act (HIPAA). The rules become more complicated in special situations. A 2018 study found discrepancies in how major hospitals handle record requests, with forms displaying limited information relative to phone conversations.
In the 1992 Canadian Supreme Court ruling in McInerney v. MacDonald gave patients the right to copy and examine all information in their medical records, while the records themselves remained the property of the healthcare provider. The 2004 Personal Health Information Protection Act (PHIPA) contains regulatory guidelines to protect the confidentiality of patient information for healthcare organizations acting as stewards of their medical records. Despite legal precedent for access nationwide, there is still some variance in laws depending on the province. There is also some confusion among providers as to the scope of the patient information they have to give access to, but the language in the supreme court ruling gives patient access rights to their entire record.
In the United Kingdom, the Data Protection Acts and later the Freedom of Information Act 2000 gave patients or their representatives the right to a copy of their record, except where information breaches confidentiality (e.g., information from another family member or where a patient has asked for information not to be disclosed to third parties) or would be harmful to the patient's wellbeing (e.g., some psychiatric assessments). Also, the legislation gives patients the right to check for any errors in their record and insist that amendments be made if required.
In general, entities in possession of medical records are required to maintain those records for a given period. In the United Kingdom, medical records are required for the lifetime of a patient and legally for as long as that complaint action can be brought. Generally in the UK, any recorded information should be kept legally for 7 years, but for medical records additional time must be allowed for any child to reach the age of responsibility (20 years). Medical records are required many years after a patient's death to investigate illnesses within a community (e.g., industrial or environmental disease or even deaths at the hands of doctors committing murders, as in the Harold Shipman case).
This section does not cite any sources. (April 2013) (Learn how and when to remove this template message)
The outsourcing of medical record transcription and storage has the potential to violate patient-physician confidentiality by possibly allowing unaccountable persons access to patient data. Falsification of a medical record by a medical professional is a felony in most United States jurisdictions. Governments have often refused to disclose medical records of military personnel who have been used as experimental subjects.
Given the series of medical data breaches and the lack of public trust, some countries have enacted laws requiring safeguards to be put in place to protect the security and confidentiality of medical information as it is shared electronically and to give patients some important rights to monitor their medical records and receive notification for loss and unauthorized acquisition of health information. The United States and the EU have imposed mandatory medical data breach notifications.
Patients' medical information can be shared by a number of people both within the health care industry and beyond. The Health Insurance Portability and Accessibility Act (HIPAA) is a United States federal law pertaining to medical privacy that went into effect in 2003. This law established standards for patient privacy in all 50 states, including the right of patients to access to their own records. HIPAA provides some protection, but does not resolve the issues involving medical records privacy.
Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006-2012.
The examples and perspective in this section deal primarily with the United States and do not represent a worldwide view of the subject. (December 2012) (Learn how and when to remove this template message)
The federal Health Insurance Portability and Accessibility Act (HIPAA) addresses the issue of privacy by providing medical information handling guidelines. Not only is it bound by the Code of Ethics of its profession (in the case of doctors and nurses), but also by the legislation on data protection and criminal law. Professional secrecy applies to practitioners, psychologists, nursing, physiotherapists, occupational therapists, nursing assistants, chiropodists, and administrative personnel, as well as auxiliary hospital staff. The maintenance of the confidentiality and privacy of patients implies first of all in the medical history, which must be adequately guarded, remaining accessible only to the authorized personnel. However, the precepts of privacy must be observed in all fields of hospital life: privacy at the time of the conduct of the anamnesis and physical exploration, the privacy at the time of the information to the relatives, the conversations between healthcare providers in the corridors, maintenance of adequate patient data collection in hospital nursing controls (planks, slates), telephone conversations, open intercoms etc.
Personal medical records, including X-rays, in respect of patients treated under the NHS are held to be the property of the Secretary of State. NHS hospital medical records are stored in premises designated by the appropriate health authority. Access to a patient's medical records is governed in the patient's interest by the ethics of the medical and allied professions.
ownership and copyright in these records as a rule is with the NHS Trust or Health Authority, not with any individual employee or contractor.