The Importance of Health Records


Health records have played an increasingly important role throughout history as an important legal document for the exercise of individuals’ rights. However, domestic legislation fails to define health records as a legally important collection of health data and documents. Recording facts and storing legally important documents are therefore the tasks of the operator. Using the prescriptive method we will determine which laws are governing the management of medical records, their safety and accessibility. Based on the descriptive method, we will describe the process of handling health records by the provider of health treatment, focusing on exposed regulatory gaps in the area of the protection of the rights of an individual. Through the analysis of the laws governing the management of health records, even after death and operator terminating the service, we will carry out inductive reasoning and provide conclusions regarding the attitude towards health records. Considering different results we can conclude that health information, especially documents relevant to the protection of individual’s rights, is not transparent. Above all, the documents in the collection are not recorded properly, thus allowing for their removal. Even the transfer of health records by the provider of health treatment is not defined, which could result in the disposal of the entire health documentation.

Share and Cite:

Marinič, M. (2015) The Importance of Health Records. Health, 7, 617-624. doi: 10.4236/health.2015.75073.

1. Introduction

Health records are the most important database of health treatment of the patient. Consistent recording by doctors, nurses and other staff is proof of proper monitoring of the health, planning and treatment. Initial health records were used to describe individual processes. Today, health records are a much broader concept than in the past because in the past, it was the doctor alone who recorded data. Health records and documents serve as the basis for the realizing of individual rights, both in civil and legal transactions, as well as the exercise of rights relating to privacy and the retrograde determining health status.

2. Health Data in the Past

The beginnings of health records date back to 3000 BC when the Egyptians started keeping the oldest form of health records. In ancient Greece, doctors recorded symptoms and treatments. In the 14th and 15th century, doctor’s records developed and included advice on nutrition and effective methods of treatment of the disease and also notes on autopsies. The expansion of science increased the value of accurate health records, which in the 16th century became books of cases―casebooks, following the example of the legal profession. Since 1750, doctors have been keeping health records in hospitals as a record of systematic and objective health practice. Health records in the late 19th century enabled doctors to analyse health data of individuals. The need for systematic data collection required hospitals to keep health records, although operators did not have standards prescribing which patient information should be collected. Certain doctors kept data in their own way, rendering the verifiability and comparability of results more difficult. The early 20th century saw an expansion of education in hospitals, which increased the need for standardised health records. Like education in health care, research was also gaining momentum and health records were often their main element [1] .

3. Health Records Today

Nowadays health records are kept from birth to death of a person. The history of disease also contains records of other family members. The records of the health status of individuals affect the good name and dignity of the individual and, indirectly, the dignity and reputation of their descendants and close relatives. Health records consist of various data entered by health care professionals in either paper or electronic form, with digital images, photos, digital images of the fetus, computerized tests, and letters or other health information.

Foreign case law in Boyd. v. USA, Clark wonders if the health card is also part of health records because it contains relevant health information [2] . Under the applicable domestic law, the doctor is the only person responsible for health records. In practice, however, health records are handled and stored by health care administrators and nurses. In practice, health records of an individual, even within a single institution, are created by various experts. The methods of managing, storing, providing accessibility to and integrating are not legally defined, thus allowing excessive availability, non-transparent treatment, and the possibility of disposal of individual documents or records entirely.

4. Recording of Documents

Chronological recording of health data is exemplary and ensures legal security of the operator and the patient because only authentic documents and records are available and can be used as evidence for exercising the rights of an individual. Legal significance of health records and the consequences of injuries are an important basis for liability claims. The demonstration of incurred damage is based solely on the evidence regarding the situation before and after the injury. Accurate records of observed changes in the health status, planned and implemented treatment also attest to the adequacy of the response of health workers. Comprehensive hospital treatment of a patient requires identification of even the slightest change in health status and taking appropriate action. There is a rule in health care: everything that health professionals have not written down has not been seen or taken care of.

5. Patient’s Rights

Health records are paper or electronic mediums containing health data on the basis of which individuals or their relatives can prove that health treatment was inadequate.

5.1. The Right to Access Health Information

The patient has the right to information about who was acquainted with his health records. Among the important rights of the patient, the right to consult health records is undoubtedly the most important one. If the records are not accurate, the patient has the right to rectification, blocking or erasure of data. Erasure, i.e. the removal

and revision of health records in the processing of health data, is a very unusual and almost unknown method of health record processing. Corrections of personal data in accordance with the reasons for the decision in the case Dimitrov-Kazakov v. Bolgaria are of great importance to the human peace of mind and less supervision [3] .

5.2. Blocking, Erasure, Amending

An individual has the right to demand rectification, erasure or an attribution statement when records alter the relevant facts substantially. The accuracy of health information is very important for the patient’s privacy, private and work performance. The Slovenian legislation enables change, correction, blocking, erasure and objection regarding personal data in Article 33 of the Personal Data Protection Act [4] . The Commission decision 2009/876 provides detailed instructions on amending personal data [5] 1. However, the legislation does not provide specific instructions on amending health records. Health data describes the situation in the documentation and the doctor is not allowed to change it, only amend or add notes. Only the right to amend health records should be defined, if we assume lawful data processing. This is a professional view on the health status, with which an uncritical patient does not agree. But this cannot be the only reason for erasure. Different laws in other countries define the rights to access and amendment in different ways. In cases of amendments, California’s legal system provides for the retention of the original record as a legally relevant fact, requires stating a reason for amendment, the amendment, date and signature of the person who conducted the procedure [6] 2. The original record should not be destroyed because foreign case law considers it as an important legal information: the actions of the doctor and the patient are assessed for the past to clarify the conditions. The statement is confirmed by the explanation of the decision by the Higher Court in Ljubljana in the Case I Cp 2835/2009 [7] . Amendments in paper format as defined in foreign law involve a red line striking out the original text and a new fact written below, with a date, reason and signature of the responsible person. The security of documents and the possibility to explore is enabled by a defined content and accurate management of health records. Unfortunately, this area is unregulated in the Republic of Slovenia.

6. The Importance of Written Statements

Parallel to the health treatment, the patient also decides who can be with its health information notes. Along with consent to health treatment, the patient is required to state who can become acquainted with health data. For legal certainty, the patient and the operator sign a written consent which is an integral part of health records.

The first focused management of health records was suggested by Weed in 1968. Subsequently, many authors proposed criteria for required content. Important information is changing the scope and form of health records. The perception of the importance of health records has an impact on the protection of human rights through the management of health records. Health records to distinguish: a primary document that was created at direct contact between the doctor and the patient, and a secondary document, which is a product of the analysis of several primary documents. This classification also involves tertiary documents. These denote records created in the relationship between the patient and a third party in relation to the rights and choices of the individual. In this respect, storage of written statements of will, appointment of a health care representative and will expressed in advance in line with the Patient Rights Act are inadequate [8] .

7. Photocopying Health Documents

Photocopying health records resulting from the boom and the availability of photocopiers is very unregulated. The Slovene Personal Data Protection Act does not specifically govern this area.

In the Slovenian health care system, managers of health records do not keep track of how often and for what purpose health documents are copied. The right of the individual to know who looked at their health records in paper form are not consistently defined in the Slovene legislation. Security can be achieved with a limited number and availability of photocopiers in places where health records are kept. A photocopier should be available only to the archivist in the reading form in order to have a consistent record of photocopies. The opinions of operators differ significantly when asked about the need to access paper health records 24 hours a day in this digitalised world.

In the present arrangement, such a document can be “lost” easily. The Act does not provide for this part of the processing of health data. Component of the health records constitutes a legal problem due to non-uniform naming forms on the national level. From the legal and ethical perspective, only consistent keeping of health records could ensure legal certainty. This is the foundation for good management and legal certainty for the providers of health treatment. Detailed health records are also an important forensic document. The Act fails to provide for keeping the content of health records in a way similar to judicial records. Californian case law, among other things, requires that the documentation contains a code with full name and surname of the patient and the unique number of the health card on every page. In order to ensure the integrity and privacy of health records, it is not allowed to copy each page separately or send them by fax [6] .

Personal data entered by third parties regarding the health of an individual shall be considered as an integral part of health documentation and is subject to disclosure to the patient or the court. Recording the issuance of documents by request for documentation of the patient and each issuance of health records from the archive in the database increase control in terms of privacy protection. Access to the information system is allowed only on the basis of its uniform identification that reduces abuse.

In the absence of substantive regulation on copying health records, it is essential to review the rules governing copying in future legislation to provide legal protection of privacy. To compare with an identity card, financial institutions are allowed to copy it, but they are required to add a stamp stating the purpose of copying, which prevents further copying. This is the conceptual basis for the protection of health records.

The legal basis for the adoption of technical measures and the establishment of registers of processing, data protection is regulated by Regulation (EC) No. 45/2001 [9] of the European Parliament and of the Council. Good practice for the regulation of copying documents should be in line with the Decree on administrative operations. Copying health records is generally poorly regulated and unclear both in Slovenia and elsewhere, as could be seen in the interpretation of the judgment Amann v. Swicherland by the European Court of Human Rights [10] .

8. Preservation of Documents as the Basis for Exercising the Rights of the Patient

In terms of preservation, access to health records should be denied to workers who do not participate in the patient’s treatment. Clearly, the law should prohibit the removal of health records from the facility, except by court order or where required by law. Therefore, a doctor can no longer have access to health records after leaving the service of a provider of treatment. Health records must be constantly kept in a room which prevents loss, unauthorised insight, destruction, or alteration. Special attention is devoted to mental health documentation, documentation regarding people suffering from alcohol dependence, drug abuse, child abuse and HIV.

8.1. Transparency

Transparency and verifiability of the signature must also be based on law. Health records are important for judicial reviews of the health staff [11] and the development of the disease, which was found by the European Court Of Human Rights in the case McGlinchey and others v. United Kingdom [12] . Health data serves to clarify the changes in health status and adequacy of treatment and may therefore be an indication of the reasons for the changes in health (such as the cause of death) according the decision in Ex parte judgment Northwest Alabama Mental Health Center v. Skip Newman [13] .

Even domestic case law clearly shows that health records are an important legal document in legal and liability proceedings. This is why a detailed chronological overview of the management of health and diseases is important, as can be seen from the interpretation of the judgment by the Higher Court in Ljubljana I Cp 2835/2009 [7] .

8.2. Increased Data Sensitivity Requires Better Protection

Health records in the field of psychiatry are extremely sensitive. Such documentation contains information about personal distress and mental disorders as well as intimate and family information and distress. To this end, it is necessary to regulate the legal protection of personal data in health records. Health records in multidisciplinary health treatment of an individual are created in different departments that are involved in the multidisciplinary treatment. Psychological health records seriously invade the privacy as they record the most intimate events of the human mind which are unknown even to the individual.

9. Legal Definition of Various Health Data

Psychology as a rapidly developing field of science with a sub-category of health psychology was not followed by the law to regulate processing and storage of health records. Health records of psychologists is handled differently in different countries. Laws and regulations governing this area are very clear in some countries, while in others this field is barely defined. According to the Code of Ethics of Psychologists in the Republic of Slovenia, a psychologist is personally responsible for protecting the data about an individual [14] . A psychologist is also required to take care of questionnaires and standardised tools that may be accessible only to professional psychologists with a degree. This area is not regulated in Slovenia. By definition, such documentary material does not belong within structured records. This sensitive data is governed by the Code as a morally binding document. On the basis of reasoning by analogy, this is a special type of health records which the operator is obliged to keep for 10 years after the death of an individual or in accordance with the classification plan of a relevant institute. There is no legally defined access of individuals to this information, or information about who accessed it, which is a serious violation of the rights of the individual.

Health records in dental clinics are currently less important than the law suggests. The legislation does not take social change into account.

The Health Care Databases Act still requires permanent storage of dental records. Social changes provoked changes in burial of corpses, which is why the social concept of cremation of corpses annuls the legal importance of dental records. Relevant statutory provisions are the most divergent, somewhere between the law and the social situation. Changes will be necessary in future legislation to redefine storage period of dental records.

10. Prohibition to Remove Health Records from Hospitals or Clinics

The law fails to clearly prohibit the removal of health records from the facility, except by court order or where required by law. Therefore, the doctor after leaving the service of a provider of health treatment, should no longer have access to health records documentation. Health records must at all times be kept in a room which prevents loss, unauthorised insight, destruction or alteration. Special attention is devoted to mental health records, documentation regarding people suffering from alcohol dependence, drug abuse, child abuse, and HIV.

11. Private Practice

Health records in private practices, especially in terms of storage, are problematic in three ways. First, it is difficult to restrict access to unauthorised persons. Second, it is harder to monitor the handling of personal data at private premises. Third, the death or termination of the contractor’s activities is problematic. After the care provider dies, the heirs will acquire ownership of the documents and heirs are usually not sworn court experts. In this way, they are not bound to protect the records. Termination of activities due to retirement results in the same problem. In both cases adequate protection of records is questionable [15] .

In Slovenia, the right to access to health records after the death of a private physician or his termination of practice is difficult to achieve with operators of private law. The legislation in Slovenia obliges the person performing health treatment of private law upon termination of private practice to hand all health records of patients to another operator in accordance with the provisions of Article 40 of the Health Practitioners Act [16] and with consent of the Medical Chamber. The Chamber is required to identify a new operator of health records if the operator fails to do so himself. Private clinics usually operate at private premises or at premises rented by the operator of health records. In accordance with Article 41 of the same Act, the Chamber is authorised to enter the premises of the clinic and take health records in the event of death of the doctor. Foreign legislation indicates that Switzerland specifically defines the scope of health records and the mode of their management in an effort to respect the rights of the patient in the relevant legislation [17] . It also precisely defines the use of health records after the death of the doctor or the death of a patient, which is important for patient privacy.

The opposite of predictable treatment represents the law in America, especially the Health Insurance Portability and Accountability Act, known as HIPAA, which prevents illicit brokering of health data without the know- ledge and consent of the patient. HIPAA provides for the protection of the privacy of the patient to doctors, hospitals and pharmacies, but does not define the behaviour in sufficient detail to prevent abuse. HIPAA defines the processing of personal data and its transfer to third parties, but the transfer of health information in paper form is not defined, so the actions after termination of private practice of a healthcare professional are also not defined [18] 3.

The law in America also stipulates that transmission of health information without the knowledge and consent of the patient is a crime. HIPAA provides for the processing of personal data and their transfer to third parties. The transfer of health records in paper form is poirly defined [19] . After private practice of health care professionals is terminated, the US legislation provides no measures. Therefore, patients are denied access to health records due to unregulated areas of law. The patient is denied the right to adequate health care and the opportunity to make an application claiming pension and disability protection, employment rights, health insurance, maternity and child care. Adequate protection of health records after the death of the contractor or termination of private practice is also important for the protection of health information. So in the future, health care legislation should regulate this area and ensure the rights to individuals.

12. Discussion

Health data is still not handled safely to ensure patient rights. The only well-regulated area of keeping health documentation are records that are required by the person paying for services.

Health records are subject to inspection without patient’s knowledge. On the other hand, operators devote less time recording changes in the health status. If the doctor is acquainted with the health situation of the patient every day, the doctor should be obliged to record the observations. The Slovenian law stipulates only that the doctor is obliged to keep documents on health status and other records on the basis of Article 50 of Medical Practitioners Act [19] . There is no defined period within which the documentation upon completion of treatment should be returned to the archives. An unwritten rule in nursing is to record the health status at the end of each shift. Nurses also write a conclusion if a patient is transferred to another department or released from hospital. Such precise records by nurses are often the best source of information on the state of health and health treatment.

Violation of privacy will stop the moment the operators are obliged to comply with essential use of computer records, thus enabling tracking of health data. For safer management of health documentation, the so-called internal traceability is required upon written request to obtain documentation from each of the current or permanent archive. The request must contain the reason to constitute a basis to inform the patient that his health records have been made available to someone. The availability of the database to a large number of employees poses a major risk and increases the possibility of abuse, which is why this requires changes. The availability of health records for beneficiaries in the reading room and library material would prevent abuse significantly. Electronic recording of requests and issuing documentation in its original form, or photocopies to court experts, researchers or other beneficiaries also allows to record the return of such documents or photocopies and the operator then destroys them [20] . The information system generates a list of people who were granted access to health information. Currently, operators do not enable this right entirely due to the absence of records, which renders data incomplete. The patient’s privacy is poorly protected from uncontrolled access to the database. Entering the archive space must be recorded in a reliable manner. When dealing with health information, the rule is: “Abundans cautela non nocet” (lat.)4 or “Abundant caution does no harm.” Foreign legislation suggest that the Slovene legislation also needs a well-regulated implementing regulation [21] .

Taking health records out of the premises of health care services is not explicitly prohibited in the Slovene legislation, nor is it defined as a delict, which is one of the greatest threats to privacy. Protecting health records, frequency and method of handling them constitutes a regulatory gap; legally, a safe place to use the records is not defined. For legal and professional security, the legibility of records and the signature of the author are extremely important. Health records in domestic practice do not ensure authenticity, so the future legislation should exclude false records due to poor legibility by imposing mandatory direct electronic entry of data. A part of health records is necessary to determine the right therapy. It involves the temperature sheet, which must always be available to the nursing staff. Other paper documentation or illness description should always be stored in one room as reading materials.

13. Conclusion

Implementations of patients’ rights, such as privacy, accessibility, data changes and the fact, what people are looking at the data, are new. This area of law is so poorly defined, which causes problems to operators of health records. The absence of legal rules in this area creates conditions for the violation of the rights of individuals. Increasingly frequent abuses of health records indicate how unregulated this part of health treatment is. The privacy of everyone should be protected, but this is undoubtedly an extremely important area which in all social systems represents a political matter: the deepest invasion of privacy is possible through health data.


1Commission Decision of 30 November 2009 adopting technical implementing measures for entering the data and linking applications, for accessing the data, for amending, deleting and advance deleting of data and for keeping and accessing the records of data processing operations in the Visa Information System.

2Civil Code Section 56.10-56.16.

3See E. Adlard and LJ Thomas, 2012, 1000 medical records of the most intimate and most private information about abortion in the years 2001 and 2002, representing six pages of names wife, birth details, phone numbers, names of family members for emergency calls, data birth, duration of pregnancy and the number of previous abortions were discarded in a container for recycling in the parking lot at the elementary school BROOKRIDGE in Overland park. The documents are discarded from the clinic affordable surgical services in Cansas City, which has ceased its operations. The public prosecutor on the basis of the application najditeljice triggered a process in which they are looking for medical records and determined its preservation. The doctor, who was head of the hospital, he lost license

4Latin saying in English:Caution does no harm.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Olivia, B. (2012) What Can the History of Medical Records Teach Us about Meaningful Use?
[2] David, C.E. (2010) Medical Privacy at Risk in Georgia.
[3] Case European Court of Human Rights, No. 11379/03. Dimitrov-Kazakov v. Bulgaria.
[4] Law on the Protection of Personal Data (ZVOP-1) Official Gazette of the Republic of Slovenia, No. 86/200495.
[5] Commission Decision. The Commission of the European Communities, (2009/876/EC), 30 November 2009. Official Journal of the European Union, 2.12.2009, L 315/30.
[6] (CIMA) Confidentiality of Medical Information Act. CALIFORNIA CIVIL CODE SECTIONS 56-56.07.
[7] Case Higher Court of Slovenia, I Cp 2835/2009.
[8] Patients Rights Act (ZPacP): Official Gazette of the Repiblike Slovenia, No. 15/2008.
[9] Regulation (EC) No. 45/2001.
[10] Case European Court of Human Rights, No. 27798/95, Amann v. Swicherland.{"itemid":["001-58497"]}:1.5.2015
[11] Vesna, P.P. (2014) Medical Data in the Work of the Court and Privacy pacietov in Practice. In: Milena, M., Ed., University Psychiatric Clinic, Ljubljana, 70-77.
[12] Case European Court of Human Rights No 50390/99. McGlinchey and Others v. the United Kingdom.{"itemid":["003-741378-753326"]}:1.5.2015
[13] Case Supreme court of Alabama, No.1100205. Ex parte Judgment Northwest Alabama Mental Health Center v. Skip Newman.
[14] Code of Ethics of Psychologists Slovenia (2002)
[15] Case Administrative Court of Slovenia. III U 69/2011.
[16] The Law on Medical Services Official Consolidated Text. (ZZdrS-UPB3) .72. Official Gazette of the Republic of Slovenia ?t. 72/20006 z dne 11.7.2006.
[17] Krusic, M.Z. (2010) The Right to Privacy in Medicini. GV Publisher, Ljubljana, 152.
[18] Adlard, E. and Judit, T.L. (2012) Abortion Files Tossed into Recycling Bin. Kansas City Star.
[19] Health Insurance Portability and Accountability Act (HIPAA)
[20] Medical Practitioners Act (ZZdrS) Official Gazette of the Republic of Slovenia, No. 72/06.
[21] Marinic, M. (2014) Reclaiming Health Data Forensic Experts, Researchers and Other Healthcare Providers Treatment. In: Marinic, M., Ed., Privacy Pacietov in Practice, University Psychiatric Clinic, Ljubljana.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.