Patient Record Retention
The Patient Records standard was split into Patient Record Content and Patient Record Retention in January 2016. Please refer to both standards for all expectations related to patient records.
Category: Administration of Practice
Under Review: No
Issued by Council (Patient Records): January 1, 2010
Reissued by Council: July 1, 2011
Reissued by Council (Patient Record Retention): January, 2016
Reissue included both Patient Record Content and Patient Record Retention.
- A regulated member must ensure a patient record1:
- is compliant with relevant legislation;
- is stored in a manner that protects patient confidentiality through administrative, technical and physical safeguards;
- is under the custody and control of a custodian as defined in the Health Information Act (HIA);
- is retrievable and available for authorized sharing within a reasonable time period to facilitate continuity of patient care; and
- facilitates the:
- collection of data for quality improvement activities; and
- sharing of standardized data sets to the Alberta Electronic Health Record (Netcare) or equivalent.
- A regulated member acting as a custodian2 must have policies and procedures in place in accordance with the HIA that:
- includes an information manager agreement, if an information manager has been identified;
- establishes processes for the retention, protection, access, disclosure and secure destruction of patient health information; and
- clarifies roles, expectations and accountabilities of all parties.
- A regulated member acting as a custodian who shares patient information with other custodian(s) must have an information sharing agreement that clarifies access, transfer and return of patient records.
- A regulated member acting as a custodian must designate a successor custodian3 to ensure the retention and accessibility of patient records in the event the regulated member is unable to continue as custodian.
- A regulated member must complete a privacy impact assessment4 prior to changing or implementing any administrative practice or information system relating to the collection, use and disclosure of individually identifiable patient health information.
- A regulated member must ensure patient records are retained and accessible for a minimum of:
- ten (10) years from the date of last record entry for an adult patient; and
- ten (10) years after the date of last record entry for a minor patient, or two years after the patient reaches or would have reached the age of eighteen (18), whichever is longer.
- At the request of a patient, a regulated member must provide the patient with timely access to the patient’s record in accordance with the HIA.
- A regulated member may charge a fee in accordance with the HIA for providing a patient with a copy of the patient’s record.
- A regulated member must not charge a fee for providing another healthcare provider with limited patient information.
- Refers to either a paper-based or electronic record.
- Regulated members are designated custodians under the Health Information Regulation.
- Reference: Health Information Act Section 35(1)(q)
- Reference: Health Information Act Section 64
Advice to the Profession
- Electronic Communications and Security of Mobile Devices
- Privacy Impact Assessment Requirements (OIPC)
- Communicating with patients via email – Know the Risks (OIPC)
- Email Communication FAQs (OIPC)
- Lost or Stolen Patient Records
- Smart Phone Recordings by Patients (CMPA)
- Social Media
- Transition to Electronic Medical Records
Are You Up to Standard?
Related Standards of Practice
- Patient Record Content
- Closing or Leaving a Medical Practice
- Relocating a Medical Practice
- Continuity of Care
The CPSA Standards of Practice are the minimum standards of professional behaviour and ethical conduct expected of all physicians registered in Alberta. Standards of practice are enforceable under the Health Professions Act and will be referenced in the management of complaints and in discipline hearings. About the CPSA Standards of Practice