6 minutes reading time (1295 words)

Dealing with Requests for Dental Records

Dealing with Requests for Dental Records

In recent years, Dental Practices have noted a rise in the number of requests for patient records being received, especially from legal services. It is probably no coincidence that this rise has corresponded with an increase in adverts for ‘no win no fee’ solicitors encouraging patients to come forward if they have received what they perceive to be poor dental treatment.

In this blog I set out the legal framework in relation to keeping and disclosing dental records and provide some practical tips on how to respond to requests for the same.

Record Keeping

As you all know, whether you work in a private or NHS practice, the Standards for the Dental Team, Standard 4.1 applies.  It states:

‘You must make and keep contemporaneous, complete and accurate patient records’.

Furthermore, various pieces of legislation also require dentists to keep records, including Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, which is monitored by the CQC.

Those who work in an NHS practice will know that the NHS contract has a contractual requirement for dentists to keep patient records.

However, there is no hard and fast rule for how long you should keep the records before destroying them.

The NHS contract only requires you to keep patient records for two years. Given that a claim for clinical negligence can be issued within three years of the date of knowledge of the injury, a claim for breach of contract within six years of the breach and a claim for defective products within ten years of the defect, two years will be insufficient should you need to rely on such documents to defend a potential claim. The dental records may be the only evidence of what was discussed during a consultation and what consent was provided by the patient; they are therefore crucial in helping you to prepare a defence.  

The Department of Health’s ‘Record Management’ code recommends community records are kept for a minimum of 11 years after the date of the last entry. For children, it is 11 years or up to their 25th birthday, which ever period is longer. For hospital records the recommendation is a minimum of eight years. The maximum recommended length for retention is 30 years, unless otherwise required by law or some other circumstance.

If you have received any complaints or there has been an adverse incident with a patient, we would recommend keeping the records indefinitely, even if the complaint was resolved satisfactorily. Whilst there are time limits for bringing claims, the courts have the power to extend those limits. This does leave a dark cloud hanging over you; never knowing what might come through the post. However, being prepared with ‘contemporaneous, complete and accurate’ records will help ease the stress of dealing with any complaint or claim.

Please note that if a patient has a disability as a result of an ‘unsound mind’ the normal time limits for record retention do not apply. In these cases, the records should be held indefinitely.

On top of your professional duties, dental practices will also be covered by the Data Protection Act 1998. This requires anyone who holds sensitive personal data about an individual to ensure that the data is accurately created and carefully and securely maintained. Ensuring records are kept securely includes keeping them confidential. The Data Protection Act also states that data should be retained for no longer than necessary. You can find further guidance about your duties under the Data Protection Act in this helpful guide for businesses produced by the Information Commissioner’s Office.

Disclosing Records

Both the Data Protection Act and Access to Health Records Act provide patients with the right to see their dental records.

If you receive a written request from a patient for their dental records, this must be dealt with as quickly as possible but in any event within 40 days. We have set out below under ‘practical tips’ the fees you can charge for providing the documents and what to do if the request is from a third party.

The request must be to the person who controls the data, and it must contain information such that the data controller can be satisfied as to the identity of the person making the request and provide information as to the data sought.

You cannot refuse a patient access to their records unless one of the following applies:

1.       Disclosure would be likely to cause serious harm to mental or physical health of the patient or any other person;

2.    Disclosure would require you to provide information about a third party (other than the dental team providing the treatment) unless the third party consent’s to the disclosure. (Please note that if you can easily redact such information you should do so, rather than refusing the request.)

Once you have received a request you must provide the patient with a copy of all the information you hold about that patient.

If you have destroyed records and a patient subsequently asks to see their record, under the Data Protection Act it is reasonable to say that it was destroyed because it was no longer necessary to be kept.

Breaches of data protection laws can result in criminal as well as civil liability (not to mention adverse publicity, which is increasingly the likely result of non-compliance) so it is not advisable to ignore requests for personal data.

Practical Tips

Identity. You must ensure that the identity of the patient is correct and that you are sending them their patient records. If you are in any doubt ask the patient for more information to help identify them. If you send the wrong records you will be in breach of the Data Protection Act and, as stated above, this could result in criminal or civil action against you.

Consent. If the request is from a solicitor, ensure that the patient has consented to the records being sent to the solicitor and that they understand why the records are being sought. Most solicitors will use a standard form, because it sets out all the relevant information, but there is no requirement to do so.

Fees. The fees that can be charges for copying records are as follows:

Dental Records held electronically


Dental Records held manually

Max. £50

Dental records held electronically and manually

Max. £50

Photocopying charges

You cannot charge an additional amount

Postage charges

You cannot charge an additional amount

X-rays or scans

Should come within £50 unless the patient has a large number. In that case you may be able to justify copying charges onto film.


Please note that the fees are the maximum you can charge and you should be able to justify them. They are meant to cover your costs for reproducing the records. For example if the patient only has around 10 pages held manually, charging £50 for administration and copying charges is unlikely to be deemed reasonable.

X-rays and scans can be transferred onto a CD and then disclosed rather than copying them onto film.

Opinions. A legal representative may also seek your opinion on the patient’s treatment and prognosis. Unless you are being asked to provide an expert witness report for court purposes (which you would only be able to do if you had never treated the patient in question) we would recommend that you avoid providing any comments. Any comments could later be used against you in respect of a claim.

If you do provide an opinion, you can seek a separate fee for this, as this is a report and therefore not covered by the Data Protection Act.

Potential Claims. If you receive a request from a legal representative, we would not recommend seeking clarification as to the reasons for the request, simply respond to the request and notify your indemnity insurer or defence union, so they are on notice should anything arise in the future. Providing the medical records may be enough to show there is no claim and nothing further may come of it.


Five Star rating for the new NSK iClave mini
Meeting the demand - Martin Gilbert

Related Posts



Already Registered? Login Here
No comments made yet. Be the first to submit a comment

By accepting you will be accessing a service provided by a third-party external to https://www.gdpuk.com/

Please do not re-register if you have forgotten your details,
follow the links above to recover your password &/or username.
If you cannot access your email account, please contact us.

Mastodon Mastodon