Health, 2015, 7, 617-624
Published Online May 2015 in SciRes. [Link]
[Link]
The Importance of Health Records
Milena Marinič
Master of Law, University Psychiatric Clinic, Ljubljana, Slovenia
Email: [Link]@[Link]
Received 28 February 2015; accepted 17 May 2015; published 20 May 2015
Copyright © 2015 by author and Scientific Research Publishing Inc.
This work is licensed under the Creative Commons Attribution-NonCommercial International License (CC
BY-NC).
[Link]
Abstract
Health records have played an increasingly important role throughout history as an important le-
gal document for the exercise of individuals’ rights. However, domestic legislation fails to define
health records as a legally important collection of health data and documents. Recording facts and
storing legally important documents are therefore the tasks of the operator. Using the prescriptive
method we will determine which laws are governing the management of medical records, their
safety and accessibility. Based on the descriptive method, we will describe the process of handling
health records by the provider of health treatment, focusing on exposed regulatory gaps in the
area of the protection of the rights of an individual. Through the analysis of the laws governing the
management of health records, even after death and operator terminating the service, we will
carry out inductive reasoning and provide conclusions regarding the attitude towards health re-
cords. Considering different results we can conclude that health information, especially docu-
ments relevant to the protection of individual’s rights, is not transparent. Above all, the docu-
ments in the collection are not recorded properly, thus allowing for their removal. Even the trans-
fer of health records by the provider of health treatment is not defined, which could result in the
disposal of the entire health documentation.
Keywords
Health Records, Content Security, Legal Certainty
1. Introduction
Health records are the most important database of health treatment of the patient. Consistent recording by doc-
tors, nurses and other staff is proof of proper monitoring of the health, planning and treatment. Initial health re-
cords were used to describe individual processes. Today, health records are a much broader concept than in the
past because in the past, it was the doctor alone who recorded data. Health records and documents serve as the
How to cite this paper: Marinič, M. (2015) The Importance of Health Records. Health, 7, 617-624.
[Link]
�M. Marinič
basis for the realizing of individual rights, both in civil and legal transactions, as well as the exercise of rights
relating to privacy and the retrograde determining health status.
2. Health Data in the Past
The beginnings of health records date back to 3000 BC when the Egyptians started keeping the oldest form of
health records. In ancient Greece, doctors recorded symptoms and treatments. In the 14th and 15th century, doc-
tor’s records developed and included advice on nutrition and effective methods of treatment of the disease and
also notes on autopsies. The expansion of science increased the value of accurate health records, which in the
16th century became books of cases—casebooks, following the example of the legal profession. Since 1750,
doctors have been keeping health records in hospitals as a record of systematic and objective health practice.
Health records in the late 19th century enabled doctors to analyse health data of individuals. The need for sys-
tematic data collection required hospitals to keep health records, although operators did not have standards pre-
scribing which patient information should be collected. Certain doctors kept data in their own way, rendering the
verifiability and comparability of results more difficult. The early 20th century saw an expansion of education in
hospitals, which increased the need for standardised health records. Like education in health care, research was
also gaining momentum and health records were often their main element [1].
3. Health Records Today
Nowadays health records are kept from birth to death of a person. The history of disease also contains records of
other family members. The records of the health status of individuals affect the good name and dignity of the in-
dividual and, indirectly, the dignity and reputation of their descendants and close relatives. Health records con-
sist of various data entered by health care professionals in either paper or electronic form, with digital images,
photos, digital images of the fetus, computerized tests, and letters or other health information.
Foreign case law in Boyd. v. USA, Clark wonders if the health card is also part of health records because it
contains relevant health information [2]. Under the applicable domestic law, the doctor is the only person re-
sponsible for health records. In practice, however, health records are handled and stored by health care adminis-
trators and nurses. In practice, health records of an individual, even within a single institution, are created by
various experts. The methods of managing, storing, providing accessibility to and integrating are not legally de-
fined, thus allowing excessive availability, non-transparent treatment, and the possibility of disposal of individ-
ual documents or records entirely.
4. Recording of Documents
Chronological recording of health data is exemplary and ensures legal security of the operator and the patient
because only authentic documents and records are available and can be used as evidence for exercising the rights
of an individual. Legal significance of health records and the consequences of injuries are an important basis for
liability claims. The demonstration of incurred damage is based solely on the evidence regarding the situation
before and after the injury. Accurate records of observed changes in the health status, planned and implemented
treatment also attest to the adequacy of the response of health workers. Comprehensive hospital treatment of a
patient requires identification of even the slightest change in health status and taking appropriate action. There is
a rule in health care: everything that health professionals have not written down has not been seen or taken care
of.
5. Patient’s Rights
Health records are paper or electronic mediums containing health data on the basis of which individuals or their
relatives can prove that health treatment was inadequate.
5.1. The Right to Access Health Information
The patient has the right to information about who was acquainted with his health records. Among the important
rights of the patient, the right to consult health records is undoubtedly the most important one. If the records are
not accurate, the patient has the right to rectification, blocking or erasure of data. Erasure, i.e. the removal
618
� M. Marinič
and revision of health records in the processing of health data, is a very unusual and almost unknown method of
health record processing. Corrections of personal data in accordance with the reasons for the decision in the case
Dimitrov-Kazakov v. Bolgaria are of great importance to the human peace of mind and less supervision [3].
5.2. Blocking, Erasure, Amending
An individual has the right to demand rectification, erasure or an attribution statement when records alter the
relevant facts substantially. The accuracy of health information is very important for the patient’s privacy, pri-
vate and work performance. The Slovenian legislation enables change, correction, blocking, erasure and objec-
tion regarding personal data in Article 33 of the Personal Data Protection Act [4]. The Commission decision
2009/876 provides detailed instructions on amending personal data [5]1. However, the legislation does not pro-
vide specific instructions on amending health records. Health data describes the situation in the documentation
and the doctor is not allowed to change it, only amend or add notes. Only the right to amend health records
should be defined, if we assume lawful data processing. This is a professional view on the health status, with
which an uncritical patient does not agree. But this cannot be the only reason for erasure. Different laws in other
countries define the rights to access and amendment in different ways. In cases of amendments, California’s le-
gal system provides for the retention of the original record as a legally relevant fact, requires stating a reason for
amendment, the amendment, date and signature of the person who conducted the procedure [6]2. The original
record should not be destroyed because foreign case law considers it as an important legal information: the ac-
tions of the doctor and the patient are assessed for the past to clarify the conditions. The statement is confirmed
by the explanation of the decision by the Higher Court in Ljubljana in the Case I Cp 2835/2009 [7]. Amend-
ments in paper format as defined in foreign law involve a red line striking out the original text and a new fact
written below, with a date, reason and signature of the responsible person. The security of documents and the
possibility to explore is enabled by a defined content and accurate management of health records. Unfortunately,
this area is unregulated in the Republic of Slovenia.
6. The Importance of Written Statements
Parallel to the health treatment, the patient also decides who can be with its health information notes. Along with
consent to health treatment, the patient is required to state who can become acquainted with health data. For le-
gal certainty, the patient and the operator sign a written consent which is an integral part of health records.
The first focused management of health records was suggested by Weed in 1968. Subsequently, many authors
proposed criteria for required content. Important information is changing the scope and form of health records.
The perception of the importance of health records has an impact on the protection of human rights through the
management of health records. Health records to distinguish: a primary document that was created at direct con-
tact between the doctor and the patient, and a secondary document, which is a product of the analysis of several
primary documents. This classification also involves tertiary documents. These denote records created in the re-
lationship between the patient and a third party in relation to the rights and choices of the individual. In this re-
spect, storage of written statements of will, appointment of a health care representative and will expressed in
advance in line with the Patient Rights Act are inadequate [8].
7. Photocopying Health Documents
Photocopying health records resulting from the boom and the availability of photocopiers is very unregulated.
The Slovene Personal Data Protection Act does not specifically govern this area.
In the Slovenian health care system, managers of health records do not keep track of how often and for what
purpose health documents are copied. The right of the individual to know who looked at their health records in
paper form are not consistently defined in the Slovene legislation. Security can be achieved with a limited num-
ber and availability of photocopiers in places where health records are kept. A photocopier should be available
only to the archivist in the reading form in order to have a consistent record of photocopies. The opinions of op-
erators differ significantly when asked about the need to access paper health records 24 hours a day in this digi-
1
Commission Decision of 30 November 2009 adopting technical implementing measures for entering the data and linking applications, for
accessing the data, for amending, deleting and advance deleting of data and for keeping and accessing the records of data processing
operations in the Visa Information System.
2
Civil Code Section 56.10-56.16.
619
�M. Marinič
talised world.
In the present arrangement, such a document can be “lost” easily. The Act does not provide for this part of the
processing of health data. Component of the health records constitutes a legal problem due to non-uniform
naming forms on the national level. From the legal and ethical perspective, only consistent keeping of health re-
cords could ensure legal certainty. This is the foundation for good management and legal certainty for the pro-
viders of health treatment. Detailed health records are also an important forensic document. The Act fails to
provide for keeping the content of health records in a way similar to judicial records. Californian case law,
among other things, requires that the documentation contains a code with full name and surname of the patient
and the unique number of the health card on every page. In order to ensure the integrity and privacy of health
records, it is not allowed to copy each page separately or send them by fax [6].
Personal data entered by third parties regarding the health of an individual shall be considered as an integral
part of health documentation and is subject to disclosure to the patient or the court. Recording the issuance of
documents by request for documentation of the patient and each issuance of health records from the archive in
the database increase control in terms of privacy protection. Access to the information system is allowed only on
the basis of its uniform identification that reduces abuse.
In the absence of substantive regulation on copying health records, it is essential to review the rules governing
copying in future legislation to provide legal protection of privacy. To compare with an identity card, financial
institutions are allowed to copy it, but they are required to add a stamp stating the purpose of copying, which
prevents further copying. This is the conceptual basis for the protection of health records.
The legal basis for the adoption of technical measures and the establishment of registers of processing, data
protection is regulated by Regulation (EC) No. 45/2001 [9] of the European Parliament and of the Council.
Good practice for the regulation of copying documents should be in line with the Decree on administrative op-
erations. Copying health records is generally poorly regulated and unclear both in Slovenia and elsewhere, as
could be seen in the interpretation of the judgment Amann v. Swicherland by the European Court of Human
Rights [10].
8. Preservation of Documents as the Basis for Exercising the Rights of the Patient
In terms of preservation, access to health records should be denied to workers who do not participate in the pa-
tient’s treatment. Clearly, the law should prohibit the removal of health records from the facility, except by court
order or where required by law. Therefore, a doctor can no longer have access to health records after leaving the
service of a provider of treatment. Health records must be constantly kept in a room which prevents loss, unau-
thorised insight, destruction, or alteration. Special attention is devoted to mental health documentation, docu-
mentation regarding people suffering from alcohol dependence, drug abuse, child abuse and HIV.
8.1. Transparency
Transparency and verifiability of the signature must also be based on law. Health records are important for judi-
cial reviews of the health staff [11] and the development of the disease, which was found by the European Court
Of Human Rights in the case McGlinchey and others v. United Kingdom [12]. Health data serves to clarify the
changes in health status and adequacy of treatment and may therefore be an indication of the reasons for the
changes in health (such as the cause of death) according the decision in Ex parte judgment Northwest Alabama
Mental Health Center v. Skip Newman [13].
Even domestic case law clearly shows that health records are an important legal document in legal and liabil-
ity proceedings. This is why a detailed chronological overview of the management of health and diseases is im-
portant, as can be seen from the interpretation of the judgment by the Higher Court in Ljubljana I Cp 2835/2009
[7].
8.2. Increased Data Sensitivity Requires Better Protection
Health records in the field of psychiatry are extremely sensitive. Such documentation contains information about
personal distress and mental disorders as well as intimate and family information and distress. To this end, it is
necessary to regulate the legal protection of personal data in health records. Health records in multidisciplinary
620
� M. Marinič
health treatment of an individual are created in different departments that are involved in the multidisciplinary
treatment. Psychological health records seriously invade the privacy as they record the most intimate events of
the human mind which are unknown even to the individual.
9. Legal Definition of Various Health Data
Psychology as a rapidly developing field of science with a sub-category of health psychology was not followed
by the law to regulate processing and storage of health records. Health records of psychologists is handled dif-
ferently in different countries. Laws and regulations governing this area are very clear in some countries, while
in others this field is barely defined. According to the Code of Ethics of Psychologists in the Republic of Slove-
nia, a psychologist is personally responsible for protecting the data about an individual [14]. A psychologist is
also required to take care of questionnaires and standardised tools that may be accessible only to professional
psychologists with a degree. This area is not regulated in Slovenia. By definition, such documentary material
does not belong within structured records. This sensitive data is governed by the Code as a morally binding
document. On the basis of reasoning by analogy, this is a special type of health records which the operator is
obliged to keep for 10 years after the death of an individual or in accordance with the classification plan of a
relevant institute. There is no legally defined access of individuals to this information, or information about who
accessed it, which is a serious violation of the rights of the individual.
Health records in dental clinics are currently less important than the law suggests. The legislation does not
take social change into account.
The Health Care Databases Act still requires permanent storage of dental records. Social changes provoked
changes in burial of corpses, which is why the social concept of cremation of corpses annuls the legal impor-
tance of dental records. Relevant statutory provisions are the most divergent, somewhere between the law and
the social situation. Changes will be necessary in future legislation to redefine storage period of dental records.
10. Prohibition to Remove Health Records from Hospitals or Clinics
The law fails to clearly prohibit the removal of health records from the facility, except by court order or where
required by law. Therefore, the doctor after leaving the service of a provider of health treatment, should no
longer have access to health records documentation. Health records must at all times be kept in a room which
prevents loss, unauthorised insight, destruction or alteration. Special attention is devoted to mental health re-
cords, documentation regarding people suffering from alcohol dependence, drug abuse, child abuse, and HIV.
11. Private Practice
Health records in private practices, especially in terms of storage, are problematic in three ways. First, it is dif-
ficult to restrict access to unauthorised persons. Second, it is harder to monitor the handling of personal data at
private premises. Third, the death or termination of the contractor’s activities is problematic. After the care pro-
vider dies, the heirs will acquire ownership of the documents and heirs are usually not sworn court experts. In
this way, they are not bound to protect the records. Termination of activities due to retirement results in the same
problem. In both cases adequate protection of records is questionable [15].
In Slovenia, the right to access to health records after the death of a private physician or his termination of
practice is difficult to achieve with operators of private law. The legislation in Slovenia obliges the person per-
forming health treatment of private law upon termination of private practice to hand all health records of patients
to another operator in accordance with the provisions of Article 40 of the Health Practitioners Act [16] and with
consent of the Medical Chamber. The Chamber is required to identify a new operator of health records if the
operator fails to do so himself. Private clinics usually operate at private premises or at premises rented by the
operator of health records. In accordance with Article 41 of the same Act, the Chamber is authorised to enter the
premises of the clinic and take health records in the event of death of the doctor. Foreign legislation indicates
that Switzerland specifically defines the scope of health records and the mode of their management in an effort
to respect the rights of the patient in the relevant legislation [17]. It also precisely defines the use of health re-
cords after the death of the doctor or the death of a patient, which is important for patient privacy.
The opposite of predictable treatment represents the law in America, especially the Health Insurance Portabil-
ity and Accountability Act, known as HIPAA, which prevents illicit brokering of health data without the know-
621
�M. Marinič
ledge and consent of the patient. HIPAA provides for the protection of the privacy of the patient to doctors, hos-
pitals and pharmacies, but does not define the behaviour in sufficient detail to prevent abuse. HIPAA defines the
processing of personal data and its transfer to third parties, but the transfer of health information in paper form is
not defined, so the actions after termination of private practice of a healthcare professional are also not defined
[18]3.
The law in America also stipulates that transmission of health information without the knowledge and consent
of the patient is a crime. HIPAA provides for the processing of personal data and their transfer to third parties.
The transfer of health records in paper form is poirly defined [19]. After private practice of health care profes-
sionals is terminated, the US legislation provides no measures. Therefore, patients are denied access to health
records due to unregulated areas of law. The patient is denied the right to adequate health care and the opportu-
nity to make an application claiming pension and disability protection, employment rights, health insurance,
maternity and child care. Adequate protection of health records after the death of the contractor or termination of
private practice is also important for the protection of health information. So in the future, health care legislation
should regulate this area and ensure the rights to individuals.
12. Discussion
Health data is still not handled safely to ensure patient rights. The only well-regulated area of keeping health
documentation are records that are required by the person paying for services.
Health records are subject to inspection without patient’s knowledge. On the other hand, operators devote less
time recording changes in the health status. If the doctor is acquainted with the health situation of the patient
every day, the doctor should be obliged to record the observations. The Slovenian law stipulates only that the
doctor is obliged to keep documents on health status and other records on the basis of Article 50 of Medical
Practitioners Act [19]. There is no defined period within which the documentation upon completion of treatment
should be returned to the archives. An unwritten rule in nursing is to record the health status at the end of each
shift. Nurses also write a conclusion if a patient is transferred to another department or released from hospital.
Such precise records by nurses are often the best source of information on the state of health and health treat-
ment.
Violation of privacy will stop the moment the operators are obliged to comply with essential use of computer
records, thus enabling tracking of health data. For safer management of health documentation, the so-called in-
ternal traceability is required upon written request to obtain documentation from each of the current or perma-
nent archive. The request must contain the reason to constitute a basis to inform the patient that his health re-
cords have been made available to someone. The availability of the database to a large number of employees
poses a major risk and increases the possibility of abuse, which is why this requires changes. The availability of
health records for beneficiaries in the reading room and library material would prevent abuse significantly. Elec-
tronic recording of requests and issuing documentation in its original form, or photocopies to court experts, re-
searchers or other beneficiaries also allows to record the return of such documents or photocopies and the op-
erator then destroys them [20]. The information system generates a list of people who were granted access to
health information. Currently, operators do not enable this right entirely due to the absence of records, which
renders data incomplete. The patient’s privacy is poorly protected from uncontrolled access to the database. En-
tering the archive space must be recorded in a reliable manner. When dealing with health information, the rule is:
“Abundans cautela non nocet” (lat.)4 or “Abundant caution does no harm.” Foreign legislation suggest that the
Slovene legislation also needs a well-regulated implementing regulation [21].
Taking health records out of the premises of health care services is not explicitly prohibited in the Slovene
legislation, nor is it defined as a delict, which is one of the greatest threats to privacy. Protecting health records,
frequency and method of handling them constitutes a regulatory gap; legally, a safe place to use the records is
3
See E. Adlard and LJ Thomas, 2012, 1000 medical records of the most intimate and most private information about abortion in the years
2001 and 2002, representing six pages of names wife, birth details, phone numbers, names of family members for emergency calls, data
birth, duration of pregnancy and the number of previous abortions were discarded in a container for recycling in the parking lot at the
elementary school BROOKRIDGE in Overland park. The documents are discarded from the clinic affordable surgical services in Cansas
City, which has ceased its operations. The public prosecutor on the basis of the application najditeljice triggered a process in which they are
looking for medical records and determined its preservation. The doctor, who was head of the hospital, he lost license
4
Latin saying in English:Caution does no harm.
622
� M. Marinič
not defined. For legal and professional security, the legibility of records and the signature of the author are ex-
tremely important. Health records in domestic practice do not ensure authenticity, so the future legislation
should exclude false records due to poor legibility by imposing mandatory direct electronic entry of data. A part
of health records is necessary to determine the right therapy. It involves the temperature sheet, which must al-
ways be available to the nursing staff. Other paper documentation or illness description should always be stored
in one room as reading materials.
13. Conclusion
Implementations of patients’ rights, such as privacy, accessibility, data changes and the fact, what people are
looking at the data, are new. This area of law is so poorly defined, which causes problems to operators of health
records. The absence of legal rules in this area creates conditions for the violation of the rights of individuals.
Increasingly frequent abuses of health records indicate how unregulated this part of health treatment is. The pri-
vacy of everyone should be protected, but this is undoubtedly an extremely important area which in all social
systems represents a political matter: the deepest invasion of privacy is possible through health data.
References
[1] Olivia, B. (2012) What Can the History of Medical Records Teach Us about Meaningful Use?
[Link]
[2] David, C.E. (2010) Medical Privacy at Risk in Georgia.
[Link]
[3] Case European Court of Human Rights, No. 11379/03. Dimitrov-Kazakov v. Bulgaria.
[Link]
[4] Law on the Protection of Personal Data (ZVOP-1) Official Gazette of the Republic of Slovenia, No. 86/200495.
[5] Commission Decision. The Commission of the European Communities, (2009/876/EC), 30 November 2009. Official
Journal of the European Union, 2.12.2009, L 315/30.
[6] (CIMA) Confidentiality of Medical Information Act. CALIFORNIA CIVIL CODE SECTIONS 56-56.07.
[Link]
[7] Case Higher Court of Slovenia, I Cp 2835/2009.
[Link]
[8] Patients Rights Act (ZPacP): Official Gazette of the Repiblike Slovenia, No. 15/2008.
[9] Regulation (EC) No. 45/2001.
[Link]
[10] Case European Court of Human Rights, No. 27798/95, Amann v. Swicherland.
[Link]
[11] Vesna, P.P. (2014) Medical Data in the Work of the Court and Privacy pacietov in Practice. In: Milena, M., Ed., Uni-
versity Psychiatric Clinic, Ljubljana, 70-77.
[12] Case European Court of Human Rights No 50390/99. McGlinchey and Others v. the United Kingdom.
[Link]
1.5.2015
[13] Case Supreme court of Alabama, No.1100205. Ex parte Judgment Northwest Alabama Mental Health Center v. Skip
Newman. [Link]
[14] Code of Ethics of Psychologists Slovenia (2002)
[Link]
[15] Case Administrative Court of Slovenia. III U 69/2011.
[Link]
[16] The Law on Medical Services Official Consolidated Text. (ZZdrS-UPB3) .72. Official Gazette of the Republic of Slo-
venia št. 72/20006 z dne 11.7.2006.
[17] Krušič, M.Z. (2010) The Right to Privacy in Medicini. GV Publisher, Ljubljana, 152.
[18] Adlard, E. and Judit, T.L. (2012) Abortion Files Tossed into Recycling Bin. Kansas City Star.
[Link]
[19] Health Insurance Portability and Accountability Act (HIPAA)
623
�M. Marinič
[Link]
[20] Medical Practitioners Act (ZZdrS) Official Gazette of the Republic of Slovenia, No. 72/06.
[21] Marinič, M. (2014) Reclaiming Health Data Forensic Experts, Researchers and Other Healthcare Providers Treatment.
In: Marinič, M., Ed., Privacy Pacietov in Practice, University Psychiatric Clinic, Ljubljana.
624
