Membership information 1 800 81 5837
Medicolegal advice 1 800 81 5837

Medical records

1 May 2014


Good medical records – whether electronic or handwritten – are essential for the continuity of care of your patients. Adequate medical records enable you or somebody else to reconstruct the essential parts of each patient contact without reference to memory. They should therefore be comprehensive enough to allow a colleague to carry on where you left off.

Why good records are important

The main reason for maintaining medical records is to ensure continuity of care for the patient. They may also be required for legal purposes. For health professionals, good medical records are vital for defending a complaint or clinical negligence claim; they provide a window on the clinical judgment being exercised at the time.

What should medical records include?

Good medical records summarise the key details of every patient contact. On the first occasion a patient is seen, records should include:

  • Relevant details of the history, including important negatives
  • Examination findings, including important negatives
  • Differential diagnosis
  • Details of any investigations requested and any treatment provided
  • Follow-up arrangements
  • What you have told/discussed with the patient
  • You should also record discussions surrounding consent and record that you have warned of the potential risks and alternative options.

On subsequent occasions, you should also note the patient’s progress, findings on examination, monitoring and follow-up arrangements, details of telephone consultations, details about chaperones present, and any instance in which the patient has refused to be examined or comply with treatment. It is also important to record your opinion at the time regarding, for example, diagnosis. If a patient is transferred to another healthcare facility, you should provide a full Clinical Summary of the patient’s management, to allow treatment to continue without undue delay.

Medical records must be:

  • Objective recordings of what you have been told or discovered through investigation or examination
  • Clear and legible
  • Made contemporaneously, signed and dated
  • Kept securely.

What makes up a medical record?

The Malaysian Medical Council (MMC) lists the following items which may make up the contents of a patient’s medical record:

  • Doctor’s clinical notes
  • Recording of discussion with patient/next of kin regarding disease/management/possible use of tape recording for such discussions
  • Referral notes to other specialists for consultation/co-management 
  • Laboratory reports
  • Imaging records and reports
  • Clinical photographs
  • Drug prescriptions
  • Nurses’ reports
  • Consent forms
  • Operation notes/anaesthetic notes
  • Video recordings
  • Printouts from monitoring equipment
  • Correspondence with other healthcare professionals
  • Computerised/electronic records
  • Recordings of telephone consultations.

Entries to be avoided

In preparing medical records, you should keep in mind that you are generating a document which, while reflecting your personal findings and management of a patient’s illness, can be demanded by the patient and the courts of law in matters of litigation.

Therefore, they must be complete, objective and comprehensive. The MMC warns that you should “avoid entering irrelevant, disparaging, derogatory and offensive personal remarks about the patient, or other colleagues.”


These should generally be avoided, as unfamiliar or unconventional abbreviations may lead to untoward incidents in the management of patients. When used at all, they should be those abbreviations that are traditionally accepted and recognised. Never use abbreviations for making derogatory comments about a patient.

Additions or alterations

If you need to add something to a medical record or make a correction, make sure you enter the date of the amendment and include your name, so no one can accuse you of trying to pass off the amended entry as contemporaneous. Do not erase an entry that you wish to correct – run a single line through it so it can still be read.

All electronic documents should be protected from being deleted. You should avoid leaving blank spaces in between entries in the continuation sheet, so that retrospective notes cannot be made.

Patients have the right to access their medical records, eg, for a second opinion for treatment elsewhere, or for litigation. Generally, you are expected to co-operate with any such request, unless to do so would be detrimental to the patient or harm their physical or mental health.

Patients have the right to inform healthcare professionals of any factual errors in their personal information, but they should not seek to change any entries made in the course of consultation, diagnosis and management, as these are made by the practitioner based on their clinical judgment.

Who do the records belong to?

  • Regulation 44 (1) of the Private Healthcare Facilities and Services) Regulations 2006 states that “A patient’s medical record is the property of a private healthcare facility or service”, but you should obtain consent from the patient in the first instance, or, only in exceptional circumstances, the next of kin, before any release of information to a third party.
  • Any discussion with the patient about who they can share information with should they lose capacity should be documented and wishes expressing that they do not wish disclosure at any time, even after death, should also be recorded.
  • Personal information, eg, name, address etc, belongs to the patient.
  • Test results, eg, blood tests, imaging and scans belong to the patient and may be released when requested.
  • Information obtained by the doctor from a third party (eg, relative) about the patient is part of the patient’s medical record but is not part of the patient’s information, ie, it cannot be released to the patient without the third party’s consent, or if it is, it must be in a format such that the third party cannot be identified.
  • Unless imaging records have been retained for medicolegal reasons or continuing patient care, they should be returned to the patient.

Electronic records

It is a good idea to set up an information governance policy to ensure that patient information is documented, maintained and disclosed in accordance with the Principles of Confidentiality. Access should be limited to legitimate users and be password protected. Audit logs can support the authenticity of additions to medical records and can check who has accessed the system.

Security and storage

Medical records should be classified “Confidential” and are often labelled “not to be handled by the patient”. They must be stored in secure rooms when not in use and, as a general rule, must not be taken out of the healthcare facility. If they are requested by a court order, a copy should be retained by the healthcare facility and any originals returned at the end of the proceedings.

For electronic records, enhanced security such as encryption is advised when using networks that are more exposed, or where information is stored on drives and is at risk of being lost. Regular back-up of the system can also protect information. You should have contingency plans for disaster recovery and when disposing of records, ensure that no hardware contains any personally identifiable patient information.

Further information

Download a PDF of this factsheet