Defensible Medical and Dental Records

Richard F. Cahill, JD, Vice President and Associate General Counsel, The Doctors Company

Patient records play a pivotal role in the delivery of healthcare and serve a critical function in routine clinical operations. Essential details of the record include a patient’s medical and social history, comorbidities, drug allergies, presenting complaints, signs and symptoms derived from a careful physical examination, differential diagnoses, and treatment plan. Accurate documentation in the medical or dental record optimizes patient well-being and helps promote continuity of care and patient satisfaction.

Federal and state regulations—notably HIPAA and the Affordable Care Act—address virtually every facet of health record content, security, storage, access, and disposal. Advancements in technology, including electronic health records (EHRs), have expanded the concept of the health record and its requirements. Clinicians are well advised to keep current on the rules governing health records—potentially a challenge because the rules change frequently and vary by state.


The variations in state requirements are especially evident in the rules about retaining records for healthcare treatment and billing. Some states have enacted specific statutes that establish applicable retention requirements. Other states rely on administrative code provisions or on opinions generated by medical or dental boards or professional societies. Unfortunately, many jurisdictions offer no official guidance on record retention.

CMS and other governmental entities also have policies on storing and retaining records. Federal legislation, such as the HITECH Act, has added another dimension to retention requirements.

For record retention recommendations, see our article “Medical and Dental Record Retention.”

Administrative Actions

Beyond patient care, health records serve other vital functions. For example, billing audits—especially by CMS—require clear documentation demonstrating medical necessity, the nature and scope of the services rendered, and sufficient justification for the billing code utilized.

Accurate progress notes will facilitate prompt payment and can help avoid unnecessary disputes over the level of care rendered and the amount of reimbursement owed to the provider.

Health records also establish the quality of care rendered in the event of a professional licensing board complaint, peer review inquiry, or civil rights investigation.

Patient grievances may be filed based on an individual’s faulty recollection of events, a failure to understand the course of treatment, or dissatisfaction that an adverse outcome occurred. When a patient record is well documented, many allegations can often be readily resolved—frequently before a formal administrative process is even initiated. Should the action move forward, clinicians who have appropriate documentation are better able to support their decisions and treatment plans with greater confidence of achieving a favorable outcome.

Professional Liability Actions

The patient record—including specialty referrals, progress notes, and laboratory results—is usually the key evidence in a professional liability action. Judges and juries generally regard patient records as the most trustworthy and probative piece of evidence because it is an independent document created during the normal course of business that establishes facts during a time when no pending conflict or other motivation was present to shade or embellish the circumstances at issue.

When introduced as independent documentary evidence, a well-documented record is a powerful defense to offset patient allegations that a clinician was negligent in making decisions and providing treatment.

In cases involving malpractice allegations in which the record is silent or incomplete, plaintiff’s counsel will always remind practitioners of the adage, “If it is not recorded, it wasn’t done.” Careful documentation is especially important during conversations with patients about informed consent and informed refusal. For more on these topics, see our articles “Informed Consent: Substance and Signature” and “Informed Refusal.”

As a defendant under oath, a clinician may be subjected to skillful cross-examination by opposing counsel and asked to recall and testify about intricate details of an individual’s care. Usually, the details relate to incidents that occurred many years earlier. Suddenly, a few seemingly unimportant details can become the focal point of allegations and, ultimately, the focus of jury deliberations.

The argument will be made that if the patient’s record had contained additional important items of history or findings, the unfortunate outcome could have been averted. A detailed patient record is invaluable for refreshing a clinician’s recollection about interactions with the patient and earlier thought processes.

For further guidance on documentation, see our article “The Faintest Ink: Documentation to Defend Quality Patient Care.”


Upon receiving notice that a malpractice suit is about to commence or has already been filed, clinicians must ensure the safety and integrity of the patient’s record. Any changes made to the record after learning of a lawsuit raise questions about the provider’s truthfulness, motives, and the quality of the care. Many clinicians and defense counsel have been embarrassed during discovery proceedings or at trial to learn that an earlier copy of the record differs materially from the record provided after litigation commenced.

Forensic document experts are frequently called to testify that a paper record has been augmented or altered. In situations in which a practitioner has an EHR, counsel will retain information technology experts to conduct a metadata audit. The audit provides a complete analysis of every keystroke (including additions, deletions, and changes) and when the entries were made, by whom, and how long a document was open for review and revision. If experts discover that the record has been altered, it can also expose the clinician to punitive damages and result in a licensing board investigation.


An important safeguard in the office is a procedure that requires the personal approval of the patient’s treating provider or the office manager before information from the patient’s record can be copied or released. Protected health information (PHI) requires a written request for release and, except for specific exemptions, must be accompanied by a valid HIPAA-compliant authorization signed by the patient or a court order. Federal and state privacy regulations must be strictly followed regarding keeping and releasing PHI.

This process should also include documenting when and where the copied record was sent. In the event of litigation, it is helpful for your legal representative to be able to reconstruct the dates of when the record was previously copied and by whom.

Most communications with your insurance carrier or attorney are legally privileged and, as such, are not subject to discovery by the opposing party. These communications should be kept separate from the patient’s health record, thereby eliminating the possibility that they will be inadvertently copied or provided to opposing counsel without a court order specifically compelling their production.

For further assistance, contact the Department of Patient Safety and Risk Management at (800) 421-2368 or by email.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J13513 07/22