Responding to Requests for Dental Records and the Consequences of Refusing

This case study involving a dentist who refused to provide a complete copy of a patient’s dental records demonstrates the value of knowing the rules concerning dental records and complying with state and federal laws. The discussion includes strategies to help dental professionals avoid complaints, investigations, and sanctions.

The patient, a 34-year-old female, discussed a complex treatment plan with her dentist but did not agree with the dentist’s recommendations. She subsequently decided to consult with another dental provider for a second opinion. The patient requested a complete copy of her dental records from her original dentist to help expedite the consultation, but her dentist refused, stating that the patient had not paid the full amount of her dental fees and had an outstanding balance remaining on her account.

The patient filed a complaint with the state’s dental board. After receiving a letter of investigation, the dentist provided the patient with a copy of her dental records, but he did not include copies of her x-rays. The investigator suggested that the dentist consult an attorney. The attorney confirmed the requirement to provide copies of the patient’s complete dental record—including copies of the x-rays. The dentist complied.

Risk Management Discussion

Many states have statutes or administrative code provisions governing the content of dental records.of those requirements include patient history; x-rays; dental examinations; test results; drugs prescribed, dispensed, or administered; relevant comorbidities; consultation reports; and any other documentation that the dentist relies on to treat the patient.

It is not appropriate for any healthcare provider to withhold requested records or portions of a record because a patient has an outstanding balance for services rendered, disputes the treatment provided, or disagrees with fees that have been charged. With very few exceptions, patients are entitled to a complete record set maintained by the practice pursuant to federal and state law. It is important to know the rules concerning dental records in the jurisdiction in which you practice, including the requirements for their minimum content, retention, storage, and release.

Additionally, dental offices that submit electronic claims, eligibility requests, claim status inquiries, and requests for authorization are also governed by HIPAA privacy, security, and breach notification rules.

The following strategies can help dental professionals avoid patient complaints, governmental investigations, administrative sanctions, and adverse social media postings when responding to record requests:

  • Contact your patient safety risk manager promptly if you receive one of the following types of record requests: a subpoena, a signed authorization presented by a third party, or a court order. The Doctors Company will review the request to ensure it is valid and assist in identifying the nature and scope of the requested records.
  • If you receive an oral request for dental records, either in person or by telephone (including from a law enforcement representative), respectfully and politely tell the individual that all requests for records must be submitted in writing (on official letterhead, if appropriate). Tell the individual that, once you receive the written request, it will be reviewed as soon as possible.
  • Do not unilaterally refuse to provide records to a properly authorized individual who presents an appropriate written request. Seek advice from your professional liability carrier, risk manager, or corporate counsel. Withholding records can antagonize the patient and irreparably injure the patient-provider relationship. It may also result in a complaint to your state dental licensing board, state department of consumer affairs, or even the federal Office of Civil Rights.
  • Respond promptly to requests for records. You are not expected to provide the material on short notice, but you are required to respond in a timely manner, as defined under applicable state law and in the HIPAA Privacy Rules.

For more strategies on patient record issues, read “The Defensible Medical Record.” For guidance and assistance in addressing any patient safety or risk management concerns, contact the Department of Patient Safety and Risk Management at (800) 421-2368 or by email.


The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J13121D 11/21