GP practices must hold on to their audit trails and the patient records associated with them indefinitely, according to fresh advice from the BMA, Royal College of GPs and the Department of Health.

Guidance in the latest version of the Good Practice Guidelines for GP electronic patient records says legal advice from the DH says that although there is technically a time limit for litigation resulting from clinical negligence there are a number of circumstances in which it cannot be relied upon.

The guidance adds: “It is therefore necessary that both the audit trail and the associated patient record be retained indefinitely by a practice, as they are the sole source of forensic evidence.”

The guidance says an agreement between the BMA and the Information Commissioner in 2004 meant that records and audit trails should be retained indefinitely, pending the development of functionality to support GP record transfers.

However, the new guidance says that it has become clear that the functionality to transfer and integrate audit trails will not be available for the foreseeable future. This means practices must retain both the record and the trail.

The guidance also says that although the Information Commissioner has made it clear that GPs must comply with the Data Protection Act and not retain records for longer than necessary, the DH, RCGP and BMA have set out a number of purposes for which it is necessary to retain and access patient records when a patient is no longer registered with a practice.

This includes indefinite access for subsequent clinical care and medico legal purposes, three months for practice management purposes, eight years for probity and five years for clinical governance purposes.

The guidance says access controls should prevent access to the patient record once a patient has left the practice unless there is an appropriate or necessary purpose and there should be robust governance processes to ensure that is managed effectively.