Home > GENERAL > Medical Record > Confidentiality Of Medical Records Information : Who’s Responsibility?

Confidentiality Of Medical Records Information : Who’s Responsibility?


In any hospital or Healthcare facility, the episode of treatment and care must be documented and has become an integral element in Healthcare Service Delivery which emphasizes on continuous and more effective care.

The documented information becomes an important reference for Medical Practitioners whereby information which is accurate and comprehensive contributes towards efficient and quality Service. The documented clinical information becomes a Medical Record. To summarize, Patient Medical Records are compiled information on patient’s health and treatment and it is created for every patient in an episode of care.

Generally there are two types of records, namely inpatient and outpatient. Medical records are managed by the Medical Records Department which plays the role of custodian, controller of records movement and committed to protect patient’s information.

These information whether in the form of manual or electronic plays an important role in treatment and healthcare services delivery. Due to the fact that medical records contents private and personal information it is therefore categorized as classified official document and it has to be given a desirable level of protection. Medical Records are therefore classified as “CONFIDENTIAL” and its management has to comply with procedures for the management of classified documents as per Security Order (Arahan Keselamatan).

The life cycle of patient’s medical record begins with its creation, maintenance and use and ends with disposition. The retention period for medical records are different for Obstetric and Paediatrics records whereby they are required to be kept for at least twenty one (21) years as compared to other medical records which has a retention period of only seven (7) years.

Definition Of Confidentiality

Confidentiality is defined as something which is restricted from unauthorised disclosure and is normally known only to a few. Confidentiality is often related to ethical issue and has become an important element of legal principle.

In order to prevent non compliance to existing policy, every individual who are involved in the management of classified information must take necessary steps to maintain confidentiality. Generally safety and confidentiality of information must be safeguarded from unauthorised parties, act of misused and unauthorised alterations.

Definition Of Information

Information are data arranged in logically in specified structures which brings meaning that can be easily understood. Information in the medical records context are opinions, facts and knowledge which are enacted to give meaning to users, to establish documented evidence especially required in medico-legal cases or as a necessity to just document the episode of care and treatment of patients.

Patient medical record contents the history and level of health of individuals as well as the record of treatment administered by General Practitioners. These information are very important from the clinical, administrative or legal point of views.

The features of good information are as follows :-

Relevant; or related, from reliable source, can be understood accurately and timely, complete and retrievable within a reasonable time frame. Information can be divided into three categories namely primary, secondary and third stage. Primary information are information which is obtained directly from its source.

Secondary information are information which has been modified, edited and interpreted. Third stage information are also known as reference information.

Similarly information related to patient’s treatment can also be classified into three categories. Information in patient’s medical records are primary information, information that are released to requestees in the form of medical reports are secondary information because the written information has been edited and interpreted accordingly based on the primary information in patient’s medical records, finally third stage information are special reports, journals or publications produced solely for references.

The Use Of Information

Information is often used as instrument of power in an Organisastion especially written information which no doubt carries the weight as evidence.

The information in patient medical record belongs to the patient while the record itself remains the property of the hospital. However there are some information in the record which cannot be disclosed to the patient eventhough the patient has rights over the information inside his or her own medical record.

Information in patient’s medical records are not to be disclosed to a third party without the consent of the patient concerned or his or her legitimate next of kin.

Normally the information is released in the form of a medical report after prior consent is obtained from the patient or his / her legitimate next of kin. The Hospital or healthcare facility has the authority to decide whether to release information to a third party by scrutinising on the implication, need and appropriateness of the request.

In short, safety of patient’s information involves the Head Of Department, Medical Records Department and the users and the flow of classified information are controlled as per existing policies.


Physically, medical records are properties of the Hospital eventhough the contents belong to patients, in order to ensure safety and confidentiality are maintained, the Medical Records Department is established to manage these records which involve the task of receiving, registering, filing, controlling, issuance, movement and disposition. The Medical Records Department is a restricted area because it is where classified documents or records are stored for safekeeping. This area is therefore limited only to authorised parties.

Personnel who are handling or managing medical records are responsible to ensure patient information is always maintained confidential and safe. It is ethically wrong if patient information is being shared even in closed forum without prior consent from the patient and if it is really mandatory every effort must be made to ensure patient’s identity is not disclosed.

In accordance with the Security Order (Arahan Keselamatan), custodians and users of patient medical records only those who have made a declaration under the Official Secrets Act 1972 (Act 88) are authorized to manage and access these medical records.

In the era of a world without boundaries information has become accessible at our finger tips. With the advancement of information technology today it has made access to information very easy for all levels of our society resulting in an even more taxing task to control and protect confidentiality of information. In our effort to ensure and enhance the safety and confidentiality of classified documents in the hospital or healthcare facility, custodians and users of this information should be extra cautious to protect and prevent abuse of information by irresponsible parties.

All parties concerned who are involved with the management or usage of information are accountable for its confidentiality and should comply with existing policies, regulations and laws. Borrowers of these classified documents are also accountable for its safety and confidentiality during the period these documents are in their possession. Administratively however, the safety of patient medical records is the responsibility of the Hospital Director.

Hospitals and healthcare facilities have policies and procedures in place to manage classified records and the rights of patients are very much respected.


  1. Pekeliling Ketua Pengarah Kesihatan Bil 17/2010
  2. Wikipedia


Last Reviewed : 22 March 2016
Writer : Pn. Beatrice Bong
Translator : Pn. Beatrice Bong
Accreditor : Pn. Dayang Rozanna Binti Abg Naim