- Full records are essential to facilitate the clinical management of the patient and continuity of care.
- You must keep full records to protect yourself in case of complaints.
- You must keep full, accurate and clear patient records, made at the time of the examination, which provide a history of patient care, including referrals.
- If you keep electronic records, you or your practice should have an IT business continuity plan, good security, regular data backups, adequate training and satisfactory disposal of old systems or equipment.
- Patient records belong to the practice where they were made.
- If you work with non-optometrists you must ensure patient records are correctly dealt with when your association ends.
- You must ensure that confidentiality is maintained during the collection, storage, use and disposal of records.
- You must comply with Data Protection Act 1998 and from May 2018 the EU General Data Protection Regulation (GDPR) and associated new UK legislation.
- Patients have a right to access their records.
- You must keep patient records to:
- retain clinical information, including the patient’s history
- facilitate the clinical management of the patient and continuity of care
- enable another practitioner to take over the care of the patient, and
- protect yourself in case of complaints or for reference in a legal situation.
- Patient records can provide a reliable statistical basis for research. See section on Research and audit.
- You must keep full and accurate records, made at the time of the examination or as soon as possible afterwards.7 This would normally include:
- telephone or email contact with the patient by optometrists and other staff
- patient visits to the practice
- details of your examination
- when a patient has declined a test. If the patient refuses or withdraws their consent you should record the reason the patient has given for refusing consent, and the advice you have given,8 and
- management of the patient.
- You may use abbreviations. However, you should use only common abbreviations. There is a list at Annex 2, but this is not definitive.
- Your records must include:9
- the date of the consultation
- the patient’s personal details. This should normally include the patient's:
- full name
- date of birth
- address, and
- other contact details
- the reason for visit and any presenting condition. This should normally include the patient’s:
- symptoms, description and duration
- if relevant, history of ocular and general health
- current general health
- family history of ocular and general health
- visual needs in terms of occupation, recreation or general activities
- whether the patient drives, with or without prescription, and
- previous optical prescription and date of last eye examination or sight test- approximate, if exact date is not known
- clinical examination. For a routine eye examination this should normally include the patient’s:
- unaided vision and/or vision with habitual prescription R and L
- ocular muscle balance and method, at least cover test, for distance and near with habitual prescription, and/or without, if appropriate
- external examination using a slit lamp
- internal examination, with or without dilation; if dilation is used, which drug and concentration, batch number and expiry date:
- media status + diagram of opacities if appropriate
- C/D ratio R and L and any unusual features
- A/V ratio R and L and any unusual vessel features, for example nipping, irregular calibre
- macular status R and L, and
- diagram of any fundal lesions
- you may also need to include the following items, as appropriate:
- near point of convergence
- ocular motility assessment
- pupil reactions
- objective refraction results (autorefractor and/or retinoscopy)
- fundal or other imaging
- IOP readings and method and time of readings
- visual field examination, type of field screener used, which programme, what brightness, if not automatic, and what correction worn by the patient. A printout of any abnormal results
- results of any repeated tests to eliminate spurious results
- refraction, if conducted:
- subjective refraction, if cycloplegic used, what drug and concentration, batch number and expiry date
- distance VAs R and L
- reading addition with reading VA binocularly or individually if appropriate
- ocular muscle balance and method, at least cover test, for distance and near with new prescription if appropriate, for example significant change
- fixation disparity if appropriate, for example, if the patient has symptoms or shows a deviation on cover test
- prescription given for each task, for example, driving, visual display unit (VDU) and any associated reasons, for example, to reduce headaches, to try and improve ocular muscle balance, and
- accommodation, if appropriate
- contact lens examination, if appropriate. This would normally include the current lens specification, prescription and care regime
- details of discussions with the patient, including options and oral and written advice given, for example, to drive with spectacles
- any change in patient management
- details of any referral. You should also keep a copy of the referral letter with the patient record
- details of any notification sent to the GP and copy of the letter
- details of any written information given to the patient, such as patient information leaflets, and
- recall date and reason if early recall suggested
- details of all those involved in the optical consultation, including name and signature, or other identification of author.10
- You should use your professional judgement to decide how and when to record consent. This would be based on proportionality, risk, the patient’s needs and circumstances and the type of treatment or care.11 See section on Consent.
7 General Optical Council (2016) Standards of practice for optometrists and dispensing opticians [Accessed 26 Oct 2017]
8 General Optical Council (2017) Supplementary guidance on consent, para 40 [Accessed 27 Jul 2018]
9 General Optical Council (2016) Standards of practice for optometrists and dispensing opticians. Para 8 [Accessed 26 Oct 2017]
10 General Optical Council (2016) Standards of practice for optometrists and dispensing opticians. Para 8.2.7 [Accessed 26 Oct 2017]
11 General Optical Council (2017) Supplementary guidance on consent, paragraph 44 [Accessed 27 Jul 2018]
- Some of the guidance in this section relates to the responsibilities of the person in charge of an organisation or practice as well as to your responsibilities as a practitioner within the practice.
- If you are setting up a paperless electronic record system, you or your organisation should:
- prepare an IT business continuity plan first, including provision for regular backups of data which are stored securely and preferably off-site
- ensure all members of the team, including locums, can use and access the IT system effectively
- ensure that you check the accuracy of any patient records entered on your behalf by an assistant. You remain responsible for the contents of the record
- ensure confidentiality is maintained through:
- access control measures
- physical security and privacy of systems, and
- secure communication between systems
- ensure every patient record has an audit trail to identify:
- time/date of each entry
- author of each entry, and
- additions, changes or deletions
- set up or use a properly constructed format which:
- does not constrain data entry
- allows free text and clinical codes
- enables all patient contact and significant health events, such as referrals, to be recorded
- allows attachments, such as a fundus photograph or referral letter, to be part of the record, and
- signposts any additional records about the patient which are separate from the main record; however, you should not keep informal patient records
- ensure you have sufficient security protection.
- If you or your practice changes the IT system, audit trails may be lost; therefore, you should:
- create and maintain a verified backup of the clinical data from the old system, and
- maintain a means to read this backup.
- If systems or hardware are replaced, you or your organisation must ensure that any patient identifiable data are backed up and data on the old computer are destroyed. Deleting information may be insufficient as data can remain accessible on storage media. Hardware, including hard disc drives, should be physically destroyed.
- All parties involved must ensure the originating practitioner has access to the records in the event of a query, complaint or claim.
- If the practice closes, the practice owner should:
- arrange to transfer the patient records to another registered practitioner or practice
- inform patients this has been done, and
- offer the records to the primary care organisation (PCO) or a person nominated by the PCO, where transfer to another practitioner or practice is not possible.
- Patients may choose another practice and may give consent for their new practitioner to request relevant clinical information from their records to enable the continuation of their optometric care. You should agree to such requests once you have the patient’s consent.
- If you work for, or in association with, non-optometrists you should ensure that your contract states that:
- the contractor will keep the records secure and confidential
- if the practice changes hands, and optometric care will continue to be provided in that practice, that the records will remain in the practice with responsibility for this being passed to the incoming optometrist, and
- if the practice closes, or no optometric care will be provided when your association ends, you have the right to take the optometric records with you. This is to ensure the records stay secure and are processed lawfully. If this happens the contractor should inform the patients.
- You must respect and protect confidential information when you:12
- collect data
- store it
- use it, including for referrals and research purposes, or
- dispose of it.
12 Health and Social Care Information Centre (2013) A guide to confidentiality in health and social care [Accessed 26 Oct 2017]
- As a practitioner your organisation may be the record holder, but you have responsibilities under the Data Protection Act and, from 25 May 2018, the EU General Data Protection Regulations (GDPR) and updated Data Protection Act 2018 (DPA 2018).13 The Optical Confederation has issued guidance on the GDPR and DPA 2018 (see useful information and links). You should be familiar with the Act and GDPR. For optometrists, key points mean:
- keeping accurate patient data
- using the data for specific purposes
- amending inaccurate data and responding to objections from patients if the use of the data causes harm or distress
- keeping the data no longer than necessary. Suggested lengths of time for retaining records:
Type of record
Recommended period of retention
adult patients Adult patients – 10 years after they were last seen, even if the patient has subsequently died. children and young people
10 years after they were last seen or until the patient’s 25th birthday if later.
If the child or young person has died, keep the records for 10 years after they were last seen.
- keeping the data confidential and secure. See section on Confidentiality.
- enabling patients, or an applicant acting on behalf of a patient, to access their data for the length of time that you keep the records.14 You must be sure that the applicant has a right to see the data, either because they have written authority from the patient or because they have Power of Attorney. Access to the record must be given within the time limit set out in the Act and the GDPR requires that if a patient asks for a copy of their record, this must be provided free of charge in most instances
- assisting the patient to understand their record by explaining its content and abbreviations
- satisfying yourself that there is no further need of the record before destroying it
- disposing of any records securely, and
- noting that, if you, or your organisation, acquire a patient record, the obligations under the Data Protection Act and GDPR transfer to you as the new owner.
- Most organisations that process personal information are required by law to register with the Information Commissioner. Some organisations are exempt from this.15
13 Data Protection Act 2018
14 Information Commissioner’s Office (2013) Guide to Data Protection. Principle 6: Subject access request [Accessed 27 Jul 2018]
15 Information Commissioner’s Office. Register (notify) under the Data Protection Act [Accessed 26 Oct 2017]
- Personal information that is held in a database should not normally be sold if patients have not been told originally that their information could be passed on to other organisations. However, if the business becomes insolvent, bankrupt or is being closed down or sold, the Data Protection Act will not prevent the sale of a database containing the details of individual patients, providing the transfer is made on terms which are of a kind approved by the Information Commissioner. This must ensure that there are adequate safeguards for the rights and freedoms of the data subjects.16, 17 However, where possible, you should contact the patients.
16 The Insolvency Service (2014) Insolvency Service technical manual. Para 59.67 [Accessed 26 Oct 2017]
17 Data Protection Act 1998 sch 4(8)
Information Commissioner’s Office (2011) Data sharing code of practice [Accessed 26 Oct 2017]
Information Commissioner’s Office. Overview of the General Data Protection Regulation (GDPR) [Accessed 26 Oct 2017]