All templates
RACGP 5th Edition · Criterion C6.2

Health Records Management Policy Template for Australian General Practices

Health records management policy covering record creation, access, storage, retention periods, disposal, transfer, and electronic health record standards.

Privacy Act 1988My Health Records Act 2012

This template is available on a paid plan

Subscribe to ClinicComply to download the Health Records Management Policy template and access all 15 RACGP-aligned policy templates.

View plans

What's in this template?

This health records management policy covers the full lifecycle of patient health records. It maps to RACGP Criterion C6.2 — Patient health record systems and covers 18 sections:

  1. Purpose — standards for creating, maintaining, accessing, storing, retaining, transferring, and disposing of records
  2. Scope — all patient records (electronic and paper), all staff who access records
  3. Practice Management System — PMS details (name, version, vendor)
  4. Record Creation and Documentation Standards — contemporaneous recording, minimum documentation requirements, abbreviation standards, corrections and addendums
  5. Patient Identification — unique records, identity verification, duplicate record merging, Medicare/IHI recording
  6. Record Access and Security — role-based PMS access, audit logs, paper record storage
  7. Results Management — electronic and paper result workflows, ordering practitioner responsibility, abnormal result flagging, safety-net audit system
  8. Correspondence and Communication — incoming/outgoing correspondence, secure clinical messaging, patient communication documentation
  9. Patient Access to Records — APP 12 rights, 30-day processing, fee structure, refusal grounds, APP 13 corrections
  10. Record Transfer — to another practice (copy provided, original retained, secure transmission), from another practice (review and incorporation)
  11. Retention Periods — adults (7 years), children (until 25), mental health (check state requirements), records under legal proceedings
  12. Record Disposal — secure electronic deletion, cross-cut shredding, certified destruction, destruction register
  13. Backup and Disaster Recovery — daily backup, offsite storage, quarterly testing, paper fallback
  14. My Health Record — participation, upload procedures, staff training
  15. Audit and Quality Improvement — annual documentation audit, results safety-net audit, duplicate record audit
  16. Training — PMS induction training, annual documentation standards refresher
  17. Related Policies — Privacy, IT Security, Clinical Handover, Informed Consent, Training
  18. Review History

Editable placeholder fields

  • {{practice_name}}, {{abn}}, {{practice_address}}, {{phone}}, {{email}}
  • {{pms_name}}, {{pms_version}}, {{pms_vendor}} — your practice management system details
  • {{results_review_days}} — safety-net days for unreviewed results
  • {{secure_messaging_platform}} — e.g. HealthLink, Medical Objects
  • {{results_audit_frequency}}, {{practice_principal_name}}, {{review_date}}, {{next_review_date}}

How to customise this template

  1. Download and fill in all {{placeholder}} fields — start with your PMS details
  2. Set your results safety-net timeframe — e.g. 7 business days for results to be reviewed before escalation
  3. Confirm retention periods for your state/territory — the template provides general guidance, but check your jurisdiction
  4. Review your PMS access levels — ensure role-based access is configured correctly
  5. Set up your results audit — decide on frequency and who coordinates it
  6. Brief all staff on documentation standards, particularly the requirement for contemporaneous, legible records

Frequently asked questions

How long must we keep patient records?

Generally: 7 years from the last entry for adult patients, and until the patient turns 25 for children. Check your state/territory legislation as some jurisdictions have longer requirements. Records involved in complaints or legal proceedings must be kept until the matter is resolved.

Can we go fully paperless?

Yes. Most practices now operate primarily with electronic records. The key is ensuring your PMS meets documentation standards, has appropriate backup and security, and maintains an audit trail. Keep paper-based fallback procedures available for system outages.

What about My Health Record uploads?

Section 14 covers My Health Record participation. Staff should be trained in upload procedures and understand which documents are uploaded (Shared Health Summaries, Event Summaries). Patient consent and access control preferences must be respected.

Can I use this for AGPAL or QPA accreditation?

Yes. Both accrediting bodies assess against RACGP Criterion C6.2. Surveyors will check documentation quality, access controls, results management processes, and retention/disposal procedures.

Related templates

C6.3

Privacy Policy

A comprehensive privacy policy covering the 13 Australian Privacy Principles (APPs), patient data collection, use, disclosure, and storage. Includes state-specific Health Records Act references.

View template
GP4.1

Infection Prevention & Control Policy

Practice-specific infection prevention and control policy covering hand hygiene, PPE, environmental cleaning, sterilisation, outbreak management, and staff immunisation requirements.

View template
C6.4

Computer & Information Security Policy

Information security policy covering access control, password management, backup procedures, malware protection, mobile device security, and incident response. Based on the RACGP CISS framework.

View template
Ready to get started?

Your next accreditation visit starts today.

Join Australian GP clinics and medical practices that have replaced spreadsheets and email threads with a single healthcare compliance platform. Your free trial starts the moment you sign up.

Start your 30-day free trialView all features
No credit card required
Australian data residency
Cancel anytime