ADA Guidelines for

Dental Records
Document version: 2021-04-23

Clinical context
Dentists have a professional and a legal obligation to maintain clinically relevant, accurate and contemporaneous dental
records of their patients.
Dental records play an essential role in:
• documenting the consent provided by the patient;
• documenting the assessment, oral health care, and treatment of the patient;
• documenting the advice provided to the patient;
• assisting with complaint resolution, medico-legal, and professional standards reviews; and
• documenting compliance with insurer, other third-party funding agencies, and government subsidised dental
program requirements.
A record of each occasion of contact with a patient is essential for diagnosis, treatment planning, case management, practice
administration, and transfer of care between clinicians.
Adequate contemporaneous records are essential evidence in the case of a dispute or litigation and obviate the need for
assumptions regarding a dentist’s ‘usual practices’.

These guidelines are designed to help dentists manage dental records. They are not prescriptive and not all dental visits need
to record all of the items below. Note, however, that dentists have an obligation to keep dental records in accordance with
the Code of Conduct of the Dental Board of Australia.

Contents
1. Definitions ............................................................................................................................................................. 2
2. What are dental records? ..................................................................................................................................... 3
3. General principles ................................................................................................................................................. 4
4. Managing dental records ...................................................................................................................................... 4
4.2 Corrections and deletions by operator ......................................................................................................... 6
4.3 Use and disclosure of records ....................................................................................................................... 6
4.4 Storage and security of records .................................................................................................................... 7
4.5 Electronic records ......................................................................................................................................... 7
4.6 My Health Record ......................................................................................................................................... 7
4.7 Retention of records ..................................................................................................................................... 7
4.8 Regulatory compliance ................................................................................................................................. 8
4.9 Access to records and requests for corrections by patients ......................................................................... 8
4.10 Privacy Policy ................................................................................................................................................ 9
4.11 Cessation or sale of practice ......................................................................................................................... 9

1
1. Definitions
In these Guidelines:
Health Information is any Personal Information about your health or disability. It includes information or opinion about your
illness, injury or disability. Some examples of health information include:
• notes of your symptoms or diagnosis
• information about a health service you have had or will receive
• specialist reports and test results
• prescriptions and other pharmaceutical purchases
• dental records
• your genetic information
• your wishes about future health services
• your wishes about potential organ donation
• appointment and billing details
• any other Personal Information about you when a health service provider collects it.1

My Health Record is a personally controlled electronic health record created under the My Health Records Act 2012 (Cth),
formerly known as the Personally Controlled Electronic Health Records Act 2012 (Cth).

Personal Information includes a broad range of information, or an opinion, that could identify an individual. What is personal
information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.
For example, personal information may include:
• an individual’s name, signature, address, phone number or date of birth
• Sensitive Information
• credit information
• employee record information
• photographs
• internet protocol (IP) addresses
• voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or
face unique)
• location information from a mobile device (because it can reveal user activity patterns and habits). 2

Privacy Laws means all privacy laws which apply to the relevant dentist, which may include the following:
• Privacy Act 1988 (Cth);
• Health Records (Privacy and Access) Act 1997 (ACT);
• Health Records and Information Privacy Act 2002 (NSW);
• Health Records Act 2001 (Vic);
• Health Care Act 2008 (SA) & PC012 Information Privacy Principles Instruction (SA) (public sector only);
• The Information Act 2003 (NT) (public sector only);
• The Information Privacy Act 2009 (Qld) (public sector only);
• The Personal Information and Protection Act 2004 (Tas) (public sector only); and
• Freedom of Information Act 1992 (WA) (public sector only).

1 Office of the Australian Information Commissioner < https://www.oaic.gov.au/ > accessed 3 October 2020.
2
Ibid.
2
Sensitive Information is personal information that includes information or an opinion about an individual’s:
• racial or ethnic origin
• political opinions or associations
• religious or philosophical beliefs
• trade union membership or associations
• sexual orientation or practices
• criminal record
• health or genetic information
• some aspects of biometric information
Generally, sensitive information has a higher level of privacy protection than other personal information. 3

A Third Party is an outside body that can influence the relationship between the dentist and the patient. These include but
are not limited to:
• funding agencies (e.g. government departments, agencies and statutory authorities, private health insurance and
private health organisations) which have responsibility for the entire fee for service, or part thereof;
• owners of dental clinics who are not dentists, including health insurance funds, corporations and the public sector
(government departments);
• regulatory authorities;
• the dental industry;
• professional indemnity providers; and
• appointment and rating websites.

2. What are dental records?

2.1 Records consist of a variety of material generated and stored in handwritten and electronic format and include but
are not limited to:
• Notes made by clinicians and staff.
• Completed written medical history.
• Consent documents.
• Copies of correspondence about and with the patient.
• Notes of telephone calls with the patient.
• Radiographs, tracings, measurements.
• Digital records including CAD/CAM records.
• Diagnostic images, reports and casts.
• Special test findings.
• Photographs, digital images and videos.
• Records of financial transactions
• Appointment books

3
Ibid.
3
3. General principles
3.1 Dentists should protect an individual’s right to privacy and confidentiality of sensitive personal health information
and comply with all relevant Privacy Laws.
3.2 Clinically relevant, accurate, and contemporaneous dental records are essential to provide dental care and for
forensic purposes.
3.3 Dentists should take reasonable steps to ensure that the information in dental records is accurate, complete and
current.
3.4 Dentists are only permitted to collect personal information which is necessary for their lawful functions and
activities as a dentist.
3.5 Records must be sufficiently comprehensible so that another practitioner, relying on the record, can assume the
patient’s ongoing care.
3.6 Records should be completed for each patient contact and as soon as practicable after a service has been
rendered, or patient contact been made.
3.7 Entries should be made in chronological order.
3.8 Where entries are hand-written, a non-erasable pen should be used.
3.9 Entries must be accurate, concise, legible, and use standard abbreviations.
3.10 All dental services should be coded using the current edition of The Australian Schedule of Dental Services and
Glossary, but a code alone is insufficient record, and details of the service rendered must accompany a code.
3.11 Records must be readily understandable by Third Parties, particularly other health care providers.
3.12 Records must be able to be retrieved promptly when required.
3.13 All comments must be factual and emotional comments and defamatory statements should be avoided.
3.14 A treating dentist must not delegate responsibility for the accuracy of dental records to another person.
3.15 The treating dentist should ensure that only authorised and suitably qualified persons provide clinical information
from the dental record to patients and other persons.

4. Managing dental records

4.1 Content of dental records4
(a) Patient details
Sufficient information to identify and communicate with the patient should be recorded, including:
(i) identifying details of the patient (including full name, sex, date of birth and address, including
email and telephone number); and
(ii) the current medical history of the patient, including any adverse drug reactions.

(b) Substitute decision maker

If the patient is a child or under the care of a legal guardian or substitute decision maker, the dental
record should contain the name, address and contact details of the parent, guardian or substitute
decision maker and the relationship of the substitute decision maker to the patient.

(c) Consents and restrictions on disclosure

4
Drafted taking into consideration “Guidelines on dental records” Dental Board of Australia (1 July 2010) accessed 19 February 2016.
4
 The dental record should include:
(i) a record of consents provided by the Patient. Please refer to the ADA’s Policy Statement 5.15
Consent to Treatment;
(ii) if written consent is provided, the signed consent form;
(iii) if a patient information sheet has been provided to the patient, a copy of the patient information
sheet or reference to the name and version/date of the patient information sheet;
(iv) if written consent is not provided, then:
- a description of the treatment as explained to the patient; and
- the consents provided by the patient, including consent to treatment, privacy consents and
financial consent;
(v) advice given to the patient on:
- treatment options, including doing nothing
- the relevant material risks and benefits of those options
- pre- and post-treatment instructions
- likely outcomes
(vi) relevant questions, comments or concerns expressed by patients over offered treatments;
(vii) any treatment advice that the patient was unwilling to accept;
(viii) any comments or complaints by patients about treatment provided;
(ix) if there are any restrictions on disclosures, including in relation to any directions from the patient
or family law orders;
(x) if the patient has made a direction in relation to care, such as a restriction on the use of particular
materials etc;
(xi) if the patient has displayed any threatening or discriminatory behaviour to staff; and
(xii) if English is not the patient’s first language, and if an interpreter is required to assist in
communicating with the patient.
(d) Clinical details
For each appointment, clear documentation describing:
(i) the date of visit
(ii) the identifying details of the practitioner providing the treatment
(iii) information about the type of examination conducted
(iv) the presenting complaint in the patient’s own words
(v) relevant medical and dental history
(vi) clinical findings and observations
(vii) diagnosis including differential diagnosis where appropriate
(viii) treatment plans and alternatives including details of risks, benefits and patient questions and
concerns
(ix) patient consent
(x) all procedures conducted
(xi) instrument batch (tracking) control identification, where relevant
(xii) any medicine/drug prescribed, administered or supplied or any other therapeutic agent used
(name, quantity, dose, instructions)

5
 (xiii) details of advice provided
(xiv) coding of the service/s rendered according to the current edition of The Australian Schedule of
Dental Services and Glossary
(xv) unusual sequelae of treatment, significant events or adverse events
(xvi) radiographs and other relevant diagnostic data: digital radiographs should be readily transferable
and available in high definition digital form
(xvii) diagnostic information for each radiograph taken
(xviii) other digital information including CAD/CAM records
(xix) instructions to and communications with laboratories.

(e) Other details

(i) all referrals to and from other practitioners and follow-ups
(ii) any relevant communication with or about the patient
(iii) change of circumstances
(iv) details of person(s) responsible for providing consent and any changes to substitute decision
makers
(v) details of anyone contributing to the dental record details of anyone contributing to the dental
record
(vi) estimates of quotations of fees ideally with a copy signed by the patient
(vii) Instances where the patient failed to attend and follow-up action taken.

4.2 Corrections and deletions by operator

(a) Any amendments to dental records after they have been initially generated should be clearly recorded
and include the date and author of the amendment. Corrections to clinical information should not
remove the original information.
(b) All paper records should be completed in indelible pen and corrections and deletions should be
undertaken by the person striking out the incorrect words and rewriting the correct words. Liquid paper
products or erasable pens should not be used. If the document is being rewritten the original document
should be kept as a reference.
4.3 Use and disclosure of records
(a) The use and disclosure of dental records must be in accordance with all relevant Privacy Laws.
(b) Dental records should be used and disclosed for their primary purpose of collection: an entity will
generally use and disclose an individual’s personal information only in ways the individual would expect
or where there is an exception such as a court order (.5
(c) Records containing identifying personal information should not be used for research purposes without
the consent of the patient or unless a statutory exemption in relation to patient consent applies.
(d) Notwithstanding the above, all patient information used for dental research must comply with the
NHMRC Guidelines under sections 95 and 95A of the Privacy Act 1988 (Cth).

5 Office of the Australian Information Commissioner, Australian Privacy Principles Guidelines (July 2019), available at: < https://www.oaic.gov.au/agencies-
and-organisations/guides/guide-to-securing-personal-information > accessed 3 October 2020.
6
 4.4 Storage and security of records
(a) Under Guidelines issued by the Australian Information Commissioner, dental practices must take
reasonable steps to protect the personal information they hold from misuse, interference, loss, and
unauthorised access, modification, or disclosure.6,7
(b) Dental records should be securely stored and protected from unauthorised access or use. All filing
cabinets should be locked and kept in a room which is not accessible to the general public. All computers
should be password protected and screen visibility limited to staff members only. All computer systems
should have appropriate and current security software installed.
(c) Dentists should ensure non-digital records are maintained on durable paper as some forms of medical
photographic imaging fade with time and should be copied.
(d) Dental records can be sent by a method consented to by the patient in accordance with privacy laws and
regulation.
(e) If a health record is destroyed after the required retention periods, it must be destroyed in a secure
manner.

4.5 Electronic records

Electronic records must provide prompt access to information and be capable of generating appropriate clinical
reports.
(a) Electronic records should be time-logged and, if codes are used, they should be readily convertible to
conventional language.
(b) Other necessary functional requirements of electronic records are:
(i) a treating dentist’s records must show who made each entry and when it was made;
(ii) it must not be possible for entries to be changed without trace, that is, there must be an audit trail;
(iii) there should be security procedures in place such as password-only access; and
(iv) there must be adequate computer backup and disaster recovery systems in place, including off-site
backup.

4.6 My Health Record

(a) Patients may elect to register for a Commonwealth Government My Health Record.8
(b) Dentists may elect to participate in the My Health Record Scheme.
(c) If Dentists elect to participate in the My Health Record Scheme, they must comply with all relevant
agreements and laws and should facilitate the provision of appropriate dental health summaries for
incorporation into the patient’s My Health Record.
4.7 Retention of records
(a) Under law, dental records should be retained:
(i) in the case of health information collected while the individual was an adult – for at least seven
years from the last occasion on which a health service was provided to the individual by the health
service provider;

(ii) in the case of health information collected while the individual was under the age of 18 years – at

6 Privacy Act 1988 (Cth), APP 6.

7 Office of the Australian Information Commissioner, Guide to Securing Personal Information: ‘Reasonable Steps’ to protect Personal Information. (June
2018) available at: < https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information > accessed 3 October 2020.
8
My Heath Records Act 2012 (Cth)
7
 least until the individual has attained the age of 25 years.9

(b) If you delete or dispose of health information, you must keep a record of the name of the individual to
whom the health information related, the period covered by the record, and the date on which it was
deleted or disposed of.10
(c) A health service provider who transfers health information to another organisation and does not continue
to hold a record of that information must keep a record of the name and address of the organisation to
which it was transferred.11
(d) Only copies and not originals of non-digital records should be released.
(e) Diagnostic images and reports should be kept as part of the dental record.
(f) Subject to mandatory retention requirements, dentists must take reasonable steps to destroy or
permanently destroy or permanently de-identify personal information if it is no longer needed for its
primary purpose or for any purpose for which the information may be used or disclosed under privacy
laws.12
4.8 Regulatory compliance
(a) All Medicare request and provider forms must be completed and stored with the patient’s record in
compliance with regulatory requirements before relevant services are provided.
(b) All Therapeutic Goods Administration, diagnostic and poisons legislation required documentation must be
completed and stored with the patient’s record in compliance with regulatory requirements.
(c) If a matter has been reported, for example, to the Dental Board of Australia, retain a record of what was
reported.
4.9 Access to records and requests for corrections by patients
(a) The dentist (or the dental practice) owns the dental records.
(b) Copyright in dental records may or may not exist depending upon the circumstances and the complexity
of the entry.
(c) Under privacy laws, if a dentist holds personal information about an individual (including a patient), the
dentist must provide the individual with access to the information or a copy of the information on request
by the individual unless a specific exemption applies.13
(d) Such exemptions include, but are not limited to:
(i) you believe that providing access to health information would pose a serious threat to the life,
health or safety of any individual, or to public health or public safety; or

(ii) giving access would have an unreasonable impact on the privacy of other individuals; or

(iii) the request for access is frivolous or vexatious; or

(iv) the information relates to existing or anticipated legal proceedings, and would not be accessible by
the process of discovery in those proceedings; or

(v) giving access would be unlawful; or

9 Refer, for example, to section 25 of the Health Records and Information Privacy Act 2002 (NSW).
10 ibid
11 ibid
12 Privacy Act 1988 (Cth), APP 11.
13
Privacy Act 1988 (Cth) APP 12
8
 (vi) denying access is required or authorised by or under an Australian law or a court/tribunal order.

(e) If a dentist charges for providing access to personal information, those charges:
(i) must not be excessive; and

(ii) must not apply to lodging a request for access.

(iii) In some States or Territories, the costs are regulated under State or Territory privacy laws.

(f) It is recommended that when a patient seeks to access their dental records, the dentist offers to meet
with the patient and explain the records to them.
(g) It is preferable that the information should be provided with a report, and not simply by sending a copy
(never an original, unless an original is required by court order) of the records.
(h) If a dentist holds personal information about an individual and the individual is able to establish that the
information is inaccurate, out-of-date, incomplete, irrelevant or misleading, the dentist must take
reasonable steps to correct the information.14
(i) If the individual and the dentist disagree about information and the individual asks the dentist to
associate with the information a statement indicating that there is a discrepancy between the individual
and dentist’s information, the dentist must take reasonable steps to do so.15
(j) A dentist must provide reasons for denial of access or a refusal to correct an individual’s personal
information.16
4.10 Privacy Policy
(a) Dental practices must have a written privacy policy available for information of patients and practice staff
on its management of personal information. The dentist must make the document available to anyone
who asks for it. Please refer to the ADA Policy Statement 5.14 Dentistry. Privacy and Confidentiality.17
(b) On request, a dentist must take reasonable steps to let a person know, generally, what sort of personal
information it holds, for what purposes, and how it collects, holds, uses and discloses that information. 18
4.11 Cessation or sale of practice
(a) When a dental practice closes, dentists or their legal personal representative must:
(i) take reasonable steps to notify patients in advance and facilitate the transfer of care for current
patients to other practitioners (including the secure and consensual transfer of dental records
of those patients); and

(ii) make appropriate arrangements for the retention, storage or destruction of other patient
records, including where possible provision to the patient or secure and consensual transfer to
another dental practice.

(b) Some State privacy laws include specific requirements when a dental practice is closed or sold.

14 Privacy Act 1988 (Cth) APP 13.

15 Ibid.
16 Ibid.
17 Privacy Act 1988 (Cth) APP 5.
18
Ibid
9
Related resources
ADA Policy Statement 5.17 – Dental Records

Contribute to the development of ADA guidance to the profession

This Guideline has been developed by ADA expert committees. Feedback from the profession is welcome and may
be submitted to contact@ada.org.au for consideration in future guideline development.

10