Search the guidance

Make your search more specific...

Guidance areas


As well as searching, you can browse the Guidance.

  • Full records are essential to facilitate the clinical management of the patient and continuity of care.
  • You must keep full records to protect yourself in case of complaints.
  • You must keep full, accurate and clear patient records, made at the time of the examination, which provide a history of patient care, including referrals.
  • If you keep electronic records, you or your practice should have an IT business continuity plan, good security, regular data backups, adequate training and satisfactory disposal of old systems or equipment.
  • The date that any image was taken should be clear, and the image assigned to the correct patient.
  • You should allow sufficient time to analyse each image.
  • Patient records belong to the practice where they were made.
  • If you work with non-optometrists, you must ensure patient records are correctly dealt with when your association ends.
  • You must ensure that confidentiality is maintained during the collection, storage, use and disposal of records.
  • You must comply with Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).
  • Patients have a right to access their records.
This Guidance does not change what you must do under the law.
You must keep patient records to:
  1. retain clinical information, including the patient’s history
  2. facilitate the clinical management of the patient and continuity of care
  3. enable another practitioner to take over the care of the patient, and
  4. protect yourself in case of complaints or for reference in a legal situation.
Patient records can provide a reliable statistical basis for research. See section on Research and audit.
You must keep full and accurate records, made at the time of the examination, or as soon as possible afterwards8. These would normally include:
  1. telephone or email contact with the patient by optometrists and other staff
  2. patient visits to the practice
  3. details of your examination
  4. when a patient has declined a test. If the patient refuses or withdraws their consent you should record the reason the patient has given, and the advice you have given9 
  5. management of the patient.
You may use abbreviations. However, you should use only common abbreviations. There is a list at Annex 2, but this is not definitive.
Your records must include:10
  1. the date of the consultation
  2. the patient’s personal details. This should normally include the patient's:
    • full name
    • date of birth
    • address
    • other contact details
  3. the reason for the visit and any presenting condition. This should normally include the patient’s:
    • symptoms, description and duration
    • if relevant, history of ocular and general health
    • current general health
    • medication
    • family history of ocular and general health
    • visual needs in terms of occupation, recreation or general activities
    • whether the patient drives, with or without prescription
    • previous optical prescription and date of last eye examination or sight test. This can be approximate, if the exact date is not known
  4. clinical examination. For a routine eye examination this should normally include the patient’s:
    • unaided vision and/or vision with habitual prescription R and L, as relevant
    • ocular muscle balance and method, at least cover test, for distance and near correction with habitual prescription, and/or without, if appropriate
    • external examination using a slit lamp
    • internal examination, with or without dilation. If dilation is used, record which drug and concentration, batch number and expiry date:
      • media status + diagram of opacities if appropriate
      • Optic disc assessment R and L including C/D ratio, NRR assessment and any unusual features
      • A/V ratio R and L and any unusual vessel features, for example nipping, irregular calibre
      • macular status R and L
      • diagram of any fundal lesions
      • results of peripheral retina examination
      • you may also need to include the following items, as appropriate:
        • near point of convergence
        • ocular motility assessment
        • pupil reactions
        • objective refraction results (autorefractor and/or retinoscopy)
        • fundal or other imaging
        • IOP readings and method and time of readings
        • visual field examination, type of field screener used, which programme, what brightness, if not automatic, and what correction worn by the patient. A printout of any abnormal results
        • results of any repeated tests to eliminate spurious results
    • refraction, if conducted:
      • subjective refraction, if cycloplegic used, what drug and concentration, batch number and expiry date
      • distance VAs R and L
      • reading addition with reading VA binocularly or individually if appropriate
      • ocular muscle balance and method, at least cover test, for distance and near with new prescription if appropriate, for example significant change
      • fixation disparity if appropriate, for example, if the patient has symptoms or shows a deviation on cover test 
      • prescription given for each task, for example, driving, visual display unit (VDU) and any associated reasons, for example, to reduce headaches, to try and improve ocular muscle balance
      • accommodation, if appropriate
  5. contact lens examination, if appropriate. This would normally include the current lens specification, prescription and care regime
  6. conclusions:
    • details of discussions with the patient, including options and oral and written advice given, for example, to drive with spectacles
    • any change in patient management
    • details of any referral. You should keep a copy of the referral letter with the patient record
    • details of any notification sent to the GP and a copy of the letter
    • details of any written information given to the patient, such as patient information leaflets, and
    • recall date and reason if early recall suggested
  7. details of all those involved in the optical consultation, including name and signature, or other identification of author.12
You should use your professional judgement to decide how and when to record consent. This would be based on proportionality, risk, the patient’s needs and circumstances and the type of treatment or care.13 See section on Consent.
You should record relevant negative as well as positive findings.
Some of the guidance in this section relates to the responsibilities of the person in charge of an organisation or practice, as well as to your responsibilities as a practitioner within the practice.
If you are setting up a paperless electronic record system, you or your organisation should:
  1. prepare an IT business continuity plan first, including provision for regular backups of data which are stored securely and preferably off-site
  2. ensure all members of the team, including locums, can use and access the IT system effectively
  3. ensure that you check the accuracy of any patient records entered on your behalf by an assistant. You remain responsible for the contents of the record
  4. ensure confidentiality is maintained through:
    • access control measures
    • physical security and privacy of systems
    • secure communication between systems
  5. ensure every patient record has an audit trail to identify:
    • time/date of each entry
    • author of each entry
    • additions, changes or deletions
  6. set up or use a properly constructed format which:
    • does not constrain data entry
    • allows free text and clinical codes
    • enables all patient contact and significant health events, such as referrals, to be recorded
    • allows attachments, such as a fundus photograph or referral letter, to be part of the record
    • signposts any additional records about the patient which are separate from the main record; however, you should not keep informal patient records
  7. ensure you have sufficient security protection.
If you or your practice changes the IT system, audit trails may be lost. Therefore, you should:
  1. create and maintain a verified backup of the clinical data from the old system
  2. maintain a means to read this backup.
If systems or hardware are replaced, you or your organisation must ensure that any patient identifiable data is backed up and data on the old computer is destroyed. Deleting information may be insufficient as data can remain accessible on storage media. Hardware, including hard disc drives, should be physically destroyed.
You should not maintain both a paper based and an electronic system. However, if this is unavoidable, you should avoid parallel systems that contain the same data as they may not be kept up to date.
You should use your professional judgement to decide whether taking an image or scan is appropriate for the patient, and you must only recommend examinations if these are clinically justified and in the patient’s best interests.14
Whenever an image or scan is taken, you should ensure that the date that it was taken is clear, and that it is assigned to the correct patient. If this information is not embedded in the image or scan itself, you should save it in the appropriate place in the patient record.
You should allow sufficient time to analyse each image or scan. How much time will depend upon the patient’s clinical circumstances, and the complexity of the image or scan. You should compare the image or scan with previous images or scans, if they are available, to decide whether there is a clinically significant change in the patient’s ocular structures.
You should record:
  1. which image or scans have been taken, and which structures examined
  2. whether you have compared the findings with previous image or scan, and if so which image or scan you have compared the current image or scan with
  3. whether there has been any change
  4. any abnormal findings, or findings of note, such as an unusual fundus appearance.
The practice, rather than the patient or the optometrist, owns the patient records.
All parties involved must ensure the originating practitioner has access to the records in the event of a query, complaint or claim.
If the practice closes, the practice owner should:
  1. arrange to transfer the patient records to another registered practitioner or practice
  2. inform patients this has been done
  3. inform their primary care organisation (PCO) of the intended closure and offer the records to the PCO,  or a person nominated by the PCO, where transfer to another practitioner or practice is not possible.15
Patients may choose another practice and may give consent for their new practitioner to request relevant clinical information from their records to enable the continuation of their optometric care. You should agree to such requests once you have the patient’s consent.
If you work for, or in association with, non-optometrists you should ensure that your contract states that:
  1. the contractor will keep the records secure and confidential
  2. if the practice changes hands, and optometric care will continue to be provided in that practice, the records will remain in the practice with responsibility for this being passed to the incoming optometrist
  3. if the practice closes, or no optometric care will be provided when your association ends, you have the right to take the optometric records with you. This is to ensure the records stay secure and are processed lawfully. If this happens the contractor should inform the patients.
FOOTNOTE: In Northern Ireland, the Health and Social Care Board (HSCB) requires that the contractor retains the records and makes them accessible for the appropriate period of time. The HSCB or their partner organisation, the Business Services Organisation, can then give former patients the contractor’s agreed contact details if required. 
You must respect and protect confidential information when you:16
  1. collect data
  2. store it
  3. use it, including for referrals and research purposes
  4. dispose of it.
As a practitioner, your organisation may be the record holder, but you have responsibilities under the Data Protection Act 2018 (DPA 2018) and the EU General Data Protection Regulations (GDPR). The Optical Confederation has issued guidance on the DPA 2018 and the GDPR (see useful information and links). You should be familiar with the act and GDPR. For optometrists, key points are:
  1. keeping accurate patient data
  2. using the data for specific purposes
  3. amending inaccurate data and responding to objections from patients if the use of the data causes harm or distress
  4. keeping the data no longer than necessary. Suggested lengths of time for retaining records:

     Type of record

    Recommended period of retention

    adult patients  10 years after they were last seen, even if the patient has subsequently died.
    children and young people

    10 years after they were last seen or until the patient’s 25th birthday, if later. 
    If the child or young person has died, keep the records for 10 years after they were last seen.

  5. keeping the data confidential and secure. See section on Confidentiality.
  6. enabling patients, or an applicant acting on behalf of a patient, to access their data for the length of time that you keep the records. The applicant has a right to see the data, either because they have written authority from the patient or because they have Power of Attorney. Access to the record must be given within the time limit set out in the act and the GDPR requires that, if a patient asks for a copy of their record, this must be provided free of charge in most instances
  7. helping the patient to understand their record by explaining its content and abbreviations
  8. satisfying yourself that there is no further need of the record before destroying it
  9. disposing of any records securely
  10. noting that, if you, or your organisation, acquire a patient record, the obligations under the Data Protection Act and GDPR transfer to you as the new owner.
Most organisations that process personal information are required by law to register with the Information Commissioner. Some organisations are exempt from this.17


17   Information Commissioner’s Office. Data Protection Fee. [Accessed 1 Nov 2023]
Personal information that is held in a database should not normally be sold if patients have not been told originally that their information could be passed on to other organisations. However, if the business becomes insolvent, bankrupt or is being closed down or sold, the Data Protection Act will not prevent the sale of a database containing the details of individual patients, providing the transfer is made on terms which are of a kind approved by the Information Commissioner. This must ensure that there are adequate safeguards for the rights and freedoms of the data subjects.18  However, where possible, you should contact the patients.
Print Friendly and PDF