The CSP office will be closed between Christmas and New Year (25 December-2 January).  If you need urgent advice during this period visit "Advice for members during the holiday closure"

Record-keeping guidance

Physiotherapy staff have a professional and legal obligation to keep an accurate record of their interactions with patients. These records are legal documents, which can be called upon in a variety of situations. Comprehensive patient records also help to drive high standards of patient care.

Since physiotherapy records are legal documents, physiotherapists are expected to follow legal frameworks alongside professional body guidance and any local policies that are in place.

This page contains FAQs around record keeping and the guidance paper provides an overview of a physiotherapist’s obligations for maintaining accurate records. It will also signpost you to key documents that provide further information related to specific aspects of record keeping, for example the Data Protection Act 2018 and the Information Commissioner’s Office (ICO).

Did you know...

  • Physiotherapy staff have a professional and legal obligation to keep an accurate record of their interaction with patients.
  • If you use a smartphone to text or call patients, it stores their name and contact details – this counts as ‘keeping records’.

  • You must be registered with the Information Commissioner’s Office if you or your organisation keep patient records, unless a legal exemption applies.
  • Your duty to share information is as important as your duty to maintain patient confidentiality (Caldicott Review in England 2013).
  • The use of SNOMED CT is now being driven by health policy and within NHS England its use is mandated.
  • All record keeping is governed by the Data Protection Act 2018. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
  • Being able to make and maintain records is a requirement of your HCPC registration.

  • Keeping detailed records is a requirement of your CSP membership.

Record-keeping FAQs

What format should my notes take? Do I have to use SOAP notes?

The CSP does not specify what format notes should take, e.g. many physiotherapists choose to use SOAP (Subjective, Objective, Assessment, Plan) notes while others choose a different style. What is important is that the notes give a clear and accurate account of the physiotherapy intervention and assessment.

The level and complexity of record keeping that you complete will vary according to the context of the intervention and the background health status of your client. The notes a physiotherapist chooses to keep for a patient attending a Pilates class will more basic than for example a patient who has had a fall and has a complex medical history.   


I worked as a self-employed physiotherapist and was contracted to the owner of a local physiotherapy business. I am now leaving. To whom do my notes belong?

Where a person is self-employed but is contracted to provide services for/on behalf of a third party – for example, to a private practice or clinic, private hospital or NHS establishment – the self-employed physiotherapist is in effect working on a consultancy basis. In this situation, the practice contracting with the self-employed physiotherapist is normally considered to 'own' the records.

In most circumstances, the records are generated as a byproduct of the 'contract', and in the first instance, it would be the company/business owner that would be sued if something untoward happened. Therefore, it should be the company that retains the records. In these circumstances, the self-employed physiotherapist is also exposed to liability, so he/she must be able to access the records to defend him or herself. But having access to the records does not mean that the physiotherapist has to own the records.

Self-employed physiotherapists should consider this when negotiating their contract.


How long must I keep my notes for?

Records form a legal record of treatment and therefore must be retained safely and securely in accordance with the Data Protection Act 2018. Under GDPR regulations, data must only be kept for as long as necessary for the original reason it was collected.

Each UK country sets out minimum retention periods for NHS health records. The minimum retention periods apply to all formats/media that contain components of information relating to the health record. Retention schedules vary according to the type of record but, in general, for those with capacity it is usually:

  • Eight years from the date of last treatment for adult records.
  • Eight years after their 18 birthday or until 25 years of age for children.

Other types of records may need to be stored indefinitely.


What is a subject access request (SAR)?

This is the way in which a person exercises their right under GDPR to find out what information an individual, organisation or business holds about them. An SAR may be made orally or in writing. If you receive an SAR you should verify the identity of the person making the SAR if you have any doubts as to who you are dealing with.

You have one month (30 days) to provide the information and it is usually provided free of charge. You may be able to refuse to comply with an SAR if it is unfounded or ‘manifestly excessive’. You must document how you manage SAR requests.


When I need to share my notes with solicitors, patients or other healthcare professionals, should I send the originals?

No. People requesting records have no entitlement to the original records. You must retain your original records for the required length of time. People must be provided with a copy of their record in the format that they ask for.


Can I share my records with other healthcare professionals involved in the patient’s care?

Yes. You must share information with other health professionals directly involved in the patient’s care in order to give appropriate advice and treatment. You don’t need the patient’s written permission to do this, but you should always seek to ensure that your patient is aware of the communication you have with other health professionals. The patient has the right to prevent you sharing information. If they do so, they should be informed of how this might affect continuity of care. However, if you feel that a patient is in danger to themselves or to others you may contact the patient’s doctor, even without the patient’s consent, and raise your concerns.


I work in the community. How do these guidelines fit with my practice?

Access and storage of patient records when out in the community can be problematic. Local policies should be put in place to ensure everything possible is done to keep records safe and secure. When you are using electronic devices, these should be password protected.

While our Quality Assurance Standards state that notes should be written ‘immediately after the contact with the service user or before the end of that working day’, this may not be practicalor possible in all situations. Local policies should be written that support good practice for circumstances such as this. 


When a sole trader or self-employed physiotherapist retires or dies, what should happen to their patient records?

Once you retire, you must make suitable arrangements for storage of your patient records in order for you or your patients to be able to access them should the need arise in the future and to comply with data laws. Under GDPR regulations, you can only pass a patient's details on to another physiotherapist when you retire if they give explicit consent to be contacted in this way.

If guidance changes regarding the storage of notes, then it would be your responsibility to be up to date and adhere to the guidance for as long as the notes need to be retained.

After death, if you are a sole trader, the patient records will become part of your estate and will be dealt with under the administration of your will or letters of administration if you have no will. It is therefore important that your executors know that they will have to deal with your business as well as your personal life. If your business is a limited company and thus a legal entity in its own right, independent of you, you may wish to consider obtaining legal advice on how you should prepare/plan for business continuity/cessation of legal entities after the death of the natural owner of the legal entity. 

After your death, patient records must still be stored and retained in accordance with data requirements. They must be accessible should any former patient request access to the records or if the records are required for any other purpose.


When treating a patient with a support worker, can I ask them to complete the records?

Yes. You can delegate the activity of completing the record of a joint intervention with a patient to a support worker. You are accountable for deciding to delegate this activity and they are responsible for completing the records in a timely and accurate way. See our quick reference guide on delegation for further details on accountability and responsibility.