36.—(1) The provider must keep adequate patient records of its attendance on and treatment of its patients and must do so—
(a)on forms to be supplied to it for the purpose by the Health Board; or
(b)with the written consent of the Health Board, by way of electronic patient records; or
(c)in a combination of those two ways.
(2) The provider must include in patient records referred to in sub-paragraph (1), clinical reports sent in accordance with paragraph 6 of schedule 1 or from any other health care professional who has provided clinical services to a person on its list of patients.
(3) The consent of the Health Board required by sub-paragraph (1)(b) must not be withheld or withdrawn provided the Health Board is satisfied, and continues to be satisfied, that—
(a)the provider ensures that the computer system upon which the provider proposes to keep the electronic patient records is accredited by the Scottish Ministers or another person on their behalf as suitable for that purpose in accordance with a relevant standard issued by the Scottish Ministers;
(b)the security measures, audit and system management functions incorporated into the computer system as accredited in accordance with sub-paragraph (a) have been enabled; and
(c)the agreement signed by the provider contains an obligation requiring the provider to have regard to any guidelines issued by the Scottish Ministers and notified in writing, to the provider by the Health Board concerning good practice in the keeping of electronic patient records.
(4) Where a patient’s records are electronic patient records, the provider must, as soon as possible following a request from the Health Board, allow the Health Board to access the information recorded on the provider’s computer system by means of the audit function referred to in sub‑paragraph (3)(b) to the extent necessary for the Health Board to confirm that the audit function is enabled and functioning correctly.
(5) The provider must send the complete patient record relating to a person mentioned in sub-paragraph 5(a) or (b) to the Health Board—
(a)where a person on its list dies, before the end of the period of 14 days beginning with the date on which it was informed by the Health Board of the death, or (in any other case) before the end of the period of one month beginning with the date on which it learned of the death; or
(b)in any other case where the person is no longer registered with the provider, as soon as possible, at the request of the Health Board.
(6) To the extent that a patient’s records are electronic patient records, the provider complies with sub-paragraph (5) if it sends to the Health Board a copy of those records—
(a)in written form; or
(b)with the written consent of the Health Board, in any other form.
(7) The consent of the Health Board to the transmission of information other than in written form for the purposes of sub-paragraph (6)(b) must not be withheld or withdrawn provided it is satisfied, and continues to be satisfied, with—
(a)the provider’s proposals as to how the record will be transmitted;
(b)the provider’s proposals as to the format of the transmitted record;
(c)how the provider will ensure that the record received by the Health Board is identical to that transmitted; and
(d)how a written copy of the record can be produced by the Health Board.
(8) A provider with electronic patient records must not disable, or attempt to disable, either the security measures or the audit and system management functions referred to in sub‑paragraph (3)(b).