Medical record naming standard
Name medical records as PatientID_YYYY-MM-DD_RecordType.pdf to organize by patient and service date while keeping protected health information out of filenames.
- Use the medical record number (MRN) or patient ID — never the patient name — as the primary identifier.
- Include date of service (YYYY-MM-DD) so records sort chronologically within a patient chart.
- Add record type (LabResult, Imaging, ProgressNote, DischargeSummary) to filter without opening.
- Optionally include provider name for multi-provider clinics.
4.7k medical records organized with HIPAA-compliant naming across 12 clinics and medical offices.
Recommended patterns
Standard medical record pattern
The HIPAA-safe standard. Patient ID provides lookup capability without exposing protected health information in the filename. Records sort by date within each patient.
PatientID_YYYY-MM-DD_RecordType.pdfMRN-784512_2025-10-15_LabResult.pdfMedical record with provider
Adds the treating provider for multi-physician practices. Useful when a patient sees multiple specialists and records need to be attributed.
PatientID_YYYY-MM-DD_RecordType_Provider.pdfMRN-784512_2025-10-15_ProgressNote_DrPatel.pdfMedical imaging pattern
Specialized pattern for imaging reports and results. Imaging type and body region let clinicians find specific studies without opening files or querying PACS.
PatientID_YYYY-MM-DD_ImagingType_BodyRegion.pdfMRN-784512_2025-10-15_MRI_LumbarSpine.pdfCore principles
Never put patient name in the filename
Patient names are protected health information (PHI) under HIPAA. Names in filenames appear in file browser previews, cloud sync logs, email attachment names, and OS search indexes — all potential HIPAA violations.
Use medical record number (MRN) as the identifier
The MRN is the standard patient identifier in healthcare. It links to the patient in your EHR without exposing PHI. Every healthcare worker knows how to look up a patient by MRN.
Always include date of service
Medical records are inherently temporal. A lab result from October means something different than one from March. Date of service — not the date you scanned or filed the document — is the correct date.
Classify by record type
A patient chart might contain labs, imaging, progress notes, referrals, consent forms, and discharge summaries. The record type in the filename lets clinical staff find what they need without opening every file.
Keep filenames short and structured
Avoid free-text descriptions in medical filenames. "MRN-784512_2025-10-15_LabResult.pdf" is better than "Patient_blood_test_results_october_2025.pdf." Structured tokens enable automation and search.
Common mistakes
Putting patient name in the filename
Patient names are PHI. A file named "JohnDoe_LabResults.pdf" visible in a shared folder, email, or cloud sync log is a HIPAA violation. Fines can reach $50,000+ per violation.
Fix: Use MRN only: MRN-784512_2025-10-15_LabResult.pdf
Missing date of service
A lab result without a date is clinically useless. You cannot determine if it is current or from years ago. Multiple results for the same test cannot be tracked over time.
Fix: Always include date of service: MRN-784512_2025-10-15_LabResult.pdf
Using "medical_record.pdf" as the filename
Every document downloaded from your EHR becomes "medical_record (1).pdf", "medical_record (2).pdf." No way to identify patient, date, or record type without opening.
Fix: Include MRN, date, and type: MRN-784512_2025-10-15_LabResult.pdf
Including diagnosis or condition in the filename
Diagnosis codes and condition names are PHI. A filename like "MRN-784512_Diabetes_LabResult.pdf" exposes medical information to anyone who can see the filename.
Fix: Omit clinical details from filenames. Record type (LabResult, not DiabetesLabResult) is sufficient.
Using scan date instead of service date
Documents scanned weeks after the visit will sort incorrectly. Clinical staff expect records to sort by when care was provided, not when the paper was digitized.
Fix: Use date of service from the document itself, not the scan date.
More naming guides
View all naming guides →Frequently asked questions
Is it HIPAA-compliant to include the MRN in a filename?
MRNs are considered PHI under HIPAA, but they are the standard identifier used in healthcare workflows. The key is that MRN-based filenames must be stored in access-controlled systems (encrypted storage, restricted folders). The MRN in the filename enables clinical workflows; access controls provide the compliance layer.
How do I handle records from external providers?
Map the external patient ID to your internal MRN: MRN-784512_2025-10-15_ExternalLabResult_QuestDiagnostics.pdf. Include the source organization for traceability.
What about consent forms and authorizations?
Use the same pattern: MRN-784512_2025-10-15_ConsentForm.pdf or MRN-784512_2025-10-15_HIPAA-Authorization.pdf. Date by the signing date.
Should I use ICD-10 codes in filenames?
No. ICD-10 codes are diagnosis codes and constitute PHI. They should not appear in filenames. Use generic record types (LabResult, Imaging) instead.
How do I handle records for a patient with multiple MRNs (duplicate records)?
Use the primary/merged MRN from your EHR. If the merge hasn't happened yet, use the MRN from the document and note the duplicate for resolution. Renaming after merge is a good use case for automation.
Can this work with EHR exports?
Yes. Most EHRs (Epic, Cerner, Athena) export documents with the MRN in the content. Renamed.to can extract this and apply your naming convention to bulk exports.