Telephone recording policy

Recording incoming and outgoing calls

In accordance with Article 6 of the UK General Data Protection Regulation, the lawful basis for processing data also applies to the recording of telephone calls. Article 6 states that one of the following must apply when processing any data:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes
  • Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract
  • Processing is necessary for compliance with a legal obligation to which the controller is subject
  • Processing is necessary to protect the vital interests of the data subject or another natural person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, where the data subject is a child

To align Article 6 with the recording of telephone calls, one of the following must apply:

  • The individuals involved in the call have given consent to be recorded
  • Recording of the call is necessary for the fulfilment of a contract
  • Recording of the call is necessary for the fulfilment of a legal obligation
  • Recording of the call is necessary to protect the interests of the participants or another natural person
  • Recording of the call is in the public interest or necessary for the exercise of official authority
  • Recording of the call is in the legitimate interests of the recorder, unless the interests are overridden by the interests of those involved in the call

Guidance can be found in the GMC guidance titled Making and using visual and audio recordings of patients.

Notifying callers of any call recording system

Information regarding call recording, including the reason why any call will be recorded, is to be detailed at the following:

  • Any incoming call, including any calls using desktop software, mobile apps or an internet browser-based application
  • For outbound calls, including telephone consultations, this notice serves as a reminder that all calls are recorded
  • A summary of this policy on both the website and within the practice privacy notice

Should a patient request that their call is not recorded, then they are to be advised that it is organisation policy to record all calls to ensure the safety and security of both patient and employee. They are also to be advised that there is no option to switch off the recording facility.

Should the patient continue to insist that they do not wish the call to be recorded, then they are to be advised that the call cannot continue and that they should contact NHS111 or 999 in an emergency.

It should be noted that secret recordings are not permitted.

Procedures for managing and releasing call recordings

When services are using a telephone system that allows telephone conversations to be recorded, the following should be noted:

  • All recordings shall be stored securely with access to the recordings controlled and managed by the Information Governance Lead or any other persons authorised to do so
  • Access to the recordings is only allowed to satisfy a clearly defined business need and reasons for requesting access must be formally authorised by only the Information Governance Lead. All requests for call recordings should include the following information:
    • The valid reason for the request
    • Date and time of the call if known
    • Telephone extension used to make/receive the call
    • External number involved if known
    • When possible, the names of all parties to the telephone call
    • Any other information on the nature of the call
  • The browsing of recordings for no valid reason is not permitted
  • UK GDPR allows persons access to information that the organisation holds about them and this includes recorded telephone calls. Therefore, the recordings will be stored in such a way to enable information to be retrieved
  • Requests for copies of telephone conversations made as data subject access requests under UK GDPR should be notified in writing as per the Access to Medical Records Policy and, subject to assessment, the requestor will be provided with access to the recording. It would be best practice to discuss any such data request with the Information Governance Lead and/or Data Protection Officer (DPO)
  • All reasonable attempts will be made to confirm that the identity of the individual making the subject access request matches the identity of the caller. If in doubt, the final decision will be made by the DPO
  • In the case of a request from an external body in connection with the detection or prevention of crime, e.g., the police, the request should be made in writing and forwarded to the Information Governance Lead who will liaise with the DPO to agree an appropriate course of action.

Further guidance can be sought in the Access to Medical Records Policy and the Communication Policy

  • When there is agreement to provide a copy of any recording, this will be provided in a format the organisation can reasonably expect the requester will be able to use. The organisation will consider the individual’s preference versus the practicality and cost of preparation. Formats are likely to include WAV, MP3 or another digital format or transcript
  • Any recordings released to other services or users of the organisation must be kept securely and in compliance with this policy. Once the recording has been used for the agreed purpose, it must be deleted

Further sharing of any call must be authorised by the Information Governance Lead.

Audit and review of telephone recordings

The audit and review of telephone recordings may be used to:

  • Check for mistakes
  • Facilitate staff training, coaching and support
  • Prevent, detect, investigate and prosecute fraud
  • Verify what was said if there is a dispute or complaint
  • Protect from abusive behaviour, coupled with monitoring language and tone
  • Monitor the quality of call handling and customer service and to ensure the information provided is consistent and accurate
  • Help plan and make improvements to our services
  • Verify the details of the call for the purposes of, or in connection with, any legal proceedings
  • As evidence within an investigation should a misconduct, performance or capability concern arise

Requests for copies of telephone conversations as part of staff disciplinary processes will only be released with the written agreement of the Information Governance Lead or any other authorised person. The DPO is to be consulted before any approval is granted.

All staff will have telephone consultations audited during their probationary period and annually thereafter.

  • Three randomly selected conversations will be listened to and assessed using the audit tool. This number can be increased to five when further clarification of practice is required
  • The aim is for all to score at least 80% on the audit. Anyone scoring below this will be informed and then reaudited within three months to monitor for improvement
  • Feedback will be provided to individual staff regarding good practice and also any areas for improved practice. Results are to be saved on individual HR records. Any professional practice concerns are to be shared with the Partners
  • The collective results of this audit are to be recorded as being one of the annual practice audits
  • Any exemplary conversations, likewise, poor conversations can be used for training purposes. The obvious place for this is to be recorded is as a significant event to highlight what went well or what went wrong.

Refer to the Significant Event and Incident Policy for further guidance.

The audit criteria are as follows:

Criteria Standard

Staff member carries out a full introduction  – 100%

The identity of the patient is confirmed – 100%

The consultation is conducted in a professional manner – 100%

Furthermore, should the call be a telephone consultation, the clinician is also to:

Confirm that consent has been given 100%

Confirm that the patient understands 100%

Have communicated a clear plan in terms of any required next steps including prescriptions and/or reviews 100%

Access to the telephone call recording system is logged and is traceable using an identifiable username and secure password. Access and usage may be monitored at any time to ensure adherence with this policy.

Any employee may request to hear call recordings in which they are personally involved. The employee should make a request in writing detailing the reason for hearing the recording to their line manager in the first instance who will escalate the request to an appropriate nominated member of staff for consideration.

Should any recording be released, a record of this is to be logged within the Release of Recording Register as at Annex B. This register is maintained by the Practice Manager and audited by the Information Governance Lead/DPO as required.

Further reading can be sought from the MDDUS guidance titled Recording telephone consultations with patients.

Breach reporting

Should staff feel they have accidentally breached the above policy, they are required to inform their line manager immediately. If a breach of procedure is believed to have taken place, the concern should then be raised to both the Information Governance Lead and the DPO. Any breach may expose the organisation with fines by the Information Commissioners Office (ICO) subsequently being a potential outcome coupled with substantial compensation.

It should be noted that any infringement of this policy will be considered as a serious offence and may result in disciplinary action.

Date published: 10th January, 2025
Date last updated: 10th January, 2025