Call Recording Policy


All telephone calls received into the practice and made from the practice will be recorded and retained for a period of 3 months. These recordings will only be used for the purposes specified in this policy and data will be processed with all appropriate safeguards and compliance with general data protection regulations.


General Principles

The General Data Protection Regulation (GDPR) protects personal information held by organisations on computer and relevant filing systems. It enforces a set of standards for the processing of such information. In general terms it provides that all data shall be used for specific purposes only and not used or disclosed in any way incompatible with these purposes.

During its activities the practice will collect, store and process personal data, including the recording of all telephone calls, and it recognises that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.

The practice is registered with the Information Commissioner for all necessary activities under the GDPR.


Call Recording Overview

Purposes of call recording

The purpose of call recording is to provide an exact record of the call which can:

  • Protect the interests of both parties - physical and verbal abuse of any kind is not tolerated by the practice;
  • Help improve practice performance and best practice;
  • Help protect practice staff from abusive or nuisance calls;
  • Establish the facts in the event of a complaint either by a patient or a member of staff and so assist in resolving it;
  • Establish the facts and assist in the resolution of any medico-legal claims made against the practice or its clinicians;
  • A call recording may also be used as evidence in the event that an employee’s telephone conduct is deemed unacceptable. In this situation the recording will be made available to the employee’s manager, to be investigated as per the Practice Disciplinary Policy

The telephone call recording system in operation will record incoming and outgoing telephone calls and recordings may be used to investigate compliance with the practice’s policies and procedures, to provide further training, to support the investigation of complaints, to ensure the practice complies with regulatory procedures and to provide evidence for any regulatory investigation.

The practice will record telephone conversations from its central telephone system. All call recordings are encrypted and stored on a secure server.


Communicating with callers about the Call Recording System

The practice will inform the caller that their call is being monitored/recorded for the reasons stated above so that they have the opportunity to consent by continuing with the call or hanging up. This will be communicated to patients by:

  • Publishing a summary of this policy on the practice website
  • Informing all patients in the first instance via a recorded announcement for incoming calls

Admin staff do not have the facility to turn off call recording.  If patients do not want their contact to be recorded, they should use email, writing or attend in person at reception.

For telephone consultations, the clinician may turn off the call recording to allow the patient to speak freely if they request this but will note in the EMIS system that this happened and the reason why, using standard terminology. As usual, contemporaneous written notes of the consultation will be made in the patients’ clinical record and these stay on the record whereas the call recording is deleted after 3 months and therefore will not constitute part of the medical record.


Procedures for managing and releasing call recordings

a)    The recordings shall be stored securely for 3 months

b)    Access to the recordings will be controlled

c)    Access will be managed by the Data Controller or any other persons authorised to do so by the Data Controller

d)    After 3 months the recordings are automatically deleted

e)    Access to the recordings is only allowed in order to satisfy a clearly defined business need and reasons for requesting access must be formally authorised only by a relevant Partner or Manager. All requests for call recordings should include the following:

  • The valid reason for the request
  • Date and time of the call if known
  • Telephone extension used to make/receive the call
  • External number involved if known
  • Where possible, the names of all parties to the telephone call
  • Any other information on the nature of the call

f)     The browsing of recordings for no valid reason is not permitted

g)    The GDPR allows persons access to information that we hold about them. This includes recorded telephone calls. Therefore, the recordings will be stored in such a way to enable the Data Controller to retrieve information relating to one or more individuals as easily as possible for up to 3 months

h)    Requests for copies of telephone conversations made as Subject Access Requests under the GDPR must be notified in writing to the practice immediately and, subject to assessment, he/she will request the call recording and arrange for the individual concerned to have access to hear the recording. A voice recording only will be provided. The practice will not transcribe calls at a patient’s request. Recorded calls can only be provided up to three months from the date of the contact

i)     In the case of a request from an external body in connection with the detection or prevention of crime e.g. the police, the request should be forwarded to the Data Controller who will complete the request for a call recording

j)     Requests for copies of telephone conversations as part of staff disciplinary processes will only be released with the written agreement of the Data Controller, or any other person authorised by the Data Controller, who will consult with the Data Controller before approval is granted.

k)    Recordings of calls will be encrypted and stored electronically in a secure environment. Call recordings will periodically be archived, in line with electronic and paper file archiving time scales, to external hard drives

l)     Call recording provides secure user password protected logon access control. Recordings can be quickly located using multiple search criteria to ensure GDPR requirements for Right to Access, Right to be Forgotten and Data Portability can be complied with.