During COVID we saw an uptick in patients covertly recording consultations, some driven by activism and content-making, many by simple anxiety and a wish to remember what was said. The behaviour hasn’t disappeared. Phones are ubiquitous, attention is scarce, and the consultation is a high-stakes moment.

This piece sets out a professional, workable stance for our healthcare customers trying to navigate this tricky space.

Start from first principles

1) Recording happens. Treat it as a foreseeable behaviour, not an emergency.

2) Confidentiality is non-negotiable. Protect other patients and staff from being captured.

3) Professional composure beats confrontation. De-escalate, keep care on track, document neutrally.

4) Governance protects people. Clear policy, short scripts, and a defined takedown route are worth a lot here.

The legal position in a nutshell

Patients / service users

• It is not illegal for a patient to record a consultation, even covertly. As a courtesy, they should ask first.

• The BMA provides useful guidance you can reference locally.

• If a patient records without your permission, there is usually no legal redress for the recording itself. Publication is different.

• Case law here is limited; there is uncertainty.

• Advice suggests that posting a recording online without the professional’s consent is potentially outside the “personal use” exceptions under data protection law.

• If recordings of you appear online without consent, you’re entitled to request removal.

• Depending on the content, other laws may be relevant (e.g. Protection from Harassment Act 1997, Malicious Communications Act 1988, Communications Act 2003).

• If publication is potentially defamatory (harms reputation or profession), libel action may be considered via specialist legal support.

Staff

• Staff must not covertly record patients, colleagues or third parties in the course of their duties. It is highly intrusive and only permitted with prior authorisation from the DPO and SIRO, with a clear legal basis (e.g. safeguarding/regulatory) and no less intrusive alternative.

• Covertly recording to “gather evidence” risks breaching data protection law, professional standards and employment duties.

• Concerns about misconduct should go through incident reporting or whistleblowing processes.

• Any records created must meet your Records Management and Data Quality standards.

Managing this in Practice

In the room

Keep it neutral and brief:

• “Are you planning to record today? That’s fine if we agree how to do it safely.”

• “Please keep the device on us only; don’t capture other patients or staff.”

• “This is for your personal use. Sharing it online can breach people’s rights, including mine.”

• If you suspect covert recording: “If you’re recording, let’s set expectations so we protect confidentiality.”

Document factually in the notes: “Patient appeared to record on a mobile device; confidentiality guidance given.”

If a recording appears online

Follow a measured, auditable process:

1. Capture evidence: URL, date/time, secure screenshots.

2. Request takedown: short, factual message to the platform/uploader stating absence of consent and privacy concerns.

3. Escalate proportionately: consider harassment/defamation routes; involve your MDO/insurer and IG lead early.

4. Support the clinician: this is stressful; prioritise supervision and wellbeing.

Red lines worth holding

• No filming/recording in communal areas.

• No recording that compromises safety or examination. Adapt or reschedule if necessary.

• No covert recording by staff without DPO/SIRO authorisation, a lawful basis, and clear necessity.

• No “policy by argument.” If discussion derails care, pause and re-ground in confidentiality and safety.

Minimal governance, maximum impact

• One-page procedure: patient recordings (agreed/covert), staff prohibition, takedown steps, who triages (PM/IG), when to involve DPO/SIRO.

• Micro-training (10 minutes): three scenarios, model phrases, documentation standard.

• Templates: reception script, clinician one-liners, takedown email.

• Records discipline: if the practice creates/holds any recording, treat it as part of the health record: retention, access and disclosure rules apply.

In summary

Most patients record because healthcare information is a lot to take in.

A professional, boundaried response builds trust without giving up safety or standards.