Data Protection & Confidentiality
Call Recording Statement
Tyntesfield Medical Group records all incoming and outgoing telephone calls to support the delivery of safe, high quality care.
Why We Record Calls
Call recording enables the practice to:
• Support staff training and development
• Protect staff from nuisance or abusive calls
• Establish facts in the event of complaints or disputes
• Identify opportunities for service improvement and operational efficiency
All call recording is managed in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Our aim is to protect individuals’ rights while supporting the effective operation of the practice.
Who This Applies To
This policy covers:
• All practice staff, including permanent, temporary, locum and contracted workers
• All external incoming and outgoing calls made via the practice telephone system
Informing Callers
We make every reasonable effort to ensure callers are aware that their call may be recorded. This is communicated through:
• A pre recorded message at the start of all incoming calls
• Information published on our website
How Recordings Are Stored and Accessed
• Recordings are stored securely within our telephone system software
• Access is strictly limited to senior management
• Any access request must be authorised by the Information Governance Lead, Senior Information Risk Owner, or an appointed deputy
• Recordings are accessed via a password protected system and reviewed in a private, confidential setting
Monitoring and Playback
Recordings may be reviewed for:
• Staff training and feedback
• Quality assurance
• Complaint investigation and resolution
Any playback is carried out respectfully and confidentially. Staff may be invited to listen to relevant recordings as part of their development.
Retention of Recordings
• Call recordings are retained for 12 months in line with the practice’s data retention schedule
• Recordings are securely deleted once no longer required
Confidentiality and Subject Access Requests
• All call recordings are treated as confidential and fall under the practice’s data protection registration
• Patients may request access to recordings involving them through a Subject Access Request (SAR)
• Requests are assessed in accordance with data protection legislation
• Where appropriate, access may be provided by inviting the requester to listen to the recording on site
Right to Erasure
Individuals may request the erasure of personal data, including call recordings, where this right applies under UK GDPR.
Policy Review
This statement and the underlying policy are reviewed annually, or sooner if required due to legislative changes or operational updates.
iGPR Privacy Policy
What is iGPR?
We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for.
iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws.
The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care.
You can find more information available on their website and view their Privacy Notice directly using this link:
Data Opt-Out
For more information on Data Opt-Outs, please click here to visit our 'Patient Record 'page.
Page created: 03 September 2020