Call Recording Policy
All calls (inbound and outbound) at Rosebank Health are recorded for training and monitoring purposes.
This policy outlines Rosebank Health’s call recording process. The purpose of call recording is to provide a record of incoming and outgoing calls which can:
- Identify practice staff training needs
- Protect practice staff from nuisance or abusive calls
- Establish facts relating to incoming/outgoing calls made (e.g. complaints/disciplinary issues)
- Identify any issues in practice processes with a view to improving them
The purpose of this policy is to ensure that call recording is managed in line with General Data Protection Regulations (GDPR) & Data Retention requirements. This will generally involve the recording of telephone conversations which is subject to the Telecommunications Act 1984.
Rosebank Health will make every reasonable effort to advise callers that their call may be recorded and for what purpose the recording may be used. This will normally be via a pre-recorded message within the telephone system. The voice file will be stored within the telephone system to which the same rules of confidentiality will apply.
Where a patient requests to listen to a recording then this should be allowed within the general provisional of data subject access (SAR) under General Data Protection Regulations.
This policy applies to all practice staff including any contracted or temporary workers. All calls via the telephone systems used in the practice will be recorded, including:
- All external incoming calls
- All external outgoing calls made by practice staff
- All internal incoming and outgoing calls made by the practice staff
- Call transfers
Recording will automatically stop when the practice staff member terminates the call.
Callers will be advised that all calls are recorded for quality/training purposes – this will be in the form of an automated voice message when patients call the practice number 01452 543000 / 01452 720011
A patient (and staff) can request the call not to be recorded at any time during a live call.
- In a video call only the audio part of the call is recorded.
- Outbound calls to a patient, these will be automatically recorded, but we do not need to notify the patient that the call will be recorded, as this message is mentioned on the pre-recorded message when a patient calls the practice, as well in the policy on our website which is viewable to the public.
Playback / Monitoring of Recorded Calls
Monitoring of the call recordings will be undertaken by allocated Supervisors on the phone software. Any playback of recordings will take place in a private setting.
All recordings will be stored securely for 6 months and access to these should be controlled and managed by the Practice Manager and by the Supervisors, who has been appointed by the Practice Manager. Access to the recordings will be by request to the Practice Manager or Patient Services Manager.
Subject Access Requests (SAR)
Subject Access Requests can be made in writing by a patient to have access to their telephone calls with Rosebank Health, if available, it should be noted that recordings are only kept for 6 months. Recordings can be downloaded as a MP3 format only.
The General Data Protection Regulations allows access to information that is held about them and their personal data. This includes recorded telephone calls. Recordings should be stored in such a way that will enable easy access to the information relating to one or more individuals.
Requests for copies of telephone conversations can be made under the GDPR as a “Subject Access Request (SAR)”. This must be done in writing and after assessing whether the information can be released, the requestor can be invited to the practice premises to hear the recording.
If there is a request from an external body relating to the detection or prevention of a crime (e.g. police), then requests for information should be directed to the Practice Manager responsible for GDPR to carry out the request for the recording.
Where are the recordings stored?
Calls are routed through X-On’s network, recorded and stored by X-ON. The recordings are kept on their servers in a secure environment that cannot be accessed externally except by authenticated users.
X-On satisfy the security requirements for:
- ISO 27001 Security Standards certification
- ISO 9001 Quality Management System Standards certification
X-on are a Crown Commercial Service Supplier and have been assessed against the NHS Information Governance Toolkit.
For more information please click on these links: