Hospitals and Healthcare CCTV compliance

How can hospitals and healthcare facilities assure staff and patients of data privacy?

Hospitals and healthcare facilities are largely open environments in which anyone can access external areas such as car parks, and internal areas from reception to corridors, wards and even emergency rooms. There are growing risks of abusive or criminal activities. Some medical institutions have introduced body cams to monitor and prevent potential staff abuse. Other hospitals and healthcare facilities are exploring CCTV to manage risks in their buildings and wider estates.

Hospitals and healthcare facilities are largely open environments in which anyone can access external areas such as car parks, and internal areas from reception to corridors, wards and even emergency rooms. There are growing risks of abusive or criminal activities. Some medical institutions have introduced body cams to monitor and prevent potential staff abuse. Other hospitals and healthcare facilities are exploring CCTV to manage risks in their buildings and wider estates.

Hospitals have a strict duty of care towards patients and their privacy. With the advent of GDPR – which treats images of people as data – there are also strict guidelines about video recording, sharing video and redacting people to protect their privacy of all but the person(s) of interest. When requests are made by third parties for copies of video footage – by the police, other agencies, or the public – the CCTV footage must be handed over within a set period in a compliant manner.

Facit Identity Cloak provides a fast, cost-effective way to redact (blur) the faces or full bodies of people in video footage in order to protect their privacy. Identity Cloak provides an ideal alternative to costly bureau services. In-house users report that Identity Cloak is easy to use and enables them to turn around compliant video footage in minutes.

Criminal activity in hospitals increases the need for vigilance and video

Possession of firearms, sexual assault, racial abuse, arson and threats to kill are among the hundreds of crimes reported at hospitals across the UK.

Figures published by Sussex Police through a Freedom of Information request reveal 374 incidents were logged in one year in just one UK county. Other allegations included possession of drugs, burglary, possession of a knife and burglary and harassment. [The Argus, 2017]

The most common incidents were theft, common assault and public order offences. Some of the crimes reported had happened elsewhere but were dealt with by police at a hospital. Several cases were linked to people who were drunk or on drugs and happened at weekends or Friday nights while others involved those with mental health problems.

Facit advises on video data privacy policy

As the use of video – body cams and CCTV – increases in medical facilities, so the need for effective compliance measures increases. Facit advises organisations with open access and high occupancy on how to treat, store and share video footage in a compliant manner. For the majority of operations, Identity Cloak offers a cost effective subscription-based solution that enables users to address the problem of crime without compromising people’s data privacy.

Where to find advice on the use of CCTV surveillance in hospitals and healthcare facilities

Bodies such as the Medical Defence Union (MDU) provide checklists on the use of CCTV. If you are planning to install CCTV, consider the following points:

  • Record your reasons for installing CCTV and ensure they are proportionate and legitimate, such as crime prevention. The ICO says the use of CCTV should be reviewed each year. Seek advice from your local Caldicott Guardian or Data Protection Officer (DPO), if necessary.
  • Ask one person within the practice, ideally the data controller, to be responsible for ensuring your CCTV system complies with the law and your ethical duty to protect patients.
  • Seek professional advice about the most appropriate surveillance technology, the location of cameras, facial recognition, time/date stamps, etc. As with any third party supplier, put in place a contract which includes guarantees about issues such as security and patient confidentiality when processing images.
  • Install clearly visible signs which state that CCTV cameras have been installed.
  • Restrict access to stored CCTV images and only view them in a secure area. Do not retain images for longer than necessary, unless they are needed as evidence.
  • Do not disclose images of patients without consent, except in exceptional circumstances when this can be justified in the public interest. Where other people are recorded on the same footage, their image should be blurred to protect their confidentiality.
  • Your practice privacy policy should cover the installation of cameras, the safe storage of images, retention periods, disclosure to the police and subject access requests. [This above guidance was correct as at 30/08/2018]

Further useful reading is available in The Government’s Surveillance camera code of practice, which was published in 2013.

Get in touch

We can do a lot more with your CCTV cameras,
let us help you find a solution