Practice Policies

Text Messaging Policy

 Text Messaging Policy for Old Kilpatrick Medical Practice

  1. Purpose

The purpose of this policy is to ensure that Old Kilpatrick Medical Practice complies with the General Data Protection Regulation (GDPR) when sending text messages (SMS) to patients. This policy outlines the procedures for obtaining consent, data protection, and security measures.

  1. Scope

This policy applies to all staff members at Old Kilpatrick Medical Practice involved in the collection, processing, and dissemination of patients' personal data via text messaging.

  1. Legal Basis for Processing

Old Kilpatrick Medical Practice will only send text messages to patients if at least one of the following conditions is met:

  • Consent has been obtained from the patient.
  • The text message is necessary for the performance of a contract to which the patient is a party.
  • The text message is necessary for compliance with a legal obligation.
  • The text message is necessary to protect the vital interests of the patient or another person.
  • The text message is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  1. Obtaining Consent
  • Patients must consent to receive text messages.
  • Consent must be documented and stored securely.
  • Patients must be informed about the types of messages they will receive (e.g., appointment reminders, health information, prescription notices).
  • Patients must be informed of their right to withdraw consent at any time and the process for doing so.
  1. Data Minimisation
  • Only essential information will be included in text messages to ensure data minimisation.
  • Sensitive personal data will not be included in text messages.
  1. Data Security
  • Text messages will be sent through a secure messaging service that complies with GDPR.
  • Access to the text messaging system will be restricted to authorised personnel only.
  • Appropriate technical and organisational measures will be implemented to ensure the security of personal data.

 

  1. Patient Rights
  • Patients have the right to access their personal data, request rectification or erasure, and object to processing.
  • Patients must be informed of their rights and how to exercise them.
  1. Data Retention
  • Personal data processed for text messaging will be retained only as long as necessary for the purposes for which it was collected.
  • A data retention schedule will be maintained and regularly reviewed.
  1. Data Breach Notification
  • In the event of a data breach, the practice will follow its Data Breach Policy, including notifying the Information Commissioner's Office (ICO) and affected patients where required.
  1. Training and Awareness
  • All staff involved in sending text messages will receive regular training on GDPR compliance and data protection best practices.
  1. Review and Updates
  • This policy will be reviewed annually or when there are significant changes in data protection laws or practices.
  • Updates to the policy will be communicated to all relevant staff.
  1. Contact Information

For any questions or concerns regarding this policy, patients can contact us at:

  • Phone: 01389 315800
  • Email: ggc.gp40065clinical@nhs.scot
  • Address: Erskine View, Old Kilpatrick, G60 5JG
Call Recording Policy

OLD KILPATRICK MEDICAL PRACTICE

 

Old Kilpatrick Medical Practice, Erskine View Old Kilpatrick Glasgow G60 5JG

               

Call Recording Policy

Introduction


This policy outlines the practice’s call recording process. The purpose of call recording is to provide a record of incoming and outgoing calls which can

•    Identify practice staff training needs
•    Protect practice staff from nuisance or abusive calls
•    Establish facts relating to incoming/outgoing calls made (e.g. complaints)
•    Identify any issues in practice processes with a view to improving them


Purpose

 

The purpose of this policy is to ensure that call recording is managed in line with DPA & Data Retention requirements. This will generally involve the recording of telephone conversations which is subject to the Telecommunications Act 1984.

The practice will make every reasonable effort to advise callers that their call may be recorded and for what purpose the recording may be used. This will normally be via a pre-recorded message within the telephone system, an information notice in our waiting room practice or a message on our website. The voice file will be stored within the telephone system to which the same rules of confidentiality will apply.

Where a patient requests to listen to a recording then this should be allowed within the general provisional of data subject access under the Data Protection Act 2018.

 

Scope

 

This policy applies to all practice staff including any contracted or temporary workers.
All calls via the Reception telephone lines used in the practice will be recorded, including:


•    All external incoming calls
•    All external outgoing calls made by practice Reception staff

Recording will automatically stop when the practice staff member terminates the call.

Callers will be advised that the call will be recorded for quality/training purposes in the form of an automated voice message, an information notice in our waiting area and by a message on our practice website.

 

 


Playback / Monitoring of Recorded Calls

 

Monitoring of the call recordings will be undertaken by the Practice Manager and Partners of the Practice. Any playback of recordings will take place in a private setting and where applicable, individuals should be given the opportunity to listen to the relevant recordings to receive feedback and developmental support.

All recordings and call recording equipment will be stored securely, and access to these will be controlled and managed by the Practice Manager.

Recordings will be accessed by logging into a dedicated, password protected computer system.

Calls will be retained by the Practice for up to 12 months.


Confidentiality


The Data Protection Act allows access to information that is held about them and their personal data. This includes recorded telephone calls.

Requests for copies of telephone conversations can be made under the Data Protection Act as a “Subject Access Request”.  After assessing whether the information can be released, the requestor can be invited to the practice premises to hear the recording.  The right to be forgotten’ does not override legal and compliance obligations.

If there is a request from an external body relating to the detection or prevention of a crime (e.g. police), then requests for information should be directed to the Practice Manager under GDPR, organisations are prohibited from recording the personal conversations of staff, even with consent, and therefore need to ensure that while business calls are recorded, personal calls always remain private.

 

Page last reviewed: 19 August 2025
Page created: 03 May 2023