Skip Navigation LinksAskECRI041118

​A risk manager recently sought guidance for handling patients who wish to record encounters with providers.

In our response, ECRI Institute recommended first consulting with legal counsel to determine any applicable laws on consent to be recorded and whether one or both parties must provide consent.

Healthcare facilities should also consider whether the recording could be a violation of the Health Insurance Portability and Accountability Act (HIPPA). In general, if the patient is the one doing the recording, the patient is not considered a “covered entity" under HIPAA. The main concern would be if the patient is recording in a place where other patients' conversations might be picked up, such as in the waiting room or in an examination room with the door open where other private conversations could be heard. If the facility agrees to allow a patient to record a conversation with the provider, the facility should ensure that the patient and provider are in a private area away from other patients.

When developing a policy on allowing audio and visual recordings, the facility should ask the following questions:

  • Will patients ever be allowed to record a visit?
  • If yes:
    • Under what circumstances?
    • Will individual providers be permitted to opt-out of being recorded?
    • Specify that the patient's device will be used.
    • Will you require a copy of the recording to be provided to the health center to be stored with the medical record?
    • How should patients notify the provider that they wish to record the visit?
    • Where can recording take place?
    • Is signage posted that specifies all of the above?
  • If no:
    • How will this be communicated to patients (e.g., signage)?
    • What if a provider wants to allow recording anyway?
    • What will you do if you find a patient covertly making a recording?
  • What will you do if you find a recording (known or unknown to you) posted on social media (Facebook, YouTube)?
  • Who is responsible for enforcing all of the above?

For more information, refer to the guidance articles Covert Affairs: Recording Conversations in Physician Offices, as well as The HIPAA Privacy Rule and The HIPAA Security Rule

The recommendations contained in Ask ECRI do not constitute legal advice. Facilities should consult legal counsel for specific guidance and develop clinical guidance in consultation with their clinical staff.

Topics and Metadata


Health Information Privacy


Ambulatory Care Center; Physician Practice

Clinical Specialty



Risk Manager; Legal Affairs; Clinical Practitioner; Nurse

Information Type


Phase of Diffusion


Technology Class


Clinical Category



SourceBase Supplier

Product Catalog


ICD 9/ICD 10






Publication History

​Published April 11, 2018

Who Should Read This