As smartphones and digital tools are more integrated into daily life, patients are increasingly recording their healthcare visits. While this can support better understanding and recall of medical advice, it also introduces legal, ethical, and professional considerations for medical providers.
Why Patients Record
Patients may choose to record their visits for several valid reasons:
- To better remember complex medical information.
- To share details with family members or caregivers who could not attend.
- To support treatment adherence and follow-up care.
However, recordings can also be misused, taken out of context, shared publicly, or even used in legal claims.
Recording Devices
Phone cameras for sharing images and video have complicated the issues of privacy in healthcare settings. Different rules and laws apply to photography by patients, visitors, families, and healthcare workers. However, they share the common theme of balancing the value of images against privacy. Common scenarios include:
- A proud parent wants a picture of their newborn in the nursery.
- A surgeon wants to document the course of a procedure.
- A nurse wants a consultation about a patient’s skin condition.
- A parent wants a child’s treatment record for a divorce action.
- A police officer wants to collect evidence of a patient’s injuries.
Medical facilities and practices cannot escape the obligation to implement reasonable safeguards to protect patient privacy. Some have tried to resolve these complex issues with “photography is forbidden” policies. But as the examples illustrate, zero tolerance may be difficult or impossible to fully enforce.
Know Your State Laws on Patient Recording
Understanding the legal landscape around patient recordings is essential for every healthcare provider. While federal law—specifically the Wiretap Act (18 U.S. Code § 2511)—requires only one party to consent to a recording, state laws may impose stricter requirements, and these laws can vary significantly.
- In most states, only one person involved in the conversation needs to consent to the recording. This means a patient can legally record their interaction with a provider without informing them if the patient is part of the conversation.
- In contrast, 12 states—including California, Florida, Illinois, Massachusetts, Michigan, Montana, Nevada, Pennsylvania, and Washington—require all parties involved in a conversation to consent to being recorded. In these states, a patient must obtain the provider’s permission before recording, or they may face legal consequences.
- Even in one-party consent states, healthcare practices operating on private property may establish their own policies restricting or regulating recordings. These policies can include signage, consent forms, or verbal agreements to protect patient and staff privacy.
- If a patient records a visit, HIPAA does not apply, as the patient is not a covered entity. However, if a provider records the interaction, the recording becomes Protected Health Information (PHI) and must be secured in compliance with HIPAA regulations.
Providers should familiarize themselves with the recording laws in their state and ensure their practice has clear, legally sound policies in place.
Best Practices for Providers
- Maintain professionalism in all patient interactions, as any conversation could be recorded.
- If a patient asks to record, consider it a sign of engagement. It may help them better understand and follow medical advice.
- Ensure that recordings do not capture other patients or staff without consent—especially in shared spaces like delivery rooms or waiting areas.
- Your organization should have written policies addressing:
- HIPAA compliance for provider-initiated recordings.
- Use of photography, video, and audio devices in clinical settings. This may include delivery room, ER, and other areas.
- Staff training on how to respond to patient recording requests.
Recording healthcare encounters can be a valuable tool for patients—but it also requires thoughtful policies and awareness from providers.
Formulating a Workable Policy
Photography, video, and audio recording policies approach the issue from one of two perspectives: broadest use (within reason) vs. strongest restrictions (within reason). Whichever approach best fits your organization, we recommend separately addressing each of the following categories of images:
- Hospital personnel taking photographs/recordings of patients for medical purposes.
- Hospital personnel taking photographs/recordings containing PHI for non-medical use (e.g., personal use, education, marketing, publicity, television shows, documenting abuse or neglect, research, security, quality assurance, etc.).
- Patients or visitors taking photographs/recordings of patients (i.e., of themselves and the patient vs. other patients).
- Patients or visitors taking images of hospital personnel, equipment, computer screens or facilities.
With respect to each category, the facility should address:
- Whether a HIPAA authorization is required, whether general consent will suffice, or whether no consent is required?
- Who must obtain the authorization/consent when required (healthcare provider, hospital employee or photographer)?
- How will the photographs/recordings be taken (use of cell phones or personal cameras)?
- Will encouraging recording with permission minimize surreptitious recording?
- How will the photographs/recordings be stored and transmitted (using only designated equipment vs. deleting images used for medical purposes)?
- Permissible and prohibited uses or disclosures.
When formulating your policy consider the following:
- Providers should treat photographs/recordings as Protected Health Information (PHI). Recording devices could include personal device, cellphone, recording device, webcam, police bodycams, and film crew. Ensure your policy addresses all recording devices.
- Photographs/recordings for patient care (such as a cellphone of a wound) should be treated as part of the medical record.
- Identify high-risk areas (Emergency Room, Labor & Delivery, Operating Room, and waiting rooms) for privacy violation to occur and focus your efforts on these areas. Different areas in the facility may require different policies.
- Patient consent should be obtained before any photograph, video, or audio recording occurs by the facility/practice or with its permission.
- A policy should be in place to deal with non-compliance and educate all staff on policy for the designated area.
- Post the photography policy or signs/posters addressing photography in various locations in the facility, especially in high-risk areas. Make patients and visitors aware of your organization’s policy also through information in admission packets and the organization’s HIPAA privacy notice.
- Healthcare facilities may want to consider asking patients and visitors to acknowledge their agreement to comply with privacy policies.
Source: www.americanpatient.org/can-patients-record-their-doctor-visits/
The information provided herein does not, and is not intended to constitute legal, medical, or other professional advice; instead, this information is for general informational purposes only. The specifics of each state’s laws and the specifics of each circumstance may impact its accuracy and applicability, therefore, the information should not be relied upon for medical, legal, or financial decisions and you should consult an appropriate professional for specific advice that pertains to your situation.
Article originally published in Copic's 3Q25 Copiscope newsletter.