The recording of conversations between dentists and patients can pose significant risks to dental professionals, including potential HIPAA violations, loss of control over the use of the recording and legal issues related to consent. Dentists should take steps to protect patient privacy.
The same technological advances that advance the dental practice also introduce new challenges. Cyberattacks are on the rise, necessitating increased vigilance and robust cybersecurity measures.
Analysts at The Dentists Insurance Company have observed that dental professionals are also confronting the challenges of patient-recorded conversations. Many patients are now asking to record office visits with their health care providers — including dentists — and providers are unsure how to respond. Other patients are recording surreptitiously, perhaps under the impression that this is allowed due to the increasing popularity of videos posted online showcasing personal interactions.
TDIC’s Risk Management Advice Line provides guidance to TDIC policyholders and dental association members. Analysts have answered recent calls regarding patients who want to record their treatment or conversations with the dental team using the audio/visual capabilities of their smartphones. Often, patients mistakenly believe their HIPAA protected right to access records includes the right to record conversations with their health care providers. While this action may seem innocent or even beneficial at first, the risks to dentists are many, including potential HIPAA violations, loss of control over the use of the recording and legal issues related to consent.
The following case study illustrates how TDIC’s analysts have advised callers to respond to inquiries about patients recording in the office.
A patient and her husband came to a dentist’s office for an emergency after-hours visit. The visit started on rocky ground with the patient calling the office, threatening if they did not see the dentist and “something happened,” she would be holding the dentist “responsible.” When urged to go to a hospital emergency room for treatment, the patient refused, instead demanding that the dentist address the “infection” and provide her with antibiotics. The patient also stated that due to her husband’s work schedule she could not be seen during regular business hours.
At the beginning of the appointment, the dentist suspected that the patient’s husband was covertly recording the conversation. This was confirmed when the patient later stated “I’m recording you” as further intimidation to ensure that the dentist treated her. The entire experience left the dentist shaken but also frustrated that he had come to the office after hours to provide emergency care for the patient due solely to her demands, yet she proceeded to question his recommendations by recording their interaction.
The following day, after considering the interaction, the dentist contacted the Risk Management Advice Line seeking guidance. The analyst advised the dentist that he should have instructed the patient to stop recording, stating that he neither authorized nor consented to being recorded. The analyst explained that most states have privacy laws related to audio and video recording permissions. The dentist who called the Advice Line practices in a “two- party consent” state, meaning any audio recordings must be agreed upon by both parties; otherwise, they are a violation of privacy.
The dentist initially responded, “Well, I have nothing to hide. If she wants to record, let her.” The analyst pointed out that even if he did consent to allow the interaction to be recorded, he — and future listeners — would have no way of knowing if the patient manipulated or altered the recording in a manner that misrepresented the true interaction between provider and patient.
Key information that the dentist discussed with her could be removed to falsely suggest he had not provided counsel on the necessary risks, benefits and alternatives during this interaction. The dentist would not receive a written transcript of the recording to verify the accuracy of the parties present, the date of the interaction or the integrity and accuracy of the content.
The potential violation of HIPAA privacy laws is one of the most significant risks associated with patients recording their conversations with health care providers. While most dentists and practice staff are aware of the significant limitations HIPAA places on their activities, it is less clear how to react when it’s a patient who wants to record the dentist — or themselves — potentially exposing protected health information of other patients.
The recording of peripheral conversations in the dental office, such as those between staff members, can be a violation of HIPAA privacy law. These conversations may inadvertently contain sensitive patient information, and their recording could result in a breach of patient confidentiality. Practices should always be aware that recordings may take place without their knowledge, so proper HIPAA precautions and patient interactions should be the norm through training and preparation.
Under HIPAA, patients have the right to access their medical records, but they do not have the right to record their conversations with their dentist without explicit consent.
The loss of control over the recording’s use is another risk associated with patients recording conversations with dentists.
Patients may edit or tamper with the recording, or it may be used by third parties, such as social media or news outlets, without the dentist's consent. In some cases, artificial intelligence may be used to analyze the recording, potentially revealing sensitive patient information. It could also be a means of intimidation or coercion. Dentists must be aware that once a recording is made, they have little control over its use or dissemination.
In addition to federal privacy laws, individual states may have their own laws regarding the recording of conversations. California is a two-party consent state, meaning that to be legal, all parties must consent to the recording of a conversation, including dentists, staff and patients. Failure to obtain consent can result in legal repercussions.
California dentists should take care to ensure that any recordings made in their office are done with the explicit consent of all parties.
So, what should a dentist or staff member do if a patient asks to record their conversation or if they discover a patient recording in the office?
If a patient asks to record, dentists should first advise the patient that digital recordings by handheld devices such as smartphones are prohibited on the premises to protect the privacy of other patients and staff in compliance with federal and state privacy laws. If the patient is insistent, encourage them to take notes or to bring a trusted family member to appointments to take notes and help them remember the conversation.
If a dentist discovers that a patient is recording without consent, they should immediately stop the recording and explain to the patient that it is a violation of privacy laws. If the recording contains any sensitive patient information, the dentist may be required to report the incident to the appropriate authorities. The patient should also be advised that any further violation may result in their dismissal once treatment is complete. (Contact the Advice Line for guidance prior to any dismissal.)
If you do not already have verbiage specific to audio or video recording, revise your policy to include it. Your policy might read:
Due to potential acquisition of other patients protected health information (PHI) recording any part of or your visit to our office is strictly prohibited.
Consider inquiries to record as opportunities to identify patients who may need additional information or time to have a more complete understanding of their condition and the recommended treatment. Some thoughtful questions may help you to understand what is motivating the patient’s request. Some patients leave the dentist's office either not understanding some of the information given or forgetting it. Reassure the patient that they are welcome to take notes if they need to remember important information and that pertinent treatment information is recorded within their own patient record, which they can request.
The recording of conversations between dentists and patients can pose significant risks to dental professionals, including potential HIPAA violations, loss of control over the use of the recording and legal issues related to consent. Dentists should take steps to protect patient privacy, including verbiage prohibiting recording in the office and educating staff members on the potential risks associated with recording conversations.
Rather than reacting defensively when a patient asks permission to record, view it as an opportunity to better understand that patient’s needs and thoughtfully educate them about the nuances of privacy laws.
If you have questions about compliance with HIPAA privacy laws, navigating patient communication issues or other challenges, TDIC’s Advice Line analysts offer knowledgeable and dentistry-centered guidance.
TDIC’s Risk Management Advice Line is a benefit of CDA membership. Schedule a consultation with an experienced risk management analyst or call1.877.269.8844. Reprinted with permission from the California Dental Association, copyright May 2023.