Can CCTV record inside consultation rooms without patient consent? UK Dental and Medical Practices CCTV rules explained 2026

Published on May 14, 2026

Generally, recording inside a private consultation room, especially where sensitive medical information is discussed or where examinations occur, is highly restricted and requires careful justification under UK data protection law. Under the Data Protection Act 2018 (DPA 2018) and GDPR, you must establish a clear lawful basis for processing the data, and patient consent is often the most advisable, but not always the only, basis. If you install cameras, you must adhere to the principles of proportionality, meaning the recording must be necessary and proportionate to the stated aim, such as safeguarding property or preventing theft. Recording sensitive health data (Special Category Data) requires even higher justification, and the ICO strongly advises that such recordings are avoided unless absolutely critical for risk management. If you proceed, you must prominently display clear signage detailing exactly what is recorded, where, and for how long, and ensure staff are fully trained in data handling.

More questions about Dental and Medical Practices:

Is it legal to use CCTV to monitor staff performance in a dental surgery?

While CCTV can be used for staff monitoring, its application in a medical setting must be highly proportionate and must not breach the employee's reasonable expectation of privacy. Monitoring performance must be framed around specific, justifiable security risks or operational improvements, not merely to observe work habits. Always consult your employment contract and implement a formal policy that details the scope, duration, and purpose of the monitoring. You must ensure staff are informed before any monitoring begins to comply with best practice guidelines.

Do I need a Data Protection Impact Assessment (DPIA) before installing CCTV in a clinic?

Yes, given the processing of sensitive health data (Special Category Data), a DPIA is strongly recommended, if not legally required, under GDPR principles. A DPIA forces you to systematically identify, assess, and mitigate the risks associated with the CCTV installation, such as potential data breaches or misuse. It helps you prove to the Information Commissioner's Office (ICO) that you have taken every reasonable step to protect patient confidentiality and rights.

Yes, monitoring public waiting areas for anti-social behaviour or theft is a common and usually justifiable use, provided the cameras are clearly signposted and only cover common areas. The footage must not be used to monitor individual patients' movements within private areas. You must specify the purpose (e.g., "Crime Prevention") and limit the retention period, ensuring the footage is only reviewed when a specific security incident occurs.

Absolutely. Any blind spots must be maintained to prevent the monitoring of private areas, such as changing rooms, restrooms, or specific consultation furniture. Camera angles should be directed towards entrances, exits, and common circulation paths, rather than focusing directly into treatment areas. If a private area is visible, physical barriers or digital masking (if available) should be used to ensure compliance with the highest standards of patient dignity.

Need a free survey of your CCTV coverage? Phone: 07830 638 337

Resources and Guides: GitHub: https://github.com/gazpearce/gary-ai-assistant Pillar Guide: https://cctvsystems.notion.site/35f5b433f5b581919f1ff69c173ea5da

Gary Pearce | 07830 638 337 | https://github.com/gazpearce/gary-ai-assistant

Can CCTV record inside consultation rooms without patient consent? UK Dental and Medical Practices CCTV rules explained 2026

Can CCTV record inside consultation rooms without patient consent? UK Dental and Medical Practices CCTV rules explained 2026