CQC in December produced guidance on the use of surveillance technology. The commission suggests that it can help services:
- protect people’s safety, for example from the risk of unsafe care or treatment
- keep premises and property secure
- help people stay safe without restricting their activities.
Care services are more likely to use surveillance openly (overt surveillance). Which requires the provider to tell everyone that it affects. You can do this by talking to them before you start using surveillance or by putting up clear notices. In some circumstances, you may need their consent.
This is when you use hidden cameras or microphones people are not aware of. This is only likely to be appropriate in rare circumstances, if you have a pressing reason and only plan to use it for a short time. For example, you might decide to use it to identify a specific incident or allegation.
If the provider uses surveillance to help keep people safe or monitor their wellbeing, CQC will treat it as part of their care. This means it must meet the regulations under the Health and Social Care Act.
But any recordings made of people also count as information about them. Collecting information about people is regulated by the Information Commissioner’s Office (ICO).
Things to be carried out before commencing surveillance
Before they start providers must be able to identify the purpose for using surveillance – the thing you want to achieve. The provider should:
- Carry out an initial assessment
- Check the right regulations
- Fill in a data protection impact assessment
- Carry out a needs assessment
- What you should record
Records to be kept by the provider
The provider must keep a record of:
- your purpose for using surveillance, including how it supports people’s needs
- your initial assessment
- your DPIA, if you’ve completed one
- what alternatives to surveillance you’ve considered.
The provider should tell people:
- why they are considering surveillance (your purpose)
- what type of surveillance they are thinking about using
- where they are considering using it
- what information they will collect
- where and how they will store the information
- who will have access to the information and how long will they keep it.
It’s best to keep a record of the process when people are consulted, along with their responses. Providers are reminded that initial consultation with people is not the same as getting consent.
People raising concerns
People who use your service or their families may raise concerns about privacy. If they do, the provider must take steps to address them. The aim is to make the impact on people’s privacy as small as possible.
Equipment and staff training
When choosing equipment, the provider must ensure it’s fit for purpose. For example, it may need to capture video at a high enough resolution that you can recognise people.
Staff training and record keeping
Staff must be properly trained in handling information gathered by surveillance.
To protect people’s information providers must make sure:
- staff are properly trained in handling information gathered by surveillance
- they have clear policies and procedures for when people ask for access to recordings, about sharing information and for complaints about surveillance
- they keep a record of who has had access to the information, when and why
- they have a clear policy about keeping information and recordings secure, how long you keep them for, and when and how you destroy them
- if someone else (like a security company) is handling personal data on their behalf, their contract with them must set out clear rules on how they process it.
Use of hidden cameras
People sometimes worry about a loved one and their care. They might use hidden cameras or microphones to give themselves reassurance. If the provider finds that surveillance is being used in their service, it’s important to put the interests of the person first.
The appropriate use of surveillance technology will be a cause for concern for many providers. The requirements of the GDPR have added another dimension to the importance of correctly handling people’s data. Before contemplation of its use providers would be well advised to refer to the CQC guidance on their website.
Albert Cook BA, MA & Fellow Charted Quality Institute
Bettal Quality Consultancy