top of page
MBH.png

Recording and Images Policy

Creation Date:

12 October 2025

Responsible Individual:

Jerri Prior

Review Date:

12 October 2026

1. Purpose

This policy sets out Prior Mindset’s rules and safeguards regarding the recording of therapy sessions and the capture of images, including audio recordings, video recordings, screen recordings, screenshots, or photographs. Its purpose is to:

  • Protect client confidentiality and privacy

  • Maintain professional and therapeutic boundaries

  • Ensure compliance with UK data protection law and professional standards

  • Prevent unauthorised creation or distribution of sensitive material

  • Align with the Technology, AI and Platform Use Policy

  • Protect both the organisation and practitioners from legal, ethical, and safeguarding risk


2. Scope

This policy applies to:

  • All clients, families, and third parties participating in sessions

  • All practitioners, employees, associates, and contractors

  • All online, remote, or digital service delivery methods used by Prior Mindset

  • All devices and platforms used to access or deliver services


3. Core Policy Position

3.1 Prohibition on recording and image capture

Clients must not:

  • Audio record sessions

  • Video record sessions

  • Screen record any part of a session

  • Take screenshots or photographs during sessions

  • Use third-party software or devices to capture session content

This prohibition applies whether recording is overt or covert, partial or complete, and regardless of the stated purpose.

Unauthorised recording or image capture constitutes a breach of the therapy contract and of professional boundaries.


4. Rationale for Prohibition

4.1 Confidentiality and data protection

Therapy sessions involve highly sensitive personal and health information. Recording or capturing images creates additional personal data outside Prior Mindset’s controlled systems, increasing the risk of unauthorised access, disclosure, or misuse. Such activity may breach the UK GDPR and the Data Protection Act 2018.

4.2 Information security and loss of control

Recordings or images stored on personal devices or third-party platforms fall outside Prior Mindset’s security controls. The organisation cannot guarantee encryption, retention, deletion, or access controls once material leaves its systems.

4.3 Professional and therapeutic boundaries

Recordings or images may be taken out of context, edited, or misused, which may distort therapeutic work and undermine trust. Prohibiting recording protects the integrity of the therapeutic relationship and professional boundaries.

4.4 Legal and ethical obligations

Recording therapy sessions without a lawful basis or without the informed consent of all parties may breach:

  • UK GDPR and the Data Protection Act 2018

  • The common law duty of confidentiality

  • Professional ethical standards and codes of conduct applicable to psychological therapy practitioners


5. Limited Exceptions

Recording or image capture may occur only where all of the following conditions are met:

  1. There is a clear and lawful basis (for example, a court order or regulatory requirement), or explicit written authorisation has been granted by Prior Mindset management.

  2. Explicit, informed, written consent has been obtained from all parties involved.

  3. The purpose of the recording is clearly defined and documented in advance.

  4. The recording is carried out using systems approved by Prior Mindset.

  5. Storage, access, and deletion arrangements are documented and aligned with organisational retention schedules.

  6. The recording is deleted once it is no longer required for its stated purpose.

Approval is time-limited and purpose-specific. Consent may be withdrawn at any time.


6. Practitioner Use of Recording and Transcription Tools

For the avoidance of doubt:

  • Practitioners may use secure transcription or documentation tools solely to support clinical note-writing or accessibility needs, in line with the Technology, AI and Platform Use Policy.

  • Such tools are used only by the practitioner and are not shared with clients.

  • Clients do not have a right to receive raw audio files, transcripts, or automated outputs.

  • Any transcription or working material is treated as private clinical working material and managed in accordance with retention rules.

This section does not grant permission for clients to record sessions.


7. Client Communication and Consent

Clients are informed of this policy:

  • Prior to commencing therapy

  • Within contractual documentation and terms of service

  • Verbally at the start of online sessions where appropriate

Clients are reminded that recording or capturing images is not permitted and that continuation of services is conditional upon adherence to this policy.


8. Breach and Enforcement

8.1 Client breaches

If a client records or attempts to record a session without authorisation, Prior Mindset may:

  • Require immediate deletion of the recording

  • Suspend or terminate therapy services

  • Document the breach within internal records

  • Take further action where required to protect staff or comply with legal obligations

8.2 Staff breaches

Any unauthorised recording, disclosure, or misuse of recording or image technology by staff constitutes a serious breach of policy and may result in:

  • Disciplinary action

  • Termination of engagement or employment

  • Referral to relevant professional regulators where appropriate


9. Training and Awareness

  • All staff receive training on this policy during induction

  • Refresher training is provided as part of ongoing safeguarding and information governance training

  • Compliance forms part of routine audit and supervision processes


10. Legal, Regulatory and Standards Framework (Supplementary)

This policy is informed by, and should be read alongside, the following statutory provisions, regulatory frameworks, and professional standards. These are referenced as interpretative and assurance benchmarks to strengthen governance, accountability, and defensibility.

Data protection and information governance

  • UK General Data Protection Regulation (UK GDPR), including:

    • Article 5 (principles relating to processing of personal data)

    • Article 6 (lawful bases for processing)

    • Article 9 (special category data)

    • Article 24 (responsibility of the controller)

    • Article 25 (data protection by design and by default)

    • Article 30 (records of processing activities)

    • Article 32 (security of processing)

  • Data Protection Act 2018, including Schedule 1 conditions for processing special category data

  • ICO Accountability Framework

  • ICO guidance on:

    • Data protection and AI

    • Anonymisation and pseudonymisation

    • Data Protection Impact Assessments (DPIAs)

    • Security of personal data

Confidentiality and professional ethics

  • Common law duty of confidentiality

  • Professional ethical codes applicable to psychological therapy and healthcare practice (including principles of confidentiality, informed consent, and professional boundaries)

  • NHS Confidentiality Code of Practice (used as a benchmark for good practice)

Records management and retention

  • NHS Records Management Code of Practice (used as a benchmark for retention and disposal)

  • ISO 15489 Records Management principles

  • ICO guidance on retention and deletion

Digital health, technology and AI governance (best-practice benchmarks)

Although Prior Mindset is not an NHS body, the following are adopted as best-practice reference standards:

  • NHS Digital Technology Assessment Criteria (DTAC)

  • NHS England guidance on AI-enabled documentation and ambient scribing

  • DCB0129: Clinical risk management for the manufacture of health IT systems

  • DCB0160: Clinical risk management for the deployment of health IT systems

  • NHS Data Security and Protection Toolkit (DSPT) standards

  • ISO/IEC 27001 information security management principles

  • ISO/IEC 27701 privacy information management principles

Equality, accessibility and reasonable adjustments

  • Equality Act 2010

  • Equality and Human Rights Commission guidance on reasonable adjustments

Accessibility measures within this policy are implemented as reasonable adjustments to support staff with learning disabilities or neurodevelopmental differences, including dyslexia, dyspraxia, dyscalculia, ADHD and autism.

Safeguarding and information sharing

  • Children Act 1989 and 2004

  • Care Act 2014

  • Working Together to Safeguard Children statutory guidance

  • Information sharing guidance for practitioners

These frameworks support lawful information sharing where there is risk of harm, safeguarding concern, or statutory duty.

Employment, accountability and governance

  • ACAS Code of Practice on Disciplinary and Grievance Procedures

  • Principles of vicarious liability in employment and service provision

  • Health and Safety at Work etc. Act 1974 (as relevant to staff welfare and safe systems of work)


10. Review and Governance

  • This policy is reviewed annually or sooner if legislation, guidance, or operational practices change

  • Compliance is monitored by the Designated Safeguarding Lead and Data Protection Officer

  • Updates are approved by the Senior Management Team


11. Policy Ownership

Owned by: Designated Safeguarding Lead / Data Protection Officer

Applies to all Prior Mindset services, staff, and platforms

bottom of page