Keeping Patient Data Safe: GDPR, Encryption and Data Minimisation

A recording of a dental appointment is among the most sensitive data a practice handles. Under UK GDPR it is special-category health data, which carries the highest bar for lawful processing and security. Treating it casually is not an option, and the safeguards have to be demonstrable, not merely claimed.

The principles that drive the design

• Data minimisation: collect only what is needed to produce the note, and give practices the ability to disable audio storage entirely so recordings are processed in real time and never saved.
• Encryption in transit and at rest: audio moves over TLS and, where stored, is held in encrypted object storage with server-side AES-256.
• Purpose limitation: clinical data is used to generate the clinician’s note — not repurposed to train third-party foundation models.

Where the data lives

Keeping data in a known jurisdiction matters for both compliance and trust. Storage and processing should be pinned to a defined region, access should be governed by least-privilege roles, and every retrieval of a recording should require a short-lived, signed URL rather than a permanently public link.

Sub-processors and the ICO

Any AI scribe relies on a chain of sub-processors — speech-to-text, language models, cloud hosting. Responsible operators register with the ICO, maintain a current record of processing activities, publish their sub-processor list, and ensure each link in the chain is covered by an appropriate data-processing agreement. Transparency here is itself a safety control: you cannot protect data whose journey you cannot describe.