- The analogue PSTN is being withdrawn under Openreach's all-IP migration, scheduled to complete in 2027, which affects GP and NHS phone lines.
- Processing of patient information by phone is personal data under the UK General Data Protection Regulation and the Data Protection Act 2018.
- Call recording that captures patient information is itself processing of special category data and needs a lawful basis and clear purpose.
- NHS organisations assess data and cyber security through the national Data Security and Protection Toolkit published on GOV.UK.
- Ofcom requires communications providers to maintain access to 999 services, which clinical sites must preserve when moving to digital voice.
NHS and healthcare services can use VoIP, but calls handling patient data must be secure, lawfully recorded where applicable, resilient for 999 access, and migrated off the PSTN before the 2027 switch-off.
Last reviewed: June 2026
VoIP in a clinical environment
Telephone contact remains central to how the health service runs. Patients book appointments, request results, describe symptoms during triage and receive clinical advice over the phone, and every one of those calls may involve confidential health information. Voice over internet protocol, or VoIP, carries that conversation as data across a broadband connection rather than over the legacy analogue line. The technology is mature and widely deployed across primary and secondary care, but a clinical setting raises the bar on security, lawful handling of information and resilience compared with an ordinary office.
The distinguishing feature of a healthcare line is that a single call can carry information of unusual sensitivity. A receptionist arranging an appointment, a clinician relaying a test result and a triage nurse assessing chest pain are all handling personal data, and in the latter two cases that data falls into the special category for health under Article 9 of the UK GDPR. That status is what raises the threshold: the organisation is not simply running a phone system but operating a channel through which confidential clinical information flows, and the controls around it have to reflect that. A practice that treats its telephony as ordinary office equipment risks underestimating the duties that attach to the conversations it carries.
The move to VoIP is not optional in the long run. The analogue Public Switched Telephone Network is being retired under Openreach's all-IP migration, scheduled to complete in 2027, so GP practices, community services and trusts that still run analogue lines must plan a transition. The aim is not simply to keep the phones working, but to keep them working in a way that protects patient confidentiality and preserves the ability to reach emergency services at all times. For clinical sites the transition therefore couples a technical change with an information-governance review, because the two cannot sensibly be separated.
Handling patient information by phone
When a clinician or receptionist discusses a patient on the phone, they are processing personal data, and health information is treated as special category data under the UK General Data Protection Regulation and the Data Protection Act 2018. That status carries extra obligations: there must be a lawful basis under Article 6 and a separate condition for processing special category data under Article 9, the data must be kept secure in transit and at rest, and access must be limited to those who need it. VoIP traffic that traverses the public internet should therefore be protected by appropriate technical controls, and a healthcare organisation should be able to evidence how it does so.
The mechanism that protects a VoIP call in transit is encryption, which scrambles the voice traffic so that it cannot be intercepted and understood as it crosses the network. Encryption alone is not sufficient, though: access to the system, to voicemail and to any stored recordings must be controlled through individual accounts and roles, so that only staff with a legitimate need can reach patient information. Where a third-party supplier hosts the VoIP platform, that supplier is a processor acting on the organisation's instructions, and a written contract setting out its security obligations is part of meeting the duty. The controller, in other words the practice or trust, remains accountable even though a supplier operates the platform.
Classification matters when deciding what can be shared over a given channel. Routine confirmation of an appointment carries less sensitivity than discussion of a diagnosis, and identity should be verified before sensitive details are disclosed. NHS organisations assess their data and cyber security posture through the national Data Security and Protection Toolkit published on GOV.UK, which provides the framework against which a practice or trust can judge whether its telephony arrangements are adequate. A clear internal policy on what may be discussed, recorded and stored, and who may access it, is the practical expression of those duties.
NHS VoIP communications requirements
The table below summarises the core capabilities a healthcare VoIP deployment is generally expected to support. It is a planning aid rather than a certification standard, and each organisation should map it to its own information governance assessment.
| Requirement | What it means | Source of the duty |
|---|---|---|
| Secure transmission | Encryption of voice traffic and access control | UK GDPR / Data Protection Act 2018 |
| Lawful recording | Defined purpose and lawful basis if recording | UK GDPR / Data Protection Act 2018 |
| 999 access | Reliable route to emergency services | Ofcom General Conditions |
| Power resilience | Back-up so calls survive a mains failure | Ofcom resilience measures |
| Governance evidence | Assessment recorded against national toolkit | Data Security and Protection Toolkit |
Call recording in healthcare
Many practices and trusts record calls for safety, training, dispute resolution or to confirm the detail of clinical advice. Recording a call that contains health information is a further processing of special category data, so it needs its own lawful basis, a clear and specific purpose, defined retention and secure storage with controlled access. Callers should be told that recording takes place, and the recordings should not be retained longer than the stated purpose requires. A blanket policy of recording everything indefinitely is hard to justify and increases risk if a breach occurs.
Retention deserves particular care in a clinical context because the right period is tied to the purpose, not to convenience. A recording kept to evidence the wording of clinical advice given during triage may need to be held in line with the relevant records management schedule, while one kept only for training may be deleted much sooner. The practical mechanism is the same as in any sector: a documented retention schedule, applied automatically where the platform allows, so that audio is purged once its purpose has passed. Where a recording could be relevant to a safeguarding concern or a complaint, the organisation should be clear in advance about how such a recording is identified and preserved rather than relying on an ad hoc search later.
Because the legal duties sit in data protection law, the controlling references for a healthcare organisation are the UK GDPR and the Data Protection Act 2018, alongside the organisation's information governance assessment. Where recordings form part of the clinical record or may be needed for safeguarding, retention should align with the relevant records management schedule. The key point is that recording is a deliberate, documented decision with a defined purpose, not a default switch left on because the VoIP platform makes it easy.
Resilience and 999 access in a clinical setting
A clinical phone line carries a duty that an ordinary office line does not: it must remain able to reach emergency services. Ofcom's General Conditions require communications providers to maintain access to 999, but the analogue network achieved this in a way that VoIP does not replicate automatically. The old line drew power from the exchange, so a phone kept working during a local mains failure. A digital voice service depends on mains-powered broadband equipment, so without battery back-up the line, and with it the ability to dial 999, goes down in a power cut. For a GP surgery, a community clinic or a treatment room, that is a patient-safety consideration rather than a mere inconvenience.
The practical response is to identify which lines and locations are critical and to provide a resilient fallback for them, whether through battery back-up at the relevant equipment, a mobile device kept charged for emergencies, or an alternative route agreed with the provider. The organisation should also confirm how caller location is presented to the emergency operator on the new service, since a digital line is not bound to a single socket the way copper was. Treating resilience as part of the migration plan, rather than an afterthought once the analogue line is gone, is what keeps emergency contact dependable through and after the change.
Preparing for the switch-off
GP practices and other clinical sites should treat the PSTN withdrawal as a structured project. The first step is to identify every line and every device that depends on it, including the main phone system, fax lines, alarm autodiallers, lift alarms and any monitored equipment, because some of these use the analogue line in ways that are easy to overlook. Each must be tested on the digital service or replaced, and battery back-up should be in place so a power cut does not sever the ability to call 999. Engaging the communications provider early allows the practice to flag clinical criticality and agree a migration sequence that never leaves emergency contact unavailable.
Alongside the technical work, governance should keep pace. The transition is a good moment to review what is discussed and recorded by phone, confirm the lawful basis and retention for any recording, and document the security controls protecting VoIP traffic. By aligning the migration plan with the organisation's data and cyber security assessment through the Data Security and Protection Toolkit, a healthcare provider can demonstrate that the new system is both resilient and compliant before the analogue line is switched off. Done in good time, the change becomes an opportunity to tighten confidentiality rather than a last-minute scramble.
Frequently Asked Questions
Can NHS services use VoIP?
Yes, VoIP is widely used across primary and secondary care and will become the standard as the analogue PSTN is withdrawn by 2027. The requirement is that the system protects patient information, maintains reliable access to emergency services and is assessed through the organisation's information governance processes. The technology itself is well established for clinical settings, and the duties attach to how it is configured and governed rather than to the label.
What call recording rules apply to NHS phone calls?
Recording a call that contains health information is processing of special category data under the UK GDPR and the Data Protection Act 2018, so it needs a lawful basis, an Article 9 condition, a defined purpose and a set retention period. Callers should be informed that recording takes place. Recordings must be stored securely with access limited to those who need it, and deleted once the purpose has passed.
Is VoIP secure enough for patient data discussions?
VoIP can be secure enough when configured with appropriate technical controls such as encryption of voice traffic and strict access control. Because health data is special category data, the organisation must be able to evidence how it protects calls in transit and any recordings at rest. Security adequacy is judged through the organisation's information governance assessment rather than the technology label alone, and any hosting supplier must be bound by a written processor agreement.
What does NHS Digital say about VoIP?
National guidance directs NHS organisations to assess data and cyber security through the Data Security and Protection Toolkit published on GOV.UK, which is the framework for judging whether telephony arrangements are adequate. The toolkit covers the controls and governance expected when handling patient information. Each organisation maps its own VoIP deployment to that assessment and records the outcome as evidence.
How do GP practices prepare for PSTN switch-off?
Practices should inventory every line and connected device, test each on the digital service or replace it, and fit battery back-up so a power cut does not block a 999 call. Engaging the communications provider early lets the practice flag clinical criticality and agree a safe migration sequence. The transition should be aligned with the practice's information governance and security assessment so that the new system is both resilient and compliant.
