In the context of the digital age, facial recognition technology has been widely applied in the digital transformation and intelligent applications of medical institutions, such as "face-scanning" visits. While this technology greatly enhances the operational efficiency of medical institutions, it also brings potential technological application and legal risks. In terms of compliance subjects, medical institutions are not the inherently compliant entities for the application of facial recognition technology; in practical application, the diagnostic autonomy of doctors under the scrutiny of video surveillance and facial recognition devices may be compromised. In terms of information rights protection, the informed consent rights of patients are at risk of being substantially hollowed out. This means that corresponding regulatory approaches must be perfected to address these legal risks. Efforts can be made to enhance the compliance of medical institutions in applying facial recognition technology, to differentiate between different application scenarios of facial recognition technology within medical institutions, and to ensure the informed consent rights of patients.