The OH Service is committed to ensuring the protection, confidentiality and privacy of information entrusted to us by any individual and to ensure the data we hold is secure at all times.
Data protection and confidentiality is a fundamental aspect of our ethical codes of conduct and a central tenet in our relationship with our employees, our customers, their employees, our business partners and any applicants applying to work with us.
The OH Service will not only comply with the requirements of the current data protection legislation, but additionally meet all our ethical and professional bodies’ guidelines and codes of practice regarding privacy and confidentiality.
Information held on our customers’ employees include both personal and sensitive data including name, date of birth, address, limited employment data and information regarding their health/medical conditions and for certain roles, immunity status. This information has been supplied to the OH Service by the customer, employee themselves or their GP/Specialist directly. It will only ever be used for the purposes of providing occupational health services and will not be shared with any third parties for any other activity, such as marketing.
The OH Service processes and manages the data of our customers and their employees for the purposes of occupational medicine, assessing the work capacity and capability of employees, medical diagnosis and the management of their cases and for legitimate interests.
Your medical record may be audited as part of our clinical governance protocols, but any outcomes will be anonymous and not contain any identifiable information.
Our commitment to you with regard to your data:
Subject Access Requests
Individuals may request copies of their occupational health records or parts thereof, at any time. These requests are known as subject access requests (SARs). An individual may also request that a copy of their occupational health records is sent to a third party, such as a solicitor.
If an individual wants access to their occupational health records, the request must be made in writing to ensure that we provide you with the correct data and do not share any incorrect information with an individual. The letter or e mail must include:
It should also contain a signature, if in letter form. If we receive the request by e mail, we may make an additional security check to ensure you are who you say you are. This is designed to protect your information.
If the request comes from a third party, such as a solicitor, then it is essential that we have the following information included in a consent form from the individual. The consent form should include:
If we receive a request from a third party we may contact you to verify that the request is legitimate and you have asked them to request the data.
If you have any queries please email email@example.com
If you want further advice or wish to raise a concern regarding data protection please contact the ICO on www.ico.org.uk