Introduction
During the course of our activities, Acorn Occupational Health Ltd will collect, store and process personal information about the employees of our customers. We collect this information for the purpose of:
· Assessing health at the start of employment.
· Preventing ill health due to working activities or work patterns.
· Assessment of health during or following a period of absence due to ill health or an injury.
· Assessing a health problem that may arise from, or be exacerbated by factors within the workplace.
Law Governing Data Collection
The law governing the collection of sensitive data is covered by the General Data Protection Regulation (GDPR) 2018. Specifically, for the purpose of Acorn Occupational Health Ltd collecting data:
The Lawfulness of Processing data is covered by Article 6.1.f:
‘Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’.
Processing of Special Categories of Personal Data is covered by Articles 9.2.h:
‘Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3’.
What Data and Why Data is Collected:
Assessing health at the start of employment – Post Job Offer Questionnaires and Medicals
As an employee, you may be asked to complete a Post Job Offer Questionnaire, or you may have a Medical Assessment. The purpose of a post-job offer health assessment is to establish a prospective employee’s fitness for employment within a specific job role. The purpose of a post-job offer health assessment is to also ensure that a person is not
positioned into a job which is going to adversely affect their health or make an existing health problem worse.
Preventing ill health due to work activities or work patterns
Health Surveillance
As an employee, you may be asked to complete health surveillance questionnaires. The aim of health surveillance is to identify work-related ill health at an early stage so that action can be taken early to reduce the risk of work related ill health and control measures to reduce and eliminate workplace health hazards.
A report following health surveillance will include a general statement about fitness for work and any recommendations relevant to the health surveillance and the date that a review is advised. You can request to know what is being written and you can obtain a copy from your manager.
Fit for Task Medicals and Health Screening
As an employee, you may be asked to complete health screening or Fit for Task Medical questionnaires. The purpose of these health assessments is to establish an employee’s fitness for a specific job task/role.
Health Promotion
Health promotion reports such as well-being/person medicals include your name and date of attendance only.
Self-referrals
On occasions, and with your consent, a report may be written to the organisation following self-referral, if it is felt that this would be helpful in managing your health issue.
Assessment of health during or following a period of absence due to ill health or an injury. Assessing a health problem that may arise from or be exacerbated by factors within the workplace.
Occupational Health Reports/Management Referral
An occupational health report is normally written following a referral from a manager or Human Resources. This type of referral is called a management referral. The report will enable the Occupational Health professional to communicate to your employer the effect that your health will have on your work role, the effect that work will have on your health, the resulting capability, and any reasonable adjustments or restrictions which may be applicable to supporting you in work.
The report will be written with your consent. Acorn follows the General Medical Council Guidance on confidentiality and consent. You will be informed of the report content, given the option of having a copy of the report and you will be given the option of viewing the report prior to it being issued to your employer. If you want to view the report prior to it being released to your employer, it will be released 48 hours after it has been sent to you via email or 5 days if it has been sent to you via the post unless we hear that you do not want us to release the report. You have the right to ask for amendments to factual inaccuracies but not to opinion. You have the right to deny consent at any time.
Specialist or General Practitioner (GP) Reports
Occasionally we may need to obtain specific medical information from your GP or other specialist. If this is required, we will explain the need for the information to you in more detail and seek your written consent. This medical information is provided to us in strict confidence and is not divulged to anyone at work without your specific consent. We use this information to clarify your medical history and to ensure that we give the best possible advice to your manager /Human Resources (HR).
In accordance with the Access to Medical Reports Act 1988, you have a right to view the report at your GP surgery (you have 21 days to do so), request amendments and veto the release of the report.
Confidentiality
Whilst we work in partnership with your manager/HR to provide our services, Occupational Health records that we maintain during your employment are confidential and only Occupational Health staff have access to them. You are able to see these records at any time if you apply to do so in writing.
We provide confidential advice to your manager and HR about your well-being at work. We give advice and support to you and your manager/HR to ensure that your health and safety does not suffer whilst you are at work.
The information we give to your manager/HR relates to your fitness for work. This is usually in respect of any restrictions or modifications to the type of work you are able to do. For example, if a person has epilepsy, their employer might receive a report recommending that the person should not work unsupervised. This need not necessarily disclose epilepsy.
There are exceptional circumstances when we are bound by law or professional conduct to report a medical condition. Fortunately, this kind of situation is rare, but we would counsel anyone carefully if this action was necessary.
Storage and Retention of Information
The personal information obtained by Acorn Occupational Health is securely stored. The personal information will be kept for no longer than is necessary. However, the General Data Protection Regulation (GDPR) allows for some records to be stored indefinitely as archives for research purposes or if relevant conditions are adhered to by law such as COSHH, the Health Records will need to be stored for 40 years following the last entry. The length of storage depends on the type of medical information enclosed.
Unwanted documents will be disposed of securely as confidential waste, by shredding, pulping, incinerating, deleting, or overwriting. This will be documented, and a destruction certificate obtained.
Acorn’s Retention of Data Policy
Acorn will agree with the customer (the employer) a time frame for destruction. This is usually for the duration of employment plus 6 years following employment or 75 years of age. https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016. (Page 71)
Specific conditions are as follows:
· Ionising Radiation Records – 30 years
· Health Records – These are the responsibility of the Employer and must be kept for 40 years
Specific storage times for clinical notes, records and questionnaires are as follows:
· Health Surveillance (COSHH, Noise, Vibration, Biological Monitoring) – 10 years maximum if paper records are stored at Acorn. 1 year maximum if Acorn stores the records and no longer provides a service for the client
· Health Screening (Fit for Task Medicals) – 10 years maximum if paper records are stored at Acorn. 1 year maximum if Acorn stores the records and no longer provides a service for the client
· Vaccination consents – 1 year
· Post job offer forms – These can be destroyed immediately if the potential employee never starts with the company through their own choice. Destroyed after 1 year if
Graded A or B. Destroyed after 2 years if graded C, destroyed after 3 years if the employee was turned down due to a medical reason or Graded D.
· Management Referral – – 10 years maximum if paper records are stored at Acorn. 2 years maximum if Acorn stores the records and no longer provides a service for the client.
· Personal Track Safety – can be archived within Orchid but must only be destroyed no less than 10 years.
However, it is advised that records of significant episodes, exposures or accidents should be preserved beyond the above time periods.
A request to delete personal information will be considered and actioned. However, the request to delete information may be declined if the personal information is governed by legislation or other exceptional circumstance.
How to access your personal data
General Data Protection Regulation (GDPR) gives you the right to access the information that Acorn Occupational Health holds about you and why. Requests must be made in writing and you will need to provide:
• Adequate information [for example full name, address, date of birth, staff number, etc.] so that your identity can be verified and your personal data located.
• An indication of what information you are requesting to enable us to locate this in an efficient manner.
You should send your request to Acorn Occupational Health Ltd, Dane Mill Business Centre, Broadhurst Lane, Congleton, Cheshire, CW12 1LA or email: datarequest@acornoh.co.uk.
Acorn will comply with requests for data access for personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt. Where requests are complex or numerous we will write to inform you with an explanation as to why an extension is necessary.