Staywell » Blog » Confidentiality and Occupational Health – An Employer’s View

Confidentiality and Occupational Health – An Employer’s View

For many companies, the issue of data protection presents a variety of problems, particularly when they hire third party services that require access to and have the responsibility to gather personal information for employees.

In today’s world, the fact that a company can say they are fully compliant with all data protection legislation doesn’t mean they are – when they choose to form a relationship with any third party, employers need to go that extra mile to make sure data is safe and will remain so in the future.

Nowhere is this more important than in the occupational health industry where sensitive personnel and medical data is often handled.  Whether you are small company with less than ten employees or a multi-national responsible for thousands of staff, the challenges remain the same if you want to comply with legislation or be on the wrong side of legal action for wrongful disclosure.

This not only applies to the time when the occupational health team are providing their service but also must continue after the relationship has ended with any data that remains on record, either with the employer or the occupational health provider, kept secure.

The information given to an occupational health professional, of course, cannot be shared unless the employee has given their consent – even to the employer who has arranged the appointment in the first place. Any storage or the way the information is handled must also comply with the Data Protection Act and the occupational health organisation is required to act accordingly, and that includes when this conflicts with what the employer actually wants.

Encrypted folder with numbers in the background

Covering Confidentiality

Any employer who is looking to contract or outsource an occupational health team will need to be sure of several safeguards that means their employee data is in safe hands:

First of all, the OH team should be registered with the ICO or the Information Commissioner’s Office. This provides a set of guidelines for employers, individuals and organisations to follow and registered parties agree to comply with their obligations. Our registration number is ZA119351 and you can find out more about ICO by visiting their website.

Part of complying fully with the Data Protection Act is in ensuring the right processes are in place. For instance, all staff should have signed a confidentiality agreement and organisations need to make sure they only collect data for clearly defined purposes. On top of that, there are the important measures that need to be put in place if that data is to be fully protected. As we all know there is the threat of digital data being hacked into and an organisation likes ours takes certain measures to ensure data integrity.

  • We encrypt confidential documents with AES-256 bit encryption which gives several layers of protection from outside attacks.
  • We have the option to password protect the confidential reports we send out to clients
  • In our terms and conditions we have a clause to protect IP throughout and beyond the life of our involvement in a contract. This means, even if a business relationship ends, we are bound by our terms and conditions not to reveal any IP.

Employers who contract an occupational health team are liable to the same restrictions and code of practice under the data protection act and, as such, have the same responsibility to safeguard employee information and data.



Recent Posts

How to provide support to employees who are anxious about a COVID-19 second wave.

By Paul Hinckley, Occupational Health Nurse Advisor at Staywell Occupational Health – October 2020 We have all been on a challenging and difficult journey so far in 2020, we may have come to terms with the immediate urgency that coronavirus has brought, but now what? The threat of COVID-19 remains with us, and whilst research into…

Find out more

Coronavirus Shielding Advice explained

By Jane Lavery, Senior Occupational Health nurse at Staywell Occupational Health – 22nd April 2020 There has been a lot of confusion about the requirement for self-isolation, social distancing and shielding.  Self-isolation is required when individuals and others in their household have symptoms.  Shielding is required for those who are considered extremely vulnerable and is…

Find out more

RIDDOR Reporting of COVID-19: Advice for Employers

By Jane Lavery, Senior Occupational Health Nurse at Staywell Occupational Health – 17th April 2020 RIDDOR was first introduced in 1980 and has seen updates since this time including new advice related to Coronavirus.  RIDDOR requires employers to report any major incidents, near misses or dangerous occurrences to the HSE (Health and Safety Executive). In…

Find out more