Workable Occupational Health Ltd (WOH), a doctor-led occupational health service, is committed to maintaining the dignity, privacy, and confidentiality of all our service users at all times. This privacy notice tells you about how we collect what we do with your Personal Data. Personal Data is any information that can identify you (e.g. name, date of birth or email)
Your Personal Data
We collect Personal Data when you or your employer request our service, when you complete the forms or talk to our Staff. To fulfil our role as an occupational health provider we collect Special category Personal Data (or sensitive Personal Data), e.g. information about your health.
We will use your data to assess your health, and fitness for work, advise on the recommended adjustments or referrals, and carry out our contractual obligations with your employer or you.
The OH Consultation and Data Disclosure
We are often asked by employers to review you (in the clinic or remotely) and issue a medical certificate and/or advise on your health, fitness for work, prognosis and indications for medical adjustments or medical retirement.
We can only assess you after you give express informed consent to your employer before the referral.
During the consultation, we will ask you questions and record your confidential medical history (e.g. symptoms, diagnosis and treatment). This confidential medical information will not be revealed to your employer (it may be revealed, with your consent, to your employer’s occupational health service, if we work on their behalf).
Before the end of the consultation, we will inform you of what we plan to recommend in the subsequent medical report for you and the employer. We will also tell you your consent options.
Consent options
You may chose to:
- Receive a copy of the medical report before it is sent to your employer.
If that is the case, you can read the report and ask questions, provide factual corrections (e.g. incorrect names, dates or spelling errors) or add your comments to be placed under the report. However, the doctor will not be able to change the medical opinion or advice at your request. If we don’t hear from you within 3 days, we will forward the report to your employer.
- Receive a copy of the report at the same time it is sent to your employer
- Not to receive a copy of the report.
Withdrawal of Consent
You may withdraw your consent at any time, also after reading the medical report, without giving reasons. If that happens, we will notify your employer that we cannot give OH advice without your consent.
Disclosing your Personal Data
With your consent, we may disclose your data to your employer, your healthcare provider or public organisations (e.g. Health and Safety Executive).
Under the Data Protection legislation, in eceptional cases, we may be required to disclose your data without your consent, where a disclosure (e.g. to the employer, DVLA, Police etc.) will prevent you and/or others from serious harm or death, or at a request by a Court Order.
Confidentiality of your Personal Data
Our mission is to advise employees and employers about matters related to their health and work. Our service is medically confidential.
Like all medical providers, we will only record, process and share your data (e.g. information, reports or certificates) without your prior informed consent.
We cannot and will not disclose your medical information to any third party without your prior informed consent. The medical records are securely stored in line with data protection legislation and only accessible to our Staff. All our Staff sign and follow a strict code of confidentiality in relation to the confidentiality of all consultations, telephone contact and the maintenance of medical records.
Safety of your Personal Data
Your data is securely stored on our computers and kept secure using business antivirus, firewall and backup cloud solutions.
Your rights
As the Data Subject, you have the right to:
- Be informed of how your Personal Data is being used – this right is usually fulfilled by the provision of ‘privacy notices’ as described above.
- Have your inaccurate Personal Data corrected.
- Have your Personal Data erased where appropriate (except if data is held for statutory purposes, e.g. as a part of health surveillance)
- Receive a copy of your Personal Data
- Object to processing your Personal Data, to direct marketing, to processing your data for research purposes.
- Access your Personal Data by making a ‘subject access request’.
Access to your Personal Data
You have the right to access, correct inaccuracies or request removal of your Personal Data stored by WOH. You can also request a copy of your Personal Data subject to applicable exemptions.
You may submit your subject access request by emailing us and providing your personal information, proof of ID and a description of the request. We will aim to reply to your request within 30 working days. There is no fee for SAR. However, if the procedure requires significant use of our resources, we may charge a reasonable administrative fee of up to £300 will apply. The fee represents the cost of determining whether WHO holds the information, retrieving and reviewing the data to remove information about other data subjects or otherwise required by the GDPR.
Legislation
WOH is a data controller and processor registered with Information Commissioner’s Office. We adhere to the Legislation on data protection, including
– Access to Medical Records Act 1988
– UK General Data Protection Regulation (the UK GDPR)
– Data Protection Act 2018
And relevant medical and ethical guidelines by the General Medical Council and the Faculty of Occupational Medicine.
We adhere to the Principles of Data Protection to ensure that Personal Data is processed:
- Fairly, lawfully and transparently
- Only for specified, explicit and legitimate purposes
- Securely – to preserve the confidentiality, integrity and availability of the personal information.
And that the Personal Data is:
- Adequate, relevant and limited.
- Accurate (and rectified if inaccurate).
- Not kept for longer than necessary.
