GDPR Privacy notice for OCCUPATIONAL HEALTH patients


OccHealthNet is committed to protecting your personal information and complying with GDPR reference Article 6(1)(f), Article 9(2)(b) and (h) and Article 9(3). This statement sets out how Occupational Health Service may use and process such personal information.


What Data will be collected?


The following data may be collected, held and shared by OccHealthNet:


·Personal information (e.g. Name, Address, Date of Birth).

·Personal characteristics e.g. ethnicity, gender etc.

·Past and present job roles.

·Health and medical information which is a “special category”of data.


Why is it collected and what is the “lawful basis” for processing your data?


Our lawful basis for processing your data is:


1.Legal obligation: the processing of your information and data is necessary for us to comply with the law this includes health & safety legislation and employment legislation, and to support your Employer in complying with the same law as we are acting as their agent and occupational health provider

-To assess the working capacity of an employee.

-To ensure the health & safety of the employees at work & allow consideration of any adjustments that may be required to support their ability to work.


2.Vital interests: Processing your data includes our interest in protecting life.


Part of our work will be to help protect your health from harm that may potentially arise from work processes


3.Special category data is collected for the “purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health”.  


This refers to the medical information we have from consultations with you,

and that which we receive, with your consent, from your GP, Medical Consultants, Specialists and Therapists. The processing is also subject to subject to conditions and safeguards specified by relevant nursing and medical professional bodies.


4.Statutory Health Surveillance is performed due to specific legal regulations.


This is to monitor your exposure to substances e.g. asbestos, lead or to protect the public from Hepatitis B. If your employer has asked us to perform Statutory Health Surveillance then they will create a basic health record with the following details: employee’s name and address and National Insurance number, substance/process they are exposed to and when, surveillance that has been done on them and the name of the tester, and the outcome, eg fit/unfit/fit with adjustments.


Who will it be collected from?


·You are the data subject “the Employee.”

·Your Employer e.g. Human Resources, line managers should receive your consent to share your personnel and medical information they hold and wish to pass to the Occupational Healthservice.

·Thedoctors/health professionals who treat you (with your consent) e.g. GP,Specialists, Consultants and Therapists.


How will it be collected?


·Verbally via telephone calls and face to face conversations

·In writing, which can include e.g. forms you and/or your Employer may complete e.g.health assessment forms, management referral forms, emails from you or your employer, and from other parties e.g. GP letters etc. These may be sent to us electronically and/or by surface mail.

·All exchange of information will be subject to informed consent processes and safeguarding of your data.


Storage & Use of Records


·The information OccHealthNet collects and stores on computer, may be transferred to, processed, and stored at, a destination outside of Aveley Medical Centre. OccHealthNet will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Statement.

·Administrative support staff on a “need to know basis” can access your information to e.g. to book appointments, process reports etc. All administrative staff are obliged to follow our confidentiality policies and have a contractual obligation to preserve it.


Your Rights


1.You have statutory right of access to your occupational health records (in full or in part) under the GDPR 2018, or to authorise a third party, such as a legal adviser, to exercise that right on your behalf. If you would like a copy of some or all of your personal information, please contact our administration team.


2.We want to make sure that your personal information is accurate and up to date and therefore you may ask us to correct or remove information you think is inaccurate.


3.You have the right to object to your personal information being shared with other healthcare providers for your own care. Please speak to the practice if you wish to object but this may limit the treatment that you can receive. You also have the right to have any mistakes or errors corrected.


4.We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.


5.If you feel uncomfortable providing any of the information requested by OccHealthNet then please do not hesitate to raise your concerns with Dr Aslam or Kim Dann


6.You have the right to complain to the Information Commissioners Office (ICO) if you feel there is a problem with the way that we handle and store your information.


https://ico.org.uk/global/contact-us/or call the helpline 0303 123 1113


Personnel Data Breaches


Any OccHealthNet staff dealing with personal and sensitive data are data processors. All data processors will report any data breaches to the data controller who is Dr Aslam OccHealthNet.  


This includes data both personal and sensitive that is lost, stolen or altered or disclosed/released without consent. The controller will report this breach to the (ICO) within 72 hours


Retention Policy


Clinical information will only be kept for as long as it is needed.

-Pre-employment forms for 1 year after they were received

-Occupational Health Files for 6 years after you leave your job, or when we are notified by your employer after the 6-year period

-Health Surveillance records will be kept for 40 years or passed to a new OH provider if we stop trading, or to HSE for safe keeping


The Data Controller


Aveley Medical Centre

22 High St


RM15 4AD