Workers Health Ltd Data Protection Privacy Notice for Clients and their Employees
In providing your occupational health services, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Information that we collect
We may collect the following information about you:
- Personal details such as your name, date of birth, national insurance number, address, telephone number and email address;
- Information about your general health, including
Clinical records made by our nurse and doctors and other occupational health professionals involved with your care;
- Registration & Consent details;
- Notes of conversations with you about your care;
- Dates of your appointments;
- Details of any complaints you have made and how these complaints were dealt with;
- Correspondence with other health professionals or institutions;
Details of the fees we have charged, the amounts you have paid and some payment details.
- Our clinic manager is responsible for keeping secure the information about you that we hold and is the Data Controller for this practice.
Our data protection officer ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.
- Those at the clinic who have access to your information include occupational health nurses and doctors involved with your care.
How we use your information
To provide you with the occupational health services you need, we require up-to-date and accurate information about you. Therefore, each time you attend for a service, we ask you to complete a new registration/consent form so that our records remain accurate.
Your information is normally used only by those working at the Workers Health Ltd clinic, but there may be instances where we need to share it – for example, with:
- Your doctor;
- The hospital or other health professionals caring for you;
- We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary and always after obtaining your consent.
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers. We use high-quality specialist occupational health software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
We use cloud computing facilities for storing some of your information. The practice has a rigorous agreement with our provider to ensure that we meet the obligations described in this policy and that we keep your information securely.
We only keep your data for as long as is necessary for the purpose(s) for which it was provided as follows:
- In accordance with NHS and British Medical Association advice, in most cases this will be for [7 years] after your employment ends [(or you attain the age of 75)] unless there is a recognised clinical need or statutory requirement to keep it for longer. We keep your data for this period to protect you should you need access to it, or in case there are situations where you may be unhappy with our services and want to lodge a complaint.
- In the case of statutory health surveillance records, these are required by law to be retained for different periods, but we normally give these to your employer and, in that case, will not keep them longer than we keep your other data.
- In the case of pre-placement/pre-employment assessments, we will normally keep your data for  months if the job is not taken up. We do this in case there is any query or dispute over the placement/recruitment process.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to:
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change;
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information;
- Stop using your information – for example, sending you reminders for appointments or information about our service.
If you do not agree
If you do not wish us to use your personal information as described, you should discuss the matter with us. If you object to the way that we collect and use your information, we may not be able to continue to provide you with certain occupational health services.
If you have any concerns about how we use your information and you do not feel able to discuss it with anyone at the Workers Health Ltd practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).