Our health information is our business

Code read?
[Hazards 89, January-March 2005]

Your employer can no longer play fast and loose with your health information. A firm could be breaking the law if it fails to respect new rules on workers' privacy. And the new code warns them to think twice about the health records they hold and the hoops they ask you to leap through, whether this is health screening, medical, drug, alcohol or genetic tests.

Ministry of Labour poster, UK, date unknown. Courtesy People's History Museum

A new code on obtaining and handling information about workers' health published by the Information Commissioner's Office (ICO) in December 2004 puts strict limits on the health information that can be obtained by employers and says in most instances alcohol, drug and genetic testing are an unwarranted intrusion.

The fourth and final part of the Employment Practices Data Protection Code - 'Information about Workers' Health' - is intended to help employers comply with the Data Protection Act (DPA). ICO says it "addresses the collection andsubsequent uses of information about a worker's physical or mental health or condition."

David Smith, assistant information commissioner, said: "Information about people's health is very sensitive and requires effective protection." He added: "Employers may have alternative ways of meeting their legal requirements under the Data Protection Act when handling information about workers' health, but if they do nothing to apply the principles behind the code they risk breaking the law."

Workers' health

The ICO code covers sickness and injury records, occupational health schemes, information from medical examinations and testing, and drug, alcohol and genetic tests. It applies to job applicants, former applicants, and former and current employees, agency staff, casual staff and contract staff. Others in the workplace - for example, volunteers and work experience people - are also covered.

The code spells out core principles. An employer should "identify who within the organisation can authorise or carry out the collection of information about workers' health on behalf of the organisation and ensure they are aware of their employer's responsibilities under the Act."

Those handling the information should be properly briefed about the law and the code and the employer should ensure anyone involved in health information collection or medical testing is properly trained. Interpretation of medical information should be left to properly qualified personnel, it says - which means the human resources manager can't decide that your hernia isn't that serious after all, and tell you to stop shirking and get back to work.

Sensitive data rules

Employers holding and processing information about workers' health must first meet one or more "sensitive data conditions."

• Is the processing necessary to enable the employer to meet its legal obligations, eg. to ensure health and safety at work, or to comply with the requirement not to discriminate on grounds of sex, age, race or disability?

• Is the processing for medical purposes, eg. the provision of care or treatment, and undertaken by a health professional or someone working under an equivalent duty of confidentiality, eg. an occupational health doctor?

• Is the processing in connection with actual or prospective legal proceedings?

• Has the worker given consent explicitly to the processing of his or her medical information? The code says consent must be freely given, with no penalty for refusal. The worker must be clear about the data referred to and how it might be used.

Supplementary guidance to the code lists other sensitive data conditions, including considering reasonable adjustments to accommodate workers with disabilities and supplying information on accidents where industrial injuries benefit may be payable.

The ICO code says: "The collection and use of information about workers' health is against the law unless a sensitive data condition is satisfied."

Impact assessments

Once a sensitive data condition is satisfied, an employer needs to be clear that either: there is a legal duty to process information about workers' health, for example health surveillance requirements under the COSHH regulations; or the benefits from processing this information justify the privacy intrusion.

The ICO code says an impact assessment can help. Possible adverse impacts could be: the intrusion into the private lives of workers and others; whether health information will be seen by those who have no business seeing it, for example IT staff; the impact on the trust and confidence between the worker and the employer; and whether the collection of health information will be oppressive or demeaning.

The employer should consider alternatives to collecting health information, for example could it be limited to the workers at highest risk or "can changes in the workplace, for example eliminating exposure to a hazardous substance, remove the need to obtain information through testing"?

Workplace health records

The ICO code advises that sickness and injury records should be kept separate from absence and accident records. It adds: "Do not use sickness or injury records for a particular purpose when records of absence could be used instead…

"Only disclose information from sickness or injury records about an identifiable worker's illness, medical condition or injury where there is a legal obligation to do so, where it is necessary for legal proceedings or where the worker has given explicit consent to the disclosure."

The code adds that no "league tables" of individual records should be published and says employers should "ensure that managers are aware of the sensitive nature of sickness and injury records."

Where firms have occupational health schemes, the ICO code calls on the employer to ensure workers are aware of how health information will be used and who will have access to it.

The code says unless told otherwise "workers are entitled to assume that information they give to a doctor, nurse or other health professional will be treated in confidence and not passed on to others. Set out clearly to workers, preferably in writing, how information they supply in the context of an occupational health scheme will be used, who it might be made available to and why."

Medical exams

The ICO code warns that for medical examinations and testing just obtaining a worker's consent or meeting a sensitive data condition is not enough to satisfy the requirements of the DPA. It says: "There is still an obligation to ensure the information obtained through medical examination is relevant, is accurate, is up to date and is kept secure."

For job applicants, medical tests are only justified where there is a likelihood of appointment. Tests are only appropriate if they are needed to determine whether a person is fit or likely to remain fit to do a job, meet any legal testing requirements, or to determine eligibility to join pension or insurance schemes.

On employees, the ICO code says: "Only obtain information through a medical examination or medical testing of current workers if the testing is part of an occupational health and safety programme that workers have a free choice to participate in, or you are satisfied that it is a necessary and justified measure to:

• prevent a significant risks to the health and safety of the worker or others, or
• determine a particular worker's fitness for carrying out his or her job, or
• determine whether a worker is fit to return to work after a period of sickness absence, or when this might be the case, or
• determine the worker's entitlement to health related benefits, eg. sick pay, or
• prevent discrimination against workers on the grounds of disability or assess the need to make reasonable adjustments to the working environment, or
• comply with other legal obligations."

Information obtained in the course of medical tests that is not relevant to the purpose of the test must be permanently deleted.

Drug, alcohol and gene tests

On drug and alcohol testing, the code says: "Very few employers will be justified in testing to detect illegal use rather than on safety grounds," adding: "Even in safety critical businesses such as public transport or heavy industry, workers in different jobs will pose different safety risks. Therefore collecting information though the random testing of all workers will rarely be justified."

On gene screening it says: "Only seek information through genetic testing as a last resort, where: it is not practicable to make changes to the working environment or practices so as to reduce risks to all workers, and it is the only reasonable method to obtain the required information."

Safety reps' rights

The ICO code says: "Safety representatives should be provided with anonymised information unless any workers concerned have consented to the provision of information in an identifiable form." The new HSE accident book takes account of this requirement, with a tick box allowing workers to indicate all their information can be revealed to the safety rep.

The ICO code's supplementary guidance says safety reps have the "legal right of access to information they need to fulfil their functions."

It adds: "The law does not prevent an employer from providing anonymised information to a safety representative. Where the disclosure of identifiable information is required by law, (such as might be the case under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995), the Data Protection Act 1998 does not prevent the disclosure taking place."

References

The Employment Practices Data Protection Code Part 4: Information about workers health, ICO, 2004. more • Good Practice Recommendations

Information commissioner's Office

Resources

CEP policy statement on medical monitoring, Canada.