Occupational Health Privacy Policy

Furze Health Ltd Occupational Health Service is committed to ensuring that your privacy is protected. This policy explains how Furze Health Ltd Occupational Health Service uses any information collected about you.

Occupational Health Privacy Notice

Please read this privacy notice to understand how what personal information we collect from you, how we use and store this information, how long we retain it and for which legal purpose we share it.
The General Data Protection Regulation requires us to manage all personal information in accordance with some important principles. In particular, we are required to process your personal information fairly and lawfully. This means that you are entitled to know how we use this information.

To find out about our Privacy Notice, please see the relevant sections below:

Our Occupational Health service

Who is our Data Protection Officer
Why we collect personal information about you
What information are we collecting
What is our legal basis for processing your personal information
Who do we collect your personal information from
How we collect your personal information
What we do with your personal information
Who we share your personal information with and why
How we maintain your records
What are your rights
How to contact the Information Commissioners Office
Our Occupational Health service
Furze Health Ltd’s Occupational Health service is provided by the Occupational Health Practitioner, a Registered Nurse. The Occupational Health Practitioner is supported by a non-clinical administrator for the day to day operations of the service.

  • The types of service provided by Occupational Health include:
    Fitness for work assessments and rehabilitation advice
    Management/employee health advice
    Pre-placement health assessment
    Medical liaison with GP & specialists
    Onward Referrals to relevant health care professionals
    Work place assessment and job task analysis
    Advice on legislation
    Health Education and Promotion

Our Data Protection Officer
Furze Health Ltd is registered with The Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018.
Our Data Protection Officer (DPO) is Wilfred Chikowore, who looks after your data protection rights.

Why We Collect Personal Information About You

We collect and maintain personal information about you to enable us to provide the best possible advice for occupational health reasons to your manager. Occupational Health collects, stores and processes personal information about you to ensure compliance with legal, professional body and industry requirements.
We recognise the need to treat your personal and sensitive data fairly and lawfully and no personal information held by us will be processed unless the requirements for fair and lawful processing are met. Your information will never be shared or sold for marketing purposes.
Personal information you provide us is held in confidence and will only be used for the purposes explained to you and to which you have consented. Unless there are exceptional circumstances, such as where the health and safety of others is at risk, where the law requires it, or there is an overriding public interest to do this.

What Information We Collect
To enable us to carry out our activities and obligations as a service, we may collect the following personal information from you:
Personal information to include: Name; Date of Birth; National Insurance Number; Occupation; Gender.
Contact information to include: Address; Contact telephone numbers; Contact emails

GP and/or Specialist contact details.
Contact details of your manager
Past and present occupational job roles and occupational exposure
Health information that is classed as “special category data, for example:
Health questionnaire completed during the recruitment process
Occupational health information and notes such as:
Medical information including physical and mental health conditions
GP, Specialists, Physiotherapist Medical Reports
Results of medical investigations and biological testing
health surveillance records

What Our Legal Basis Is For Processing Your Personal Information
In order for occupational health to process your personal information, much of which is “special category data” – that which is sensitive – we hold and process your information in accordance with the Data Protection Act 2018 and rely on a lawful basis under this act for processing your personal information which is set out below:
Article 6 (1) (e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 9 (2) (b): as a lawful basis processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment or social security or social protection
Article 9 (2) (h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or services Occupational health also processes data in circumstances where it is necessary to:
Enable the employer on behalf of whom occupational health acts to comply with legal obligations under the Health and Safety At Work Act 1974, to protect your health and safety at work as far as is reasonably practicable.
Enable the employer on behalf of whom occupational health acts to comply with your contract of employment.
In addition, we comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:
Maintain full and accurate records of the care we provide to you.
Keep records about you confidential and secure
Provide information in a format that is accessible to you.
The Occupational Health Department does not require explicit consent of employees to process their personal data if the purpose falls within the legal basis detailed above. However, in line with General Medical Council and Faculty of Occupational Medicine Good Medical Practice guidelines, we will seek explicit consent wherever practicable.

For further information on this legislation please visit:

http://www.legislation.gov.uk/

Who We Collect Your Personal Information From:

You (The Data Subject)
Your Manager: Your Human Resources: Your Health and Safety Representatives
Healthcare Specialists or Health Services that we may refer you to as part of our assessment process
With your consent, your GP or other Specialists from whom you have received treatment.

How We Collect Your Personal Information
Personal information will be collected directly from your employer.
Further personal information may be collected when you are referred into the occupational health, for example, in undertaking management referrals and occupational health assessments; health screening; workstation assessments; or when providing physiotherapy and counselling services.
Personal information may also be collected from healthcare professionals in certain circumstances e.g. from your GP or treating specialist.

We collect this information by way of:
Verbally by way of telephone calls or during face to face consultations.
Email communications
In writing or electronically via forms that you or your manager complete as part of the management referral process, or via reports sent to us from other parties, for example, from your GP

What We Do With Your Personal Information
Your personal information is processed for the following purposes:
To identify you and ensure your medical information is filed and stored correctly.
To identify contact details, such as name, address, telephone number and email, to inform and remind you about your appointments and send you any relevant correspondence.

To identify your GP contact in case of emergency or where we need to request a report from your GP, with your consent; as part of your occupational health assessment.
To provide health clearance on your fitness to work / train/ attend meetings.
To assess and protect your health and your fitness to work.
To identify a baseline of your health against which to measure any future changes.
To provide advice to managers on the impact of your health on work and work on your health.
To promote your abilities and help support any disabilities in the workplace, recording recommendations for necessary adjustments, restrictions or modifications.
To identify any additional support that would help you to improve your health.
To provide you physiotherapy care.
To provide you counselling care.
To undertake health promotion, health education and health preventative activities.
To undertake assessments for consideration of retirement on the grounds of ill health.
To report and investigate complaints, claims and untoward incidents.
To report events to the appropriate authorities when we are required to do so by law e.g. for communicable disease, under RIDDOR.
To review your care e.g. clinical auditing to ensure we provide the relevant high quality service.
To review the service and health of the workforce with anonymous management information and data trends.

Our service will provide specific reasons for the work undertaken in information leaflets that you will be provided before such duties are carried out by occupational health.
Where possible, we will always look to anonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/share the minimum information necessary.

Who We Share Your Information With and Why

We are required to protect your personal information, inform you of how your personal information will be used and allow you to decide if and how your personal information can be shared. Personal information you provide to Furze Health Ltd Occupational Health in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so.

Your information is private and will only be shared when it is necessary and lawful to do so:
Information on your fitness to work is shared with your line manager and HR.
Details of your medical conditions will be shared with others involved, or to be involved, in the provision of your healthcare for medical purposes**
Details of infectious diseases which present significant risk to human health and the wider public under the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010 and where we have a legal duty.

Assisting third parties with regulatory responsibility such as The Care Quality Commission and Information Commissioner’s Office where we have a legal duty.

There are a number of circumstances where we must or can share information about you to comply or manage with:
Disciplinary/investigation processes; including referrals to Professional Bodies, e.g. NMC and GMC
Legislative and/or statutory requirements
Court Orders which may have been imposed on us
Request for information from the police and other law enforcement agencies for the prevention and detection of crime and/or fraud if the crime is of a serious nature
For our public sector clients, under the Freedom of Information Act, they are obliged as a public sector body to release relevant anonymous data following a legitimate request

When it is required by us or others to detect, investigate or prevent serious crime where we have a legal duty.
Where there is cause to do this, Furze Health Ltd Occupational Health will always do its best to notify you of this sharing.

**The relationship between a patient and a medical professional is a special one. Clinicians have a common law duty of confidence. The Occupational Health Clinician will be satisfied that you consent to any sharing, even when this for genuine medical purposes under the General Data Protection Regulations 2018

We will not routinely disclose any information about you without your express permission.
Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Personal Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.
Where possible, we will always look to anonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it, and will only ever use/share the minimum information necessary. However, there are occasions where your employer is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

How We Maintain Your Records

When determining how long we keep your information, we take into account any legal requirements, the expectations of the data protection regulator and the amount of time since your last engagement with OH.

We do not keep records for longer than is necessary.
Your personal information is held in electronic forms for specified periods of time in accordance with all appropriate legislation.
We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2018. In addition, everyone working for Occupational Health must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:
Maintain full and accurate records of the care we provide to you
Keep records about you confidential and secure
Provide information in a format that is accessible to you

Your data will be securely stored on secure servers.
Your Occupational Health data will be retained for a period of six years.
For Health Surveillance health records, this will be stored for 40 years to comply with Health and Safety Control of Hazardous Substances at Work (COSHH) 2012 legislation.
The above will be applied, unless there are other clinical grounds or legislative reasons to keep them for a longer period.

What Your Rights Are
If we need to use your information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent.
Access
You have a right to ask Furze Health Ltd if we have your personal information. If we do, you have a right to know:
Why we have it
What type of information we hold
Whether we have or will send it to others
How long we keep it
Where we got it from
Details of any automated decision-making
You can ask for a copy of your occupational health record (in full or part).

Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:

Request to access the personal data we hold about you, e.g.medical records. If you wish to do this, please contact Occupational Health in writing:

Furze Health Limited, Kemp House, 124 City Road, London
Email : occupational.health@furze-health.co.uk
Tel: 07360969084
Please remember to include details of the information you require plus contact details, and a form of photo identification such as a copy of your driving license/passport and a document with your name and address on such as a utility bill.
Ask us to restrict the use of your information where appropriate.
You can ask your personal information to be transferred to other providers on certain occasions.

Rectification
You do not have a “right to erasure” of your data as the processing is necessary for the purpose of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This applies as your data is being processed by and under the responsibility of a health professional under relevant codes of conduct and the common law duty of confidence.
You can, however, request that an amendment is attached to your occupational health record if you believe any of the information held by us is inaccurate or misleading.
Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:
Request the correction of inaccurate or incomplete information recorded in our records, subject to certain safeguards.

Objection
Where Furze Health Ltd has relied on your consent to process your data, you have a right to withdraw your consent at any time.
Furze Health Ltd may look to another legal basis to undertake a processing activity.
Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:
Request that your information be deleted or removed where there is no need for us to continue processing it and where the retention time has passed
To challenge any decisions made without human intervention (automated decision making)
To object to the use of your personal information
In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g. as part of a local/regional data sharing initiative). This so called ‘’Data Opt-out’ initiative, developed by Dame Fiona Caldicott, is set to commence in 2018 and conclude in March 2020. Further information can be found on the following website:

https://digital.nhs.uk/national-data-opt-out

To refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018 we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.

For further information, write to:

Furze Health Limited, Kemp House, 124 City Road, London
Email : occupational.health@furze-health.co.uk

How To Contact The Information Commissioner’s Office (ICO)

The Information Commissioner’s Office (ICO) is the body that regulates Furze Health Ltd under Data Protection and Freedom of Information legislation:
https://ico.org.uk/

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:

Information Commissioner’s Office
Wycliffe House
Waterlane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Email: casework@ico.org.uk

Visitors to our website
When someone visits this website we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone and does not create cookies. We do not make any attempt to find out the identities of those visiting this website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

In order to comply with the EU Cookie Directive, we need to tell you what cookies we use and why we use them. This only applies to cookies that are not intrinsic to the functioning of the website. So, for example, if this were an e-commerce site which used cookies to hold your shopping cart information, we would not be obliged to notify you about those cookies.

We do not use cookies on this website!

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.