DATA PROTECTION, CONFIDENTIALITY AND PRIVACY POLICY 

This is the Data Protection, Confidentiality and Privacy Policy of Split Dimension Ltd

As an Occupational Health Service provider, Split Dimension Ltd recognises the need to comply with the General Data Protection Regulation and all other relevant legislation and codes of practice in relation to its business activities.  The provision of a confidential, informed and impartial service to our clients and their employees is essential to maintain a professional relationship.

It is incumbent on all Split Dimension staff to maintain confidentiality.  Each member of staff has an obligation not to divulge any information learned in respect of his/her work activities as detailed below.

Medical records and employee information

The personal information we hold is kept to a minimum and details only what is required to allow us to carry out health assessments and maintain adequate records required by the General Medical Council, the Nursing and Midwifery Council and other authorities.

We may hold the following personal information about those employees who are referred to us:

  • Name, telephone number(s), e-mail and/or address;
  • Details of employer and job (if relevant);
  • Details of general practitioner (if relevant);
  • Details including medical history, medication and clinical observations of any medicals or health assessments that we carry out;
  • Information from other bodies such as employer, general practitioner or other professionals where this has been provided to enable assessments to be made of medical fitness or any appropriate adaptations to employment.

All Records will be maintained in accordance with the requirements of The General Data Protection Regulation and relevant Guidance from the Nursing and Midwifery Council, the Faculty of Occupational Medicine and other regulatory bodies and quality standards

  • All occupational health records of client employees will remain private and confidential to Split Dimension unless signed medical consent is provided.
  • Records will be maintained either at Split Dimension premises or on site at client premises where suitable arrangements are in place.
  • All records will be kept locked at all times and only be accessible to Split Dimension.
  • All electronic records and information will be kept on secure and protected systems, encrypted where necessary.
  • All occupational health records, whether hard copy or electronic will be kept in such a way that they can be transferred to a different OH provider should this be required.  Transfer will only take place once appropriate employee permission has been received and in a way that ensures confidentiality of all records,
  • All occupational health records, whether hard copy or electronic will be destroyed 6 years after an employee has left the employment of the client except for any statutory health surveillance data.
  • Statutory health surveillance data will be kept in accordance with legislative requirements.

The following Privacy Statement should be shared with an employee at the time of referral and consultation:

“Any information or data shared with Split Dimension Ltd forms part of an occupational health record which contains personal, sensitive, health related information, the management of which is governed by the General Data Protection Regulation 2018 and guidance by the Faculty of Occupational Medicine and Nursing and Midwifery Council. That information will be stored appropriately and not shared outside of the above consents without further consent being obtained. Occupational health records are stored for 6 years following the last year of employment before being destroyed unless other statutory requirements, e.g., for health surveillance, apply.

Split Dimension Ltd will only contact you about the above information in relation to your health at work at your current employer. Outside of the above consents, legislation and guidance, occupational health records can only be seen by the person to whom they refer, Split Dimension Ltd or following a request by a court of law and will not be disclosed for any other reason”.

Disclosure

Information about an individual may only be disclosed to a third party outside of Split Dimension if:

  • The individual concerned has given informed and expressed consent.
  • Provision of such information is required by a court of law.
  • Agreed anonymous disclosure is for the purposes of medical research approved by an ethics committee.
  • Disclosure is in the public interest.

All such enquiries about an individual, or individuals, whether from a third person or from the individual personally, must be referred to a clinical member of staff.  No medical or health advice, information, recommendations or opinion is to be given by administrative staff.

Information Technology

Split Dimension recognises that IT systems can be vulnerable.

  • All computers, laptops, phones, network storage and other IT equipment will be password protected.
  • We will maintain suitable and up to date anti-virus and anti-malware software.
  • All electronic information will be backed up on a 24 hour basis.
  • Reports and other correspondence will be password protected where required and appropriate.

Client Information

All client information will be treated in the same way as employee and clinical information.  The nature of our client relationships means that a reasonable level of communication will be required.  Otherwise we will not seek to make contact where there is not reasonable cause to do so.  Client information including names and details of contacts will not be passed on without permission.

Clinical Staff

All Clinical staff, whether employed or associate will be required to sign that they understand the implications of this policy every 2 years or when there has been a significant change.

Administrative Staff

Any matter relating to clients and their employees including personal details, health or medical information, including diagnosis, investigation, or treatment, advice sought and/or given whether from patients’ records or from other sources must not be divulged to any third party by administrative staff without exception. All administrative staff, whether employed or associate will be required to sign that they understand the implications of this policy every 2 years or when there has been a significant change.

Any breaches of the above may result in disciplinary action including dismissal.

Signature

Mr Lindsey Hall

Director

May 2018