GDPR

Spirit Occupational Health Service Ltd is committed to ensuring the protection of, confidentiality and privacy of information entrusted to us by any individual and to ensure the data we hold is secure at all times.

Data Protection and Confidentiality is a fundamental aspect of our ethical codes of conduct and a central to our relationships with our employees, customers and their employees. Spirit Occupational Health Service will not only comply with the requirements of the current data protection legislation, but additionally meet all our ethical and professional bodies’ guidelines and codes of practice regarding privacy and confidentiality.

Information held on our customers’ employees include both personal and sensitive data including name, date of birth, address, limited employment data and information regarding their health. This information has been supplied to the OH Service by the customer/employee themselves or their GP/Specialist directly following informed consent. It will only ever be used for the purposes of providing occupational health services and will not be shared with any third parties for any other activity. We will not process any data shared with us without consent.

Records held by Spirit Occupational Health Service are audited as part of our clinical governance protocols, with consent but any outcomes will be anonymous and not contain any identifiable information.

Our commitment to you with regard to your data:

  • We will process your data lawfully, fairly and in a transparent manner, ensuring we only collect the data for specific, explicit and legitimate purposes
  • We will inform you of what information we are processing about you, and will never use it for any other purposes, such as marketing etc.
  • We will ensure the data is relevant, adequate and limited to what we need to know to assess your fitness for work or wellbeing
  • We will endeavour to ensure the data is accurate and, where necessary, kept up to date
  • We will process it in a manner that ensures suitable and sufficient security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
  • We will not hold the data for longer than necessary – Generally occupational health data is kept for a period of 8 years after the last annotation, however for statutory documents (such as health surveillance records) we will need to keep them for up to 40 or 50 years, depending on which type of record they are
  • Spirit Occupational Health Service will not transfer any of your data outside the United Kingdom or EEA.
  • For all storing, processing and sharing of data, an individual’s consent must be freely given, having been specifically informed and an unambiguous indication of the individual’s wishes documented. Individuals have a right to withdraw their consent at any time
  • An individual has the right to have inaccuracies amended. Any factual inaccuracies will be amended promptly and the information noted on the case/file. This right does not however include an individual’s right to have ‘clinical opinions’ amended, this remains the decision of the clinical author of the document.

Subject Access Requests

Individuals may request copies of their occupational health records or parts thereof, at any time. These requests are known as subject access requests (SARs).  If an individual wants access to their occupational health records, the request must be made in writing containing a signature, (if in letter form); otherwise the letter or e mail must include: full name and title (Miss/Mrs/Ms/Mr) – date of birth – current address – reason for request. If we receive the request by e-mail, we may make an additional security checks to ensure you are who you say you are. This is designed to protect your information.

If the request comes from a third party, such as a solicitor, then it is essential that we have the following information included along with a signed/dated consent form from the individual (i.e. the consent must contain the words ‘I consent to the release..’): The individual’s full name and title -Their date of birth -Their address -They must also expressly request their occupational health records from  Spirit Occupational Health Service (please do not ask for the occupational health records from their company as these records will only be the outcome reports which the company hold and not our full/exert of records requested). If we receive a request from a third party we may contact you to verify that the request is legitimate and you have asked them to request the data.