Privacy Notice

Data Processing and Storage Consent Form

Oakwood OH Consultancy’s staff collect personal and clinical information as part of our occupational health assessments and health surveillance. Administrative details regarding the employee are taken at the time of booking. Clinical information is recorded at the time of the assessment by our trained Occupational Health Doctors and Nurses. This information is necessary to ensure the correct employees are being assessed and the correct information is obtained in order to provide accurate advice to help support employees and their managers.

Only the minimum relevant information is collected in order to complete our assessment.

This information is stored in the following ways:

1. Scanned and saved electronically on encrypted cloud storage. The cloud storage data is backed up weekly onto a password protected storage drive. Paper notes are then securely shredded once securely stored in these 2 locations.
2. In the event of receipt of paper records of Occupational Health records from another provider following the receipt of appropriate consent from the individual, paper records are securely scanned in the manner outlined above.

NB Please note if we are accessing a shared folder on a client’s secure cloud storage, individual files/reports may be downloaded, completed and uploaded back to the client’s secure cloud storage. Individual files are then securely, electronically shredded once as the upload is complete.

The length of time records are stored depends on the nature of the assessment and if we are assessing your case ourselves (a direct contract with your employer) or if it is for another occupational health provider (we do see cases for other providers in order to minimize geographical travel for the employee).

1. Information for our own clients is stored on our secure, encrypted cloud storage that can only be accessed on a password protected PC with 2 step verification by approved users. The records are stored for a period of 6 years as outlined by our data protection policy and in accordance with faculty guidance (https://www.fom.ac.uk/media-events/news/guidance/guidance-onthe-general-data-protection-regulation).
2. Clinical notes and reports for other Occupational Health providers are scanned electronically on the day of the assessment and saved to a secure, encrypted cloud storage system or stored locally on a password protected encrypted PC depending on their instructions. Any clinical notes, reports, certificates and/or consent forms are sent to the parent Occupational Health company by secure methods within 2 working days with clear instructions to confirm receipt. This is then stored by Oakwood OH Consultancy for 1 month before being securely deleted. Other Occupational Health Providers should have privacy notices to help you understand how they may process your information. We can provide you with contact information for them as required.
3. Health surveillance records – these are currently kept for 40 or 50 years depending on what legislation the health surveillance relates to. These are important records to track employees’ health if the event they are exposed to hazards at work that might have long-term health effects.
4. Emails (either direct emails or web enquiries) - these are stored for 6 months to allow resolution of potential disputes regarding appointment bookings and invoice queries that may arise during this period of time unless it is clear they should be kept longer in the case of an active investigation, clinical concern or contractual dispute.
5. Specific industry medicals not covered by health surveillance legislation - An example would be an OEUK medical for offshore work. These notes would be stored for the duration of the certificate’s validity and for 6 months longer than to allow access for notes in case the worker returns for a repeat medical.

The Occupational Health doctor or nurse will be able to clarify which category, or categories, your assessment today falls into if you have any questions.

When sharing your information with your employer, we ensure written consent is obtained as per General Medical Council guidance. We will not share information without your expressed consent.

If consent is given, we either post or email the report to you and your employer depending on your choice. Any information sent electronically is sent via password protected link (with an expiration date of 30 days) from our encrypted cloud storage.

• If you change your mind about your consent choice in the future, please let us know and we will respect your wishes. You have the right to withdraw consent at any time. If other legislation means we have to store this information we will explain this to you and Oakwood OH Consultancy’s Data Controller can liaise with the information commissioner’s office if further clarification is needed.
• If you change employer, please let us know (admin@oakwoodoh.co.uk). We can arrange transfer of your records to your new employer’s occupational health provider, with your consent. If you require access to your records, a request can be made in writing and a free electronic or paper copy can be provided once identity checks have been completed.
• Oakwood OH Consultancy is registered with the Information Commissioner’s Office. If you have any concerns regarding our practice, please let us know. In the unlikely event you are dissatisfied with the way we process your information, further clarification can be sought from the Information Commissioner’s Office directly.