We are committed to safeguarding and preserving the privacy of our visitors and customers and comply fully with the General Data Protection Regulation for information within our control.
Information We Collect
In order for us to provide Occupational Health services to patients, personal and often sensitive medical information needs to be obtained.
All of our consultations are with doctors, or sometimes nurses, who all have well-established professional obligations to maintain confidentiality. Without this, we would not be able to provide effective care to our patients.
Your consent to us collecting personal, sensitive information and to proceed with a consultation is necessary before we can perform a consultation with you. It would not be possible for us to provide an Occupational Health assessment without keeping a clinical record as this is a professional requirement for registered practitioners. Consent for us to process personal sensitive medical information is not consent for
us to write to anyone else, including your employer.
During an OH consultation, the clinician will ask about health issues and your work and you will see them writing a clinical record. This is a confidential file and is not accessible by your employer. You can of course see any information we keep about you at any time upon request.
In running and maintaining our website we may collect and process the following
data about you:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
- Information provided voluntarily by you. For example, when you register for information or make a purchase/booking.
- Information that you provide when you communicate with us by any means.
Information we may send to your employer
Your consent is required before we would send personal information to your employer, such as an outcome report from your consultation. The clinician will discuss with you the information they would like to send to the employer. You can have a copy of this information.
Sometimes employers may need guidance or clarification on the report. The clinician will consider if there is a need to notify you before sending such additional information. If the supplementary advice given does not contain more sensitive personal information than the original report and does not alter the opinion of the original report, then additional consent is not usually requested. However, if there is a material change to the report and the associated information and advice, you will be contacted, or a further consultation will be requested.
The receiving employer is expected to maintain appropriate data security for the Occupational Health reports and advice we provide to them and this is covered by our Data Sharing Agreement.
Data Sharing Agreement
Your confidential Occupational Health record is not accessible by your employer and is never shared.
It is a requirement for employers making referrals to MacOH Ltd to agree to our Data Sharing Agreement. This outlines the responsibilities of the referring employer and MacOH Ltd for managing your personal information. In particular, it covers data security and confidentiality responsibilities. It also ensures you are aware of what information is being sent to us by your employer and that suitable controls are in
place once the employer receives your OH report.
Legal Basis for processing information
We process personal sensitive information in accordance with the General Data Protection Regulations (GDPR) on the lawful basis of with Consent and for the purpose of Occupational Medicine.
Categories of personal data
We process personal information such as name, address and date of birth. We also collect occupational information and medical information including symptoms, history and treatments you may be undergoing. This medical information is regarded as Special Category Data.
Recipients of personal data
Your information which we receive from an employer is only accessed by our own administration team and staff doctors and nurses. All staff have contractual confidentiality agreements and our processes are designed to maintain confidentiality.
Our OH output reports are sent securely to the named recipient, usually a Human Resources officer or Manager. You will know who the report is going to at the point that we request consent for dispatch.
Retention periods for your data
Most OH records that involve OH consultation will be kept for 10 years from the date of the last entry. This is a generally accepted timescale.
Health Surveillance records (such as hearing and breathing tests) should be kept for 40 years. This is because sometimes industrial diseases can develop later on in life so such records should be retained. This is a recommendation from the Health & Safety executive. Most of the records we hold are not Health Surveillance records. Pre-employment health questionnaires will be retained for 3 years.
Rights of Individuals
The GDPR has strengthened the rights of individuals with regard to data about them.
These rights are outlined below:
Right to be informed: This Privacy Notice is one of the ways we make sure you are informed about the sensitive personal information we collect.
Right of access: You have the right of access to personal data we hold about you. If you would like access, please contact firstname.lastname@example.org. We will ascertain your identity and then forward you the requested data as soon as possible. We do not normally make any charges for providing this information.
Right to rectification: If you feel that information we hold is inaccurate or incomplete, please contact email@example.com. We will review the area you would like rectified and if this is appropriate, we will make the change. If we do not agree to the change, you have the right to complain to the Information Commissioner.
Right to erasure: If you would like us to consider erasing the personal information we hold about you, please contact firstname.lastname@example.org. Your request will be passed to the relevant Data Protection Officer who will want to discuss this with you.
Sometimes Occupational Health records form important medicolegal documents for the exercise or defence of legal claims, such as with Health Surveillance records where such assessment is a statutory requirement. In such cases, we may not be able to agree to the erasure of your personal information.
Right to restrict processing: Once your personal information has been obtained, you have the right to restrict further processing. This means there will be no more activity involving your data other than it being still held by us. This might arise if you did not wish to have any further OH involvement as we require consent to provide OH advice.
We may gather information about your general internet use by using a cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details
Use of Your Information
We use the information that we collect from you to provide our services to you. In addition to this we may use the information for one or more of the following purposes:
- To provide information to you that you request from us relating to our products or services.
- To provide information to you relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information.
- To inform you of any changes to our website, services or goods and products.
If you have previously purchased goods or services from us, we may provide to you details of similar goods or services, or other goods and services, that you may be interested in.
Where your consent has been provided in advance we may allow selected third parties to use your data to enable them to provide you with information regarding unrelated goods and services which we believe may interest you. Where such consent has been provided it can be withdrawn by you at any time.
Storing Your Personal Data
In operating our website, it may become necessary to transfer data that we collect from you to locations outside of the European Union for processing and storing. By providing your personal data to us, you agree to this transfer, storing or processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely.
Unfortunately, the sending of information via the internet is not totally secure and on occasion, such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically, sending such information is entirely at your own risk.
Disclosing Your Information
- In the event that we sell any or all of our business to the buyer.
- Where we are legally required by law to disclose your personal information.
- To further fraud protection and reduce the risk of fraud.
Third Party Links