Confidentiality and occupational health: Your secret’s safe with OH

One of the most difficult aspects of occupational health practice arises when OH nurses and doctors are asked to divulge information about an employee’s health by the HR department or manager, usually when they are concerned about that employee’s absence record or ability to do the job.

Confidentiality has been defined by the International Organization for Standardization1 as “ensuring that information is accessible only to those authorised to have access”. It also refers to an ethical principle associated with several professions (for example, medicine, the law and religion).

In ethics and in law, some types of communication between a person and one of these professions is ‘privileged’ and may not be discussed or divulged to third parties, and there are usually penalties for its violation. Confidentiality is the most frequent topic of concern among members contacting the Royal College of Nursing (RCN), according to the RCN professional adviser, Carol Bannister.


The issue causes a lot of stress for OH staff arising from conflict with management, and particularly HR, over what can and cannot be divulged about individual employees.

Although the general public believes that doctors are bound by the Hippocratic oath, they often fail to appreciate that nurses are also bound by a professional code of practice too.2 Today, most medical schools do not require doctors to take the oath, and it is generally accepted that confidentiality is a fundamental principle of medical practice.3

Even in the working environment, the Chartered Institute of Personnel and Development’s (CIPD)4 professional code of practice states that its members must respect legitimate needs and confidentiality. Yet some HR professionals now believe they have a right to see confidential client information, and many fail to understand what is commonly known as ‘medical confidentiality’.

Such managers do not appreciate that medical confidentiality is the duty of confidentiality expected of a nurse or doctor, and that they cannot practise without being registered with their professional body. Any breach of confidentiality risks the loss of their licence to practise. Personnel officers and HR managers are not necessarily members of the CIPD, and there is no statutory requirement for them to join, so it cannot be said that they must obey a professional code of practice. This is a factor many of them forget when making demands on OH personnel.

This article aims to consider the various factors relevant to confidentiality in OH practice, and to offer some practical advice on how to overcome these difficulties.

One of the earliest known court cases about confidentiality was that of Prince Albert v Strange 1849. Queen Victoria and Prince Albert had made some etchings which they had arranged to have printed for private use. When one of the printer’s employees passed these onto a third person, there was a court action, and an injunction was taken out to prevent publication as it was a “breach of confidentiality” and, as the law sees it, an “unauthorised use of information”.

The same concept of unauthorised use of information often applies to breaches of confidentiality involving occupational health information. Besides, a patient or client places an implied trust and confidence in a healthcare professional.

Legal requirements

Today in the workplace and in OH practice there are legal requirements under the Data Protection Act and guidance issued by the Information Commissioner5 which classes information on employees’ health, among other information, as sensitive data.

The Royal College of Nursing6 and the Faculty of Occupational Medicine3 both give clear guidelines on confidentiality for OH doctors and nurses. All of the references and resources given with this article repeat the same advice and many of the publications give relevant case study examples.

Confidentiality is a diverse topic with many shades of grey. It is important to remember that co-operation with others does not mean breaching confidentiality the skill is being able to find a way forward suitable for all involved. Thinking positively about how you can help both client and employer is key. Kloss7 in her 2006 article suggests the following points which are as relevant today as they were then:

Under common law, employers have a duty of confidence to employees, as do nurses to their clients

  • A nurse can reveal anything with the consent of the employee
  • If the employee refuses to give consent, the OH professional should not break confidence unless it is necessary to protect others
  • If a legal duty overrides the duty of confidence the nurse has no choice but to break the confidence
  • The Information Commissioner in the Code of Practice states that OH records are, or should be, in control of the OH department, and not the employer.

Greta Thornbory is an occupational health nurse adviser and consulting editor of Occupational Health.

Data protection and occupational health

The Employment Practices Data protection Code part 4: Information about workers’ health, section 4.2 gives good practice recommendations for employers with occupational health schemes. It does not provide detailed professional guidance to doctors, nurses and others involved in such schemes.

  1. Ensure workers are aware of how information about their health will be used and who will have access to it.

Key points and possible actions

  • Unless told otherwise, workers are entitled to assume that information they give to a doctor, nurse or other health professional will be treated in confidence and not passed on to others.
  • Set out clearly to employees, preferably in writing, how information they supply in the context of an occupational health scheme will be used, who it might be made available to, and why.

2.    Do not compromise any confidentiality of communications between workers and health professionals in an occupational
health service.

Key points and possible actions

  • If workers are allowed to use telephone or e-mail for confidential communication with their occupational health service, do not compromise this confidentiality by monitoring the contents of these communications.

3.     Act in a way that is consistent with the Guidance on Ethics for Occupational Physicians published by the Faculty of
Occupational Medicine.

Key points and possible actions

  • Although this is guidance for occupational physicians rather than employers, it should give you a clear understanding of the legal and ethical constraints that apply to the exchange of information when working with occupational health professionals.

Case study 1

At a pre-employment health assessment, a partially sighted employee, Mr Brown, admits that he can only read clearly if he has text enlarged. He is embarrassed by his disability. Although he has disclosed his disability to the occupational health nurse, Brown has requested strict confidentiality on the matter.

Normally the company would make special provision for visually impaired employees, but Brown does not want this as he does not want to be seen to be treated differently from other employees. The OH nurse tells him that she would like to make a note of their conversation for his records, but he refuses. The OH nurse is also aware that the post requires field work, and believes Brown might have some difficulty fully participating in it.

Brown will also have an annual performance review, but insists that he does not want any adjustments made which will make his disability apparent to his colleagues. What should the OH nurse do/say following Brown’s disclosure?

The OH nurse should take the following steps:

1.     Discuss the required level of confidentiality and encourage Brown to allow her to pass the information on to only relevant and/or nominated members of staff to enable the employer to provide support and comply with the Disability Discrimination Act. She may need to explain this to the employee and refer him to guidance from the Equality and Human Rights Commission9 for more information.

Verbeek and Huslhof10 say that if the client does not give their consent to divulge any information, then the OH professional has no option other than to remain restricted to a statement about their fitness to work, stating that Brown is fit for work subject to certain adjustments. If this is the case, then the recruiting manager may well want some further explanation.

2.     The OH nurse should record in writing her conversation with Mr Brown and, if possible, get him to sign a copy of his notes regarding the conversation. Even if he is not happy with the fact that the OH nurse is recording the conversation in writing, it is essential that she does so in order that there is some record.

She should explain that she is professionally required to do this11. It also serves to show that the employer has not discriminated against him by failing to act on information provided. The OH nurse must advise Mr Brown that the information may be used/further disclosed if she considers this essential at any point where health and safety or public policy is concerned.

3.    Consider whether and what adjustments can be made without further disclosure of information about Brown, and implement these as appropriate.

Case study 2

Mrs Smith, head of IT services, phones the OH department because she is concerned about one of her staff. Anita has been off sick several times recently and she is leaving work early. Her performance is not up to its usual standard. Smith has spoken to Anita about this on more than one occasion, and she asks the OH nurse if she knows whether there is some health reason for this. If you were the OH nurse, how would you deal with this?

Firstly, it is important that the OH nurse does not immediately say Smith cannot do this and bring in the argument about confidentiality, as this is guaranteed to annoy managers and is a negative way to communicate.

Being up-beat, positive and offering to help is the best way forward. Where there are robust company policy and procedures and formal methods of referral, then the best way forward is to suggest that Mrs Smith refers Anita through the usual channels, so that the OH service can explore this further and make a proper and formal report.

These policies and procedures should have been drawn up by managers, occupational health services and employees, often via trade union or staff representatives. Referral will then be agreed with the referring manager and the relevant employee and a statement signed saying:

‘I confirm that the reasons regarding this referral have been discussed with me and I consent to a report being prepared by the occupational health department in relation to this referral. I accept that information relating to this referral will be held under the rules governing medical confidentiality and the Data Protection Act’.8

However, many organisations do not seem to have developed such procedures and expect OH professionals to disclose entrusted information. This is often where the conflict lies.

It is best wherever possible to get the employee to sign a suitable ‘consent for disclosure’ statement and the OH department should have a suitable form or proforma to do this.

Sometimes the employee refuses consent because the line manager is the problem, as is often the case with stress-related illnesses and when bullying might be the cause of the problem. In this case the OH nurse may well need to consider gaining consent to take the details to a more senior member of staff.

Remember that the person to whom the information relates is the person who makes the decision as to what is said to whom about them. OH professionals sometimes believe wrongly that no-one has a right to the information, even with the employee’s consent. The employee can also make the disclosure him/herself, and there are occasions when the employee should be encouraged to do this if this is the best way to resolve the issue between the employee and their manager.

Where there are health and safety implications, the OH professional would have a duty to disclose whether the lives or the health of the individual or others were being put at risk – for example, if it was known that someone was about to drive a vehicle on the public highway while under the influence of drink or drugs, or they had some highly infectious disease.


  1. last accessed 31.01.08
  2.  Nursing and Midwifery Council (2004) The NMC code of professional conduct: standards for conduct, performance and ethics
  3.  Faculty of Occupational Medicine (2006) Guidance on ethics for occupational physicians, London: Faculty of Occupational Medicine
  4.  CIPD (2004) Code of professional conduct and disciplinary procedures, London : CIPD
  5.  The Employment Practices Data Protection Code: part 4: information about workers health last accessed 30.01.08
  6.  Royal College of Nursing (2003) Confidentiality RCN guidance for occupational health nurses, downloadable as a pdf file from
  7.  Kloss D (2006) Legal basis of maintaining confidentiality: keep it to yourself, Occupational Health, March 2006
  8. ›Lewis J Thornbory G (2006) Employment law and occupational health: a practical handbook, Oxford: Blackwell Publishing Ltd
  9. last accessed 30.01.08
  10.  Verbeek J Hulshof C (2004) Work disability assessment in the Netherlands in Westerholm P, Nistun T, Ovretveit (2004) Practical Ethics in Occupational Health, Oxford: Radcliffe Medical Press Ltd
  11.  Nursing and Midwifery Council (2007) NMC Record Keeping Guidance last accessed 31.01.08
Comments are closed.