Data Protection Code Part 4: employee health records

Q What is the purpose of the Data Protection Code Part 4?

A The Data Protection Act 1998 places responsibilities on employers to process the information they hold in a fair and proper way. The Information Commissioner has published a code containing guidance for employers and Part 4 is the final instalment of the code. It addresses the collection and subsequent use of information about workers’ physical or mental health, including sickness records.

Q Are employers prevented from keeping health records unless an individual’s consent is obtained?

A Information about workers’ health, including sickness records, constitutes sensitive personal data. The sensitive data rules limit the circumstances in which processing can take place. Health information can be processed without a worker’s explicit consent if one of the other sensitive data rules can be satisfied. For example:

– Where the processing is necessary to enable the employer to meet its legal obligations

– Where the processing is in connection with actual or prospective legal proceedings

– Where the processing is necessary for medical purposes and is carried out by a health professional.

– Where sickness records are kept solely to comply with statutory sick pay requirements, it is clear that a sensitive data requirement can be satisfied (ie, the processing is necessary to meet legal obligations) and consent will not be required. However, in relation to the keeping of more general sickness records (eg for the purpose of managing long-term sickness absence) it is less clear that a sensitive data condition can be satisfied.

The commissioner considers it unsatisfactory if employers have to rely on workers’ consent to keep sickness records. He feels that if records are kept and used in a reasonable manner, the employer is likely to be able to rely on the condition that the processing is necessary to enable it to comply with a legal obligation associated with employment. The Data Protection Act 1998 currently does not place the question beyond doubt, but the Commissioner understands the Government is considering changes to the law that will do so.

Q Why should employers review how sickness and absence records are kept?

A The code distinguishes between records that include sensitive data and those that do not. Sickness and injury records contain details of a worker’s illness and/or injury, and are therefore sensitive data. This means that one of the sensitive data conditions must be satisfied before an employer can process such data.

However, absence records stating only the reason for an absence (ie, sickness or accident) do not refer to the worker’s specific medical condition and therefore do not constitute sensitive personal data. Some employers use accident records, and should note that these will constitute injury records, and will therefore be categorised as sensitive data if they include details of an injury suffered by an identifiable worker.

Thus, employers would be well advised both to review how sickness and accident records are currently kept, and to ensure that information about workers’ health is not accessed when only information on absences or the circumstances of accidents at work is needed – for example, to calculate a benefit, it may only be necessary to see the length of absence rather than the nature of the sickness.

If computer-based systems are used, employers should consider separating sickness and injury records from absence records with additional password protection.

Q To what extent can sickness records be used by managers?

A Managers should only be provided with sickness and injury records about those who work for them in so far as it is necessary for them to carry out their role. For example, an individual’s number of days’ absence may be disclosed to a manager for the purpose of providing a reference.

A manager should be merely concerned with the impact of a medical condition on a worker’s fitness for work, rather than the medical details. They may access a worker’s sickness record for the purpose of investigating repeated or long-term absence.

The total amount of sickness absence by department or section may also be published provided that individual workers cannot be identified. However, the Supplementary Guide to the Code stresses that league tables of sickness absences of individual workers should not be published, because the invasion of privacy would be disproportionate to any managerial benefit.

Employers should ensure that managers are aware of the sensitive nature of sickness and injury records, and the circumstances under which there may be a legal obligation to disclose information.

Comments are closed.