Privacy Notices

NHS Shetland Board Main Privacy Notice
Staff Privacy Notice
You are here: Occupational Health Privacy Notice

Occupational Health Privacy Notice

This privacy notice explains how we use your personal information in providing occupational health services and your rights regarding that information.

NHS Shetland policies and procedures apply to NHS Shetland Occupational Health Services and this privacy notice should be read in conjunction with the NHS Shetland Privacy Notices, available on the NHS Shetland website.

The Occupational Health Department is committed to protecting the rights of the individual, acknowledging that any personal data handled will be processed in accordance with the Data Protection Act 2018 (DPA) and the General Data Protection Regulations (GDPR) 2016.

If you have any questions about the processing of your data, please contact
shet.occupationalhealth@nhs.scot or the NHS Shetland Data Protection Officer at
shet.dpo@nhs.scot

What data will be collected?

The following data may be collected during the process of providing occupational health service to you and your Employer:

Personal information, e.g. name, address, date of birth
Personal characteristics, e.g. ethnicity, gender
Past and present job roles
Health/medical information

Who will the data be collected from?

You (the data subject)
Your Manager and Human Resources
Health Specialists/Services that we may refer you to as part of our assessment process
With your consent, your GP or other Specialists from whom you have received treatment

How will the Data be collected?

Verbally, either by telephone or face to face conversations
In writing, this may be forms you and/or your manager may complete as part of Occupational Health processes, or reports/letters sent to us from other parties, e.g. your GP. These may be sent to us electronically or by post.

Why is the data collected?

The lawful basis for collecting/processing your Occupational Health data is set out in the NHS Shetland Privacy Notices.

How long will your data be held for?

New employee assessments will form part of an occupational health record unless the individual has not been successfully appointed to the post. If an individual is not appointed the data will be only be kept for 2 years unless there is a good clinical or legal reason to retain it longer.
Most other records will be held for 6 years after leaving employment or 75 years of age (whichever is soonest) unless there is a recognised clinical need or statutory requirement to retain it for longer, e.g. Health Surveillance information will be stored for 40 years to comply with the Health and Safety Executive (HSE) and the Control of Substances Hazardous to Health (COSHH) 2002 legislation.

How will the data be stored?

Electronic records are stored on a secure server
Paper records are stored in locked filing cabinets

Occupational Health records are only accessible to Occupational Health personnel.

Who will data be shared with?

Our consent to share procedures are undertaken in line with GMC/NMC and FOM Ethics guidance and information about you will not be shared without your knowledge and consent.

You have the right to withdraw consent to share at any time, for any reason. Please ensure the department have received this information.
Disclosure of information without consent may occur when disclosure is required by law or is in the public interest. This type of disclosure would be assessed on a case by case basis, using only information necessary for the specific purpose and circumstance requested with appropriate security measures in place.

What are your rights?

You have the right to see information held about you in your Occupational Health record. Any request should be made in writing and will be responded to within four weeks, without charge. Charges for this information may apply if the request is excessive or repetitive.
You can authorise a third party to exercise your right of access to your information, in this instance we may require additional written consent to protect your medical confidentiality under our legal and ethical duty.
You can also request that an amendment is attached to your record if you believe any of the information held is inaccurate or misleading.
In the case of a request for erasure, retention may be lawful e.g. if required for legal compliance.
More information about your rights is available in the main NHS Shetland Privacy Notices.

Should you require any further information please contact the Occupational Health Department Manager via shet.occupationalhealth@nhs.scot

Next page : You are on the last page
Previous page : Staff Privacy Notice