Good Practice Recommendations – Part 4
The parts of the Code in this section are:
4.1 Information about workers’ health: general considerations
4.2 Occupational health schemes
4.3 Information from medical examination and testing
4.4 Information from drug & alcohol testing
4.5 Information from genetic testing
Sickness and Injury records are dealt with in Part 2 of the Code. See this section here and this section.
4.1 Information about workers’ health: general considerations
Core Principles
- It will be intrusive and may be highly intrusive to obtain information about your workers’ health.
- Workers have legitimate expectations that they can keep their personal health information private and that employers will respect their privacy.
- If employers wish to collect and hold information on their workers’ health, they should be clear about the purpose and satisfied that this is justified by real benefits that will be delivered.
- One of the sensitive data conditions must be satisfied.
- Workers should be aware of the extent to which information about their health is held and the reasons for which it is held.
- Decisions on a worker’s suitability for particular work are properly management decisions but the interpretation of medical information should be left to a suitably qualified health professional.
4.1.1 Identify who within the organisation can authorise or carry out the collection of information about workers’ health on behalf of the organisation and ensure they are aware of their employer’s responsibilities under the Act.
Key points and possible actions
- Those who handle information about workers’ health, or who can authorise the collection of such information, should be briefed on the Act and this Code.
- There are non-compliance risks if those lacking proper authority and any necessary training introduce the collection of health information and in particular medical testing.
- Leave the interpretation of medical information to those who are qualified to do this.
4.1.2 If health information is to be collected ensure a sensitive data condition can be satisfied.
Key points and possible actions
- The collection and use of information about workers’ health is against the law unless a sensitive data condition is satisfied.
- In general employers should only collect health information where this is necessary for the protection of health and safety, to prevent discrimination on the grounds of disability, to satisfy other legal obligations or if each worker affected has given his or her explicit consent.
- If consent is to be relied on, it must be freely given. That means a worker must be able to say ‘no’ without penalty and must be able to withdraw consent once given. Blanket consent obtained at the outset of employment cannot always be relied on.
- Consent should not be confined to the testing itself, it should also cover the subsequent recording, use and disclosure of the test results.
4.1.3 Identify clearly the purposes behind the collection of information about workers’ health and the specific business benefits which it is likely to bring.
Key points and possible actions
- Identify the collection and use of information about workers’ health that currently takes place in your organisation.
- Identify any collection or use of information about workers’ health that you plan to implement.
- Consider conducting an impact assessment on current or planned collection and use of health information.
See here for information on how to carry out an impact assessment.
4.1.4 Protect information about workers’ health with appropriate security measures. Ensure that wherever practicable only suitably qualified health professionals have access to medical details.
Key points and possible actions
- Managers should not have access to more information about a worker’s health than is necessary for them to carry out their management responsibilities. As far as possible the information should be confined to that necessary to establish fitness to work, rather than consist of more general medical details.
- Safety representatives should be provided with anonymised information unless any workers concerned have consented to the provision of information in an identifiable form.
- Unless the general standard of information security in your organisation is sufficiently high, medical information about workers should be separated from other personnel information, for example by keeping it in a sealed envelope, or subject to additional access controls on an electronic system.
- Information about workers’ health collected to run a pension or insurance scheme should not be available to the employer unless this is necessary for the employer’s role in administering the scheme.
4.1.5 Do not collect more information about workers’ health than is necessary for the purpose(s) behind its collection.
Key points and possible actions
- Review any health questionnaires to ensure that only information that is really needed is
collected. - If commissioning a medical report on a sick employee, seek information on the worker’s fitness for continued employment rather than medical details.
- Do not ask workers to consent to the disclosure of their entire general practitioner record as a matter of expediency. Only seek the disclosure of the whole record, or substantial parts of it, where this is genuinely necessary.
- If seeking a report from a worker’s general practitioner or other medical practitioner who has been responsible for the care of the worker, ensure that you meet the requirements of the Access to Medical Reports Act 1988. This includes obtaining the worker’s consent to your application for a report.
4.2 Occupational health schemes
This sub-section gives good practice recommendations for employers with occupational health schemes. It does not provide detailed professional guidance to doctors, nurses and others involved in such schemes.
4.2.1 Ensure workers are aware of how information about their health will be used and who will have access to it.
Key points and possible actions
- Unless told otherwise workers are entitled to assume that information they give to a doctor, nurse or other health professional will be treated in confidence and not passed to others.
- Set out clearly to workers, preferably in writing, how information they supply in the context of an
occupational health scheme will be used, who it might be made available to and why.
4.2.2 Do not compromise any confidentiality of communications between workers and health professionals in an occupational health service.
Key points and possible actions
- If workers are allowed to use telephone or e-mail for confidential communication with their occupational health service, do not compromise this confidentiality by monitoring the contents of these communications.
4.2.3 Act in a way that is consistent with the Guidance on Ethics for Occupational Physicians published by the Faculty of Occupational Medicine.
Key points and possible actions
- Although this is guidance for occupational physicians rather than employers, it should give you a clear understanding of the legal and ethical constraints that apply to the exchange of information when working with occupational health professionals.
4.3 Information from medical examination and testing
This sub-section gives good practice recommendations specific to the collection and handling of information derived from medical examination and testing. The general recommendations in section 4.1 should also be taken into account.
Employers should bear in mind that obtaining a worker’s consent or satisfying another sensitive data condition is not, on its own, sufficient to ensure data protection compliance. There is still an obligation to ensure that information obtained through medical examination is relevant, is accurate, is up to date and is kept secure.
4.3.1 Where information obtained from medical testing is used to enforce the organisation’s rules and standards make sure that the rules and standards are clearly set out in a policy which workers are aware of.
Key points and possible actions
- Ensure workers understand these rules and standards.
- Set out the circumstances in which medical testing may take place, the nature of the testing, how information obtained through testing will be used, and the safeguards that are in place for the workers that are subject to it.
4.3.2 Only obtain information through medical examination or testing of applicants or other potential workers at an appropriate point in the recruitment process, i.e. where there is a likelihood of appointing them. You must also be satisfied that the testing is a necessary and justified measure to:
- Determine whether the potential worker is fit or likely to remain fit to carry out the job in question, or
- Meet any legal requirements for testing, or
- Determine the terms on which a potential worker is eligible to join a pension or insurance scheme.
Key points and possible actions
- Record the business purpose for which examination or testing is to be introduced and the sensitive data condition that can be satisfied.
- Consider less intrusive ways of meeting the objectives, for example using a health questionnaire as an alternative to a medical examination or as a means to select those required to undergo a full examination.
- Only carry out a pre-employment medical examination or medical testing where there is a real likelihood that the individual will be appointed.
- Make it clear early on in the recruitment process that individuals may be subjected to medical examination or testing once there is a likelihood that they will be appointed.
4.3.3 Only obtain information through a medical examination or medical testing of current workers if the testing is part of a occupational health and safety programme that workers have a free choice to participate in, or you are satisfied that it is a necessary and justified measure to:
- Prevent a significant risk to the health and safety of the worker, or others, or
- Determine a particular worker’s fitness for carrying out his or her job, or
- Determine whether a worker is fit to return to work after a period of sickness absence, or when this might be the case, or
- Determine the worker’s entitlement to health related benefits eg sick pay, or
- Prevent discrimination against workers on the grounds of disability or assess the need to make reasonable adjustments to the working environment, or
- Comply with other legal obligations.
Key points and possible actions
- Record the business purpose for which the programme of examination or testing of workers is to be introduced and the sensitive data condition that can be satisfied.
- Establish and document who will be tested, what precisely are they being tested for, the frequency of testing, and the consequences of a positive or negative test.
- Consider less intrusive ways of meeting the employer’s objectives, for example collecting information via a health questionnaire either as a first stage or as an alternative to a medical examination.
4.3.4 Do not obtain a sample covertly or use an existing sample, test result or other information obtained through a medical examination for a purpose other than that for which it was originally obtained.
Key points and possible actions
- Be clear about the purpose(s) for which any testing is being carried out and communicate this to workers.
- The covert obtaining of bodily samples for testing is most unlikely ever to be justified.
- If there is a wish to carry out a different test on an existing sample, this can only be done if the worker has been told about it and has freely consented.
4.3.5 Permanently delete information obtained in the course of medical examination or testing that is not relevant for the purpose(s) for which the examination or testing is undertaken.
Key points and possible actions
- Health information that is excessive, irrelevant or out of date should not be retained by an employer.
- If the retention of medical information is necessary only for the operation of an occupational health service, it should be kept in a confidential occupational health file.
4.4 Information from drug and alcohol testing
This part of the Code gives good practice recommendations specific to the collection and handling of information derived from drug and alcohol testing. The recommendations in sub-sections 4.1 and 4.3 should also be taken into account.
4.4.1 Before obtaining information through drug or alcohol testing ensure that the benefits justify any adverse impact, unless the testing is required by law.
Key points and possible actions
- The collection of information through drug and alcohol testing is unlikely to be justified unless it is for health and safety reasons.
- Post-incident testing where there is a reasonable suspicion that drug or alcohol use is a factor is more likely to be justified than random testing.
- Given the intrusive nature of testing employers would be well advised to undertake and document an impact assessment.
See here for information about how to carry out an impact assessment.
4.4.2 Minimise the amount of personal information obtained through drug and alcohol testing.
Key points and possible actions
- Only use drug or alcohol testing where it provides significantly better evidence of impairment than other less intrusive means.
- Use the least intrusive forms of testing practicable to deliver the benefits to the business that the testing is intended to bring.
- Tell workers what drugs they are being tested for.
- Base any testing on reliable scientific evidence of the effect of particular substances on workers.
- Limit testing to those substances and the extent of exposure that will have a significant bearing on the purpose(s) for which the testing is conducted.
4.4.3 Ensure the criteria used for selecting workers for testing are justified, properly documented, adhered to and are communicated to workers.
Key points and possible actions
- It is unfair and deceptive to lead workers to believe that testing is being carried out randomly if, in fact, other criteria are being used.
- If random testing is to be used, ensure that it is carried out in a genuinely random way.
- If other criteria are used to trigger testing, for example suspicion that a worker’s performance is impaired as a result of drug or alcohol use, the employer should ensure workers are aware of the true criteria that are used.
4.4.4 Confine the obtaining of information through random testing to those workers who are employed to work in safety critical activities.
Key points and possible actions
- Collecting personal information by testing all workers in a business will not be justified if in fact it is only workers engaged in particular activities that pose a risk.
- Even in safety-critical businesses such as public transport or heavy industry, workers in different jobs will pose different safety risks. Therefore collecting information through the random testing of all workers will rarely be justified.
4.4.5 Gather information through testing designed to ensure safety at work rather than to reveal the illegal use of substances in a worker’s private life.
Key points and possible actions
- Very few employers will be justified in testing to detect illegal use rather than on safety grounds. Testing to detect illegal use may, exceptionally, be justified where illegal use would:
- breach the worker’s contract of employment, conditions of employment or disciplinary rules, and
- cause serious damage to the employer’s business, e.g. by substantially undermining public confidence in the integrity of a law enforcement agency.
4.4.6 Ensure that workers are fully aware that drug or alcohol testing is taking place, and of the possible consequences of being tested.
Key points and possible actions
- Explain your drug or alcohol policy in a staff handbook.
- Explain the consequences for workers of breaching the policy.
- Ensure workers are aware of the blood-alcohol level at which they may be disciplined when being tested for alcohol.
- Do not conduct testing on samples collected without the worker’s knowledge.
4.4.7 Ensure that information is only obtained through drug and alcohol testing that is;
- of sufficient technical quality to support any decisions or opinions that are derived from it and,
- subject to rigorous integrity and quality control procedures and,
- conducted under the direction of, and positive test results interpreted by, a person who is suitably qualified and competent in the field of drug testing.
Key points and possible actions
- Use a professional service with qualified staff and that meets appropriate standards.
- Ensure workers have access to a duplicate of any sample taken to enable them to have it independently analysed as a check on the accuracy of the employer’s results.
- Do not assume that the tests are infallible and be prepared to deal properly with disputes arising from their use.
4.5 Information from genetic testing
Genetic testing has the potential to provide employers with information predictive of the likely future general health of workers or with information about their genetic susceptibility to occupational diseases. Genetic testing is, though, still under development and in most cases has an uncertain predictive value. It is rarely, if ever, used in the employment context. The Human Genetics Commission advises that employers should not demand that an individual take a genetic test as a condition of employment. It should therefore only be introduced after very careful consideration, if at all. This sub-section supplements sub-sections 4.1 and 4.3.
4.5.1 Do not use genetic testing in an effort to obtain information that is predictive of a worker’s future general health.
Key points and possible actions
- Obtaining information through genetic testing is too intrusive and the information’s predictive value is insufficiently certain to be relied on to provide information about a worker’s future health.
4.5.2 Do not insist that a worker discloses the results of a previous genetic test.
Key points and possible actions
- It is important that workers are not put off taking genetic tests that may be beneficial for their health care by the fear that they may have to disclose the results to a current or future employer.
- You can ask for information that is relevant to your health and safety or other legal duties but the provision of the information should be voluntary.
4.5.3 Only use genetic testing to obtain information where it is clear that a worker with a particular, detectable genetic condition is likely to pose a serious safety risk to others or where it is known that a specific working environment or practice might pose specific risks to workers with particular genetic variations.
Key points and possible actions
- Only seek information through genetic testing as a last resort, where:
- it is not practicable to make changes to the working environment or practices so as to reduce risks to all workers and
- it is the only reasonable method to obtain the required information.
- Inform the Human Genetics Commission of any proposals to use genetic testing for employment purposes.
4.5.4 If a genetic test is used to obtain information for employment purposes ensure that it is valid and is subject to assured levels of accuracy and reliability.
Key points and possible actions
- There should be scientific evidence that any genetic test is valid for the purpose for which it is used.
- Ensure the results of any test undertaken are always communicated to the person tested and professional advice is available.
- Ensure test results are carefully interpreted, taking account of how they might be affected by environmental conditions.