University of Glasgow - MyGlasgow - Occupational Health Unit - About us

Confidentiality and Medical Records

How we process, manage, and protect medical information

Occupational health is committed to maintaining the privacy, dignity and confidentiality of service users at all times. Occupational health adheres to the principles of data protection legislation, the General medical Council and Nursing and Midwifery Codes of Practice and Confidentiality.

All staff working in occupational health work to a strict code of ethics concerning the confidentiality of appointments, contact information and medical records. All staff, both clinical and non-clinical, cannot and will not disclose medical information of employees in their care to any third party, including the person’s general practitioner (GP) without the persons informed consent in writing.
Occupational health will provide advice and guidance to the University and its departments without breaching medical confidentiality. This information should be treated by the recipients as sensitive personal data in respect of the UK General Data Protection Regulations (UK GDPR) and related to UK data protection legislation. Further information is available from Data Protection and Freedom of Information Office.

Liaison with Others

Personal information conveyed to occupational health will not be disclosed to anyone without your explicit and informed consent (other than in exceptional circumstances as outlined below). By law, occupational health are required to provide an outcome for any health surveillance assessment to the relevant designated person in the work area; this is usually limited to a recommendation relating to fitness to continue with the usual work. If there is evidence of a medical condition arising from work activities, occupational health shall discuss this with you and seek your consent to provide information and advice to your manager about the next steps to protect your health at work.

Limitations to confidentiality

Occupational health can only release information without your consent in very rare, exceptional circumstances – these are:

Instruction to disclose by a court order.
If disclosure is necessary to prevent the exposure of you or others to a risk of death or serious harm; in these cases, we shall continue to work with you and keen you informed -only the minimum information shall be disclosed.

How Occupational Health manage the information you share with us

Occupational health keeps both electronic and paper clinical records of the information you provide to us, these are only accessible to occupational health staff. All personal and sensitive data that we hold is processed according to the requirements of the Data Protection Act and UK GDPR legislation 2018.

Occupational health collects anonymised statistical information for audit, evaluation, and freedom of information purposes only.

UK General Data Protection Regulation (UK GDPR)

Medical data that occupational health collects, stores and shares (with individuals’ consent) is classed as special category data under UK GDPR and is subject to specific processing conditions. Occupational health uses your personal information to allow us to advise and support you in accordance with your requirements and the consent provided.

Accessing medical records held by occupational health

Individuals have the right to request and obtain confirmation as to whether occupational health hold any personal data which concerns them.

If personal data is held by occupational health, individuals then have the additional rights to access that data and be provided with a copy of that data. To request data, please contact ohu@admin.gla.ac.uk

Correcting incorrect data held by Occupational health

Occupational health is obliged to ensure, as much as is reasonable, that the data it holds on individuals is accurate and up-to-date, this also relies on information held by HR being up to date if an individual’s personal details or medical condition change. Occupational health asks that the individual informs them of any changes as soon as possible.

Individuals also have the right to ask occupational health to correct their data if they believe it to be incorrect, incomplete, or inaccurate. This can be done by emailing ohu@admin.gla.ac.uk detailing any changes that you believe need to be made. Depending on the nature of the changes, occupational health may have to contact you to discuss further.

Right to erasure

Individuals have the right to request that the data held on them by occupational health is deleted – this is sometimes referred to as the ‘right to be forgotten’.

It is important to note that this is not an absolute right, meaning that other rights and legal duties must be safeguarded e.g. fulfilling an employer’s legal obligation to protect the health and safety of its employees as set out in the Health and Safety at Work Act 1974 and where the individual has been subjected to health surveillance assessments under specific Health and Safety Executive legislation. The Information Commissioner’s Office website provides more details on when this right can be applied.

Medical records retention schedules

Your Occupational Health records will be stored by Occupational Health for as long as you are an employee or student with the University of Glasgow plus 6 years. However, where there is health surveillance assessments under ‘Control of Substances Hazardous to Health’ (COSHH) or any other Health and Safety Executive (HSE) legislations for health surveillance – e.g. noise, radiation – the medical records specific to relevant legislation will be kept for a minimum of 40 years and in line with retention schedules set out within the HSE regulations. Occupational health notes and any results that accompany these tests should be kept for the same period.

We use cookies

Necessary cookies

Analytics cookies

Clarity