The same principles of consent and confidentiality that would apply in any health setting apply in any occupational health service. There is further advice from the Information Commissioner’s Office.
You may only disclose an employee’s OH records to management with their informed consent. If consent is given orally then this should be recorded in the patient record. All nurses should adhere to the NMC code.
You should only disclose a patient’s records to the police or a solicitor with their written consent, or with a court order. If the solicitors for the employer want access to confidential health information about the employee, then they should ordinarily either obtain the employee’s consent, or seek an order from the tribunal or court requiring disclosure of the OH records. In asking for confidential health information on an employee, this is considered good occupational health practice. However, to proceed without either consent or a court or tribunal order may be permissible under the Data Protection Act so long as the disclosure is necessary for the purpose of legal proceedings or for the employer to obtain legal advice. For more information about the Data Protection Act see below.
Providing access to OH records to other health care staff is only appropriate in order to contribute to the occupational health care of a patient, otherwise the employee would need to give their explicit consent.
Where there are significant concerns about an employee’s welfare, for example if a patient with severe depression discloses suicidal intent. The information should be disclosed to others such as the GP and the patient informed that you will be breeching consent.
All patients have a right to access their records in accordance with the data protection act. The exceptions to this are unlikely to apply in the OH setting.
Nobody has an automatic right to access the records of a deceased employee. Each request should be considered carefully and reasons why a person may have a right of access clearly established. It is worth noting that the legal next of kin may not be obvious (for example an estranged spouse).
Employees can bring a companion to an appointment provided they are only present to provide emotional support to the patient and not speak or act on their behalf.
It is best to lay out the ground rules at the start of the consultation and if the companion disrupts an effective nurse patient dialogue they should politely be asked to leave.
Patients do not have the right to record their appointments and must inform you if they are intending to. It is up to the individual nurse whether or not to consent to this.
If a patient requires their records to be altered reflect changes in their personal details, such as a gender reassignment or name changed by deed poll, it is best to seek legal advice before updating their records.
As an OH nurse in the workplace you may be asked by another employee, such as a Health and Safety manager, to see a patient’s OH records or report. It is ok for the reports to go to the H&S manager with the patients consent as long as they are the addressee. If the member of staff wants to send an interpretation of the report then that should go from them, not you as the OH nurse.
The lead clinician for the service (doctor or nurse) must ensure custody of the records is passed on to an appropriate alternative clinician or arrange for their destruction.
Records should be securely archived under the responsibility of a relevant clinician or transferred to the new OH provider with the agreement of the recipient provider.
If a new contractor takes over an OH service, there is not normally a need for employees to provide individual consent for their records to be accessed.
For some records such as ionising radiation and COSHH the period of retention is laid down in legislation. Otherwise the duration of retention should be identified in a data protection policy or procedure.
This is commonplace and is permitted as long as the auditor has signed a confidentiality agreement.
There is guidance on this: FOM guidance on ethics, which can be purchased from the FOM.
Patient data can only be sent by email if it is encrypted or via a secure system such as nhs.net.
If someone has sent you records that they should not have sent they should be returned or destroyed. There may be in some cases cause to refer to the information commissioner.