arrow_up-blue blog branches consultations events facebook-icon facebook-icon2 factsheet forum-icon forum hands key link location lock mail measure menu_plus news pdf pdf2 phone policies publications related search share subjectguide twitter-icon word instagram-icon youtube-icon

Good record keeping and appropriate disclosure in occupational health nursing

This page includes guidance on occupational health records; patient confidentiality and disclosure and informed consent.

Consent and confidentiality

The same principles of consent and confidentiality that would apply in any health setting apply in any occupational health service. There is further advice from the Information Commissioner’s Office.

You may only disclose an employee’s OH records to management with their informed consent. If consent is given orally then this should be recorded in the patient record. All nurses should adhere to the NMC code.

You should only disclose a patient’s records to the police or a solicitor with their written consent, or with a court order. If the solicitors for the employer want access to confidential health information about the employee, then they should ordinarily either obtain the employee’s consent, or seek an order from the tribunal or court requiring disclosure of the OH records. In asking for confidential health information on an employee, this is considered good occupational health practice. However, to proceed without either consent or a court or tribunal order may be permissible under the Data Protection Act so long as the disclosure is necessary for the purpose of legal proceedings or for the employer to obtain legal advice. For more information about the Data Protection Act see below.

If there is any doubt you should contact your employer’s lawyer. Further information is available from the Faculty of Occupational Medicine (FOM) and the Health and Safety Executive (HSE).  

Providing access to OH records to other health care staff is only appropriate in order to contribute to the occupational health care of a patient, otherwise the employee would need to give their explicit consent.

Where there are significant concerns about an employee’s welfare, for example if a patient with severe depression discloses suicidal intent. The information should be disclosed to others such as the GP and the patient informed that you will be breeching consent.

Access to records

All patients have a right to access their records in accordance with the data protection act. The exceptions to this are unlikely to apply in the OH setting.

Deceased employees

Nobody has an automatic right to access the records of a deceased employee. Each request should be considered carefully and reasons why a person may have a right of access clearly established. It is worth noting that the legal next of kin may not be obvious (for example an estranged spouse).

Bringing a companion to an appointment

Employees can bring a companion to an appointment provided they are only present to provide emotional support to the patient and not speak or act on their behalf.

It is best to lay out the ground rules at the start of the consultation and if the companion disrupts an effective nurse patient dialogue they should politely be asked to leave.

Recording of OH appointments

Patients do not have the right to record their appointments and must inform you if they are intending to. It is up to the individual nurse whether or not to consent to this.

Change of details

If a patient requires their records to be altered reflect changes in their personal details, such as a gender reassignment or name changed by deed poll, it is best to seek legal advice before updating their records.

Access to/revision of reports or records by other members of staff

As an OH nurse in the workplace you may be asked by another employee, such as a Health and Safety manager, to see a patient’s OH records or report. It is ok for the reports to go to the H&S manager with the patients consent as long as they are the addressee. If the member of staff wants to send an interpretation of the report then that should go from them, not you as the OH nurse.

Management and storage of occupational health records

Management of patient records when an OH service is closed

The lead clinician for the service (doctor or nurse) must ensure custody of the records is passed on to an appropriate alternative clinician or arrange for their destruction.

Management of patient records when an OH service is transferred to another provider

Records should be securely archived under the responsibility of a relevant clinician or transferred to the new OH provider with the agreement of the recipient provider. 

If a new contractor takes over an OH service, there is not normally a need for employees to provide individual consent for their records to be accessed.

Time limits for storing OH records

For some records such as ionising radiation and COSHH the period of retention is laid down in legislation. Otherwise the duration of retention should be identified in a data protection policy or procedure.

Auditing of OH clinical records by non-clinicians

This is commonplace and is permitted as long as the auditor has signed a confidentiality agreement.

There is guidance on this: FOM guidance on ethics, which can be purchased from the FOM.

Sending and receiving of records


Patient data can only be sent by email if it is encrypted or via a secure system such as

Records sent by mistake

If someone has sent you records that they should not have sent they should be returned or destroyed. There may be in some cases cause to refer to the information commissioner.

Useful resources

From the RCN

Other resources