The ICO has issued guidance on managing workers’ health data in accordance with data protection law. The guidance is divided into two parts. The first part is an overview of how data protection relates to workers’ health data. The second part covers common examples of employment practices where health data is processed. i.e.:
- How to handle sickness and injury records.
- Occupational health schemes.
- Medical examinations, drugs and alcohol testing and genetic testing.
- Health monitoring.
- When workers’ health information can be shared.
There are also checklists to complement the examples.
The ICO has acknowledged that working relationships have evolved and so the guidance does not only cover employer/employee relationships but is aimed at “all circumstances where there is an employment relationship or otherwise a relationship between an organisation and a person who performs work for the organisation, regardless of the nature of the contract.”
You can read the guidance in full here.
If you would like any assistance in relation to processing health data in an employment/work context or advice on how the guidance might affect your organisation, please get in touch with your usual contact, or email email@example.com