What information we hold
Ad Hoc Occupational Health Limited keeps records that include personal information about its clients and patients. The information we hold about you is kept to a minimum and details only what is required to allow us to carry out health assessments and maintain adequate records required by the General Medical Council and other authorities.
We may hold the following information about you:
- Details about you such as your name, telephone number(s), e-mail and/or address;
- Details of your employer and job (if relevant);
- Details of your general practitioner (if relevant);
- Details including medical history, medication and clinical observations of any medicals or health assessments that we carry out;
- Information from other bodies such as your employer, general practitioner or other professionals where this has been provided to enable assessments to be made of your medical fitness or any appropriate adaptations to your employment.
Why we hold your personal information
Ad Hoc Occupational Health Limited clinical staff maintain personal information about you to meet statutory requirements and guidelines, and to enable us to keep an accurate record of contacts that we have had with you for medical or other health assessments. Maintaining health and occupational health data is included in one of the conditions for processing special category data.
Legislation requires certain occupational health records to be kept for periods of up to 10 years, 40 years in some cases. The Private and Voluntary Health Care (England) Regulations 2001, Schedule 3, lays down minimum periods for the retention of private records which for our purposes, is at least 8 years from the date of the last entry.
Maintaining confidentiality of you records
Our medical records are kept in data centres compliant with the most widely-accepted security and privacy standards and regulations in the world, such as the ISO 27001 (a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes), and ISO 27018 (the internationally recognised standard for leading practices in cloud privacy and data protection) accreditation standards.
We do not share information we hold about you with any other organisations without your expressed consent. Very rarely we may need to override this, following General Medical Council guidance where there is a legal requirement, e.g. a court order, or significant risk to others, e.g. in the public interest, but we would normally seek your consent to do this first.
Access to personal information
You have a right to request access, to view or to obtain copies of what information we hold about you and to have it amended should it be inaccurate. You may also request that information is deleted, but there are some circumstances where we are required to keep records so will not be able to comply with this. You can request this information using any of the contact details below.
We will respond to your request within 30 days. We may need to request additional information to establish your identity including date of birth, address, and any contact details that we hold to ensure that others are not trying to access your data.
If you have any concerns about the data we hold about you or how we use and process it, please contact our data protection officer in the first instance (see contact details). If you are still not satisfied you may contact the Information Commissioner’s Office.
Ad Hoc Occupational Health Limited is registered with the ICO (registration number ZA086635).
|Write to us at:||82 King Street, Manchester, M2 4WQ|
|E-mail us at:||firstname.lastname@example.org|
|Call us on:||0161 302 0406|
|Name of data protection officer:||Nic Lee|
|Information Commissioner:||0303 123 1113 https://ico.org.uk/concerns/|