Occupational Health privacy notice

Information you need to know

The Occupational Health Team is part of Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is a Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk

LJMU takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.

The Occupational Health Unit also adheres to the data protection principles set by The General Medical Council, Faculty of Occupational Medicine and The Nursing and Midwifery Council.

What information are we collecting?

  • Personal information, e.g. name, address, date of birth, phone number.
  • National Insurance numbers for health surveillance purposes.
  • Contact details e.g. telephone and personal email.
  • GP and/or specialist contact details.
  • Past and present job roles.
  • Health information that would be classed as ‘special category data’.
  • Details of medical investigations and biological testing.

Why are we collecting your data and what is the legal basis for this?

We collect personal data to securely identify you and for several reasons:

If you are a student we may collect it:

  • to assess your fitness to train for a professional course (including Adult Nurse/Mental Health nurse/Paramedic/Midwife/Social work/Child nursing/BML/Teaching/Pharmacy)
  • to provide Research Passport/Pre NHS Clinical Placements/Fieldtrips assessments
  • to assess your fitness to study at LJMU (where you are referred to us via Tutors or Student Governance
  • to provide advice on adjustments to accommodate a disability or health condition

If you are a member of staff we may collect it:

  • to assess your fitness for travel appointments/fieldtrips
  • to assess your fitness for employment
  • to provide advice on adjustments to accommodate a disability or health condition

We are processing your data on the following Lawful Basis:

  • It is necessary to process your health data in order to enable you to comply with your contract of employment.
  • To comply with our employment law obligations.
  • It is necessary to enable the University to comply with legal obligations under the Health and Safety at Work etc Act 1974, to protect your health and safety at work as far as is reasonably practicable.

To process special categories data we rely on additional legal grounds:

  • It is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
  • Your explicit consent.
  • It is necessary to comply with our legal obligations.
  • It is necessary to protect your vital interests or the vital interests of another person.

Who has access to this data?

Our service is medically confidential. The medical records are securely stored and are only accessible to members of the Occupational Health Team.

The Occupational Health Team consists of nurses, admin staff and an OH Physician. The OH Physician is supplied to the University by a third party partner: Healthwork Ltd. All student and employee information is kept on our system and third party Physician only accesses that information when working on our premises to provide you with the occupational health service.

No information is shared with any other third party, including the person's General Practitioner (GP) without your express consent.

Reports to management concerning an individual’s fitness for work (or to Programme Leaders for students requiring adjustments) will always be discussed and agreed with the individual concerned prior to sending the report.

Information on your fitness to work is shared with your referring HR manager who will share it with line management and HR with your consent. Reports will be discussed with you and agreed prior to sending the report. However, where withholding this information could impact on your health and safety and the health and safety of others, information on your fitness to work will be provided to management and to HR without your consent.

In cases where we are unable to gain your consent, or where your consent is withheld and we need to share information anyway, you will always be informed.

Anonymised statistical data is shared with senior members of the University to help us to plan the service and monitor health trends in the workplace.

How does the University protect your data?

The University takes Data Protection very seriously. We protect your personal data by ensuring that we have appropriate organisational and security measures in place and at all times your personal data will be handled in line with the University’s Information Security Policy and IT Conditions of Use.

All Occupational Health staff adhere to a strict code of confidentiality of all consultations, telephone contact and the maintenance of medical records.

For how long does the University keep your data?

We only keep your information for as long as it is reasonably necessary and in accordance with our Records Retention Policy.

Staff and student referrals data will be held for six years after the end of your relationship with LJMU.

We also take into account our legal obligations to keep or securely dispose of personal information. For example, we are required to keep health surveillance records for 40 years under The Control of Substances Hazardous to Health Regulations.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request, this could be in a portable electronic format
  • require the University to change incorrect or incomplete data if you think that it is inaccurate or out of date
  • require the University to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing
  • if your personal data has been provided by consent, you have a right to withdraw that consent at any time

If you would like to exercise any of these rights, please contact the Data Protection Officer DPO@ljmu.ac.uk

What if you do not provide data?

If you do not provide the data that we need then we may not be able to provide you with occupational health services. If we have asked for your consent, it may be withdrawn at any stage of the process.

If you are a member of staff and you withdraw your consent to give information to the referring managers, then the referring managers will be informed that consent has been withdrawn and management will have to act on whatever information is available to them.

A copy of the report is retained clearly marked that consent has been withdrawn and that it has not been and will not be released.

Transfers of data outside the UK

Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a university based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).

Automated decision making

We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human.

How to complain to the Information Commissioner’s Office?

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted:

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
Telephone: 0303 123 1113.
Email: contact can be made by accessing www.ico.org.uk