Ethics Guidance for Occupational Health Practice 9th Edition - Book - Page 37
In occupational health practice the healthcare professional may be acting on
behalf of a third party, such as an employer, but is still dependent on the worker
being willing to disclose information. Workers will only make such disclosures
if they have confidence that their privacy will be maintained.
3.06. Challenges can arise if employers do not fully understand what information they
can expect to receive or what will remain confidential. It is prudent to clarify
these matters before work begins. Widely sharing occupational health policies
on confidentiality and information disclosure helps build trust and ensures a
better understanding of the professional and ethical standards in place.
Occupational health professionals are advised to obtain a written commitment
from the employer that their ethical obligations will be respected. Regular
meetings with both employers and workers’ representatives to discuss
occupational health services can further foster mutual understanding.
3.07. The ethical duties prescribed by professional bodies, such as the General
Medical Council (GMC), the Nursing and Midwifery Council (NMC) and the
Health and Care Professions Council (HCPC), apply to occupational health
professionals in the same way as they do to those in other specialties. The
common law duty of confidentiality will also apply.
3.08. Regulatory authorities such as the Care Quality Commission (CQC), GMC, NMC,
General Dental Council (GDC), HCPC and the General Pharmaceutical Council
(GPhC) have duties to protect the public from risks due to the health of
regulated professionals. In some circumstances, they have statutory powers to
require the release of clinical information, even in the absence of patient
consent, and there are moral obligations to minimise risk to the public.
Occupational health professionals may wish to seek advice from their
professional or indemnity body when such circumstances arise.
Data Protection
3.09. The UK GDPR 21 governs the processing of all kinds of identifiable personal data,
including health records, in the European Union and the UK. On 28th June 2021,
the EU Commission found the UK’s legislation to be adequate under the EU
GDPR and the EU Law Enforcement Directive. This means that most data can
continue to flow to and from the UK and the EU and the EEA
without additional safeguards.
Page | 36
