Ethics Guidance for Occupational Health Practice 9th Edition - Book - Page 44
3.38. Unlike the employer-held health record documenting the outcomes of statutory
health surveillance, clinical records are not required to be kept for 30 or 40
years. Exceptions may arise where longer retention is justified—for example,
where records may be needed to support a potential legal claim or to allow
comparison of screening results as part of ongoing statutory health
surveillance.
Request to delete records
3.39. The UK GDPR gives data subjects the right to be forgotten in some
circumstances, and there are increasingly requests to occupational health
to delete all or part of the occupational health record. Health records should
not be deleted as long as they are kept for no longer than is necessary for the
purposes for which they are processed. The right to erasure conferred by Article
17 of the UK GDPR is subject to exceptions, including where the controller is
subject to a legal obligation (for example statutory health surveillance), for
reasons of public interest in the area of public health (for example a record of a
communicable disease) and where retention is necessary for the establishment,
exercise or defence of legal claims.
3.40. If a data subject challenges the accuracy of information, factual errors may be
corrected, but professional opinions cannot be altered. A statement from the
data subject may be added to the record to reflect their challenge. If, for
example, there has been an incorrect diagnosis, that should be retained with
an additional note that it is now found to be wrong if it is necessary to preserve
it in the record in order to explain subsequent treatment.
Destruction of records including electronic data
3.41. Paper records must be destroyed effectively (e.g. shredding or pulverisation)
and not disposed of in normal waste. Occupational health professionals should
ensure that appropriate standards for confidentiality are stipulated to any
external provider undertaking the work. Similarly, when electronic data is
destroyed, expert advice should be sought to ensure destruction is effective
and adequate safeguards with respect to confidentiality are applied. Simple
deletion of files is insufficient, and the occupational health service must seek
expert IT advice to ensure that records are destroyed.
Page | 43
