Ethics Guidance for Occupational Health Practice 9th Edition - Book - Page 59
Disclosure of information to others
3.99. The consent of the worker should be obtained before sensitive personal
information is disclosed to others, whether professionally qualified or not,
including solicitors, insurers and their agents, employers or trade union
representatives. Consent should also be sought when disclosure is requested
by the enforcement authorities, including the Health and Safety Executive
(HSE), except when disclosure is ordered by a judge or presiding officer of a
court or tribunal, including a coroner.
Disclosure to auditors
3.100. Increasing focus on quality improvement and compliance with accreditation
standards may lead to requests from internal or external auditors to access
clinical records.
3.101. It is not ethical for occupational health staff to permit external auditors to
access identifiable clinical records without the explicit consent of the worker
concerned. Workers should be informed that their data may be used for audit
purposes, and auditors must adhere to appropriate standards of confidentiality
and information governance. Wherever possible, data should be anonymised
or coded before being shared. Where external auditors require access to full
clinical records or non-anonymised information, they must first obtain consent
from the individual.
3.102. Where members of the occupational health team review their own or
colleagues’
cases
the additional consent
from
workers
is
not
ordinarily required. However, it remains good practice to remove names and
other identifying details from records used in internal audit
whenever practicable.
Solicitors
3.103. Solicitors act on behalf of their clients, but it remains good ethical practice to
obtain consent from the client for disclosure of records. It may not always be
clear whether a solicitor is acting on behalf of a worker or another party, and it
is imprudent to rely exclusively on consent provided by others.
Page | 58
