Data Protection and Privacy Notice

Data Protection and Privacy Notice


Peritus Health Management is committed to provide safe and effective occupational health services. During the course of our business, we process a significant amount of personal and special category data. We will ensure that all data will be processed in accordance with the requirements of the General Data Protection Regulation and other relevant legal and professional guidance. We want our staff and service users to be confident that the data is being handled responsibly and securely. For full details of our arrangements for Information Governance is available on our website: here.

What information do we collect about you?

You have been referred to Peritus Health Management by your employer to undertake an assessment of your health in relation to your job and/or your workplace exposures. This is part of their statutory duty of care towards you and may form part of your employer’s health and safety management system and equality strategy. You do not have to consent to participating with this referral but if you do not, any decisions that your employer may need to take, will be taken based on the information already available. For health surveillance activities, this may also be a breach of your responsibilities as an employee under the Health and Safety at Work etc Act and statutory regulations made thereunder.

Our employees are nurses and doctors and other health professionals with special qualifications and training in the effects of health on work and work on health (occupational health). Sometimes we will ask with your consent for further medical information or guidance from your own GP or specialist or an independent specialist.

During the assessment, you will be asked questions about your health or medical issues, treatments and impact on your activities of daily living and, if appropriate to the reason for your referral, we may undertake some tests e.g. blood pressure, vision, hearing or breathing tests. The Occupational Health professional conducting the assessment is required to take clinical notes of the assessment. These notes will be kept confidential*.

You will have the opportunity to discuss any concerns that you have about your health and we will do what we can to help. It is sometimes helpful if you able to bring details of any medications you are taking, healthcare professionals you are seeing, or consultation summary letters in case you wish to refer to this information.

How will we use that information?

The information collected during the assessment is used to make a clinical assessment of your fitness to work, your work capability, early signs of health issues, and/or whether there are any health and safety concerns relating to your health at work.

Following your assessment, the Occupational Health professional will produce a report giving an outcome of the assessments or test(s). This information is intended to be used by management to review your fitness for work and assess your entitlement to sick pay; consider any adjustments or restrictions that need to be in place for your safety or wellbeing purposes or to promote your optimum potential; and/or to determine whether there are any health and safety concerns relating to your exposures at work, the way you work and/or the control measures employed that need to be addressed.

Advice given in the report is usually expressed in terms of fitness to work but may include some medical information where this illustrates the fitness to work decisions. Openness in many cases can result in a greater understanding and support for you, however your consent will be required to release this medical information to management and the Occupational Health professional will discuss the implications of the report with you before asking for your written consent to release the medical information to your employer. We will not release medical information to your employer without your consent to do so but will report in the terms of fitness to work*

We may also use the information to arrange any further appointments, to support an application for ill health retirement, to ensure follow-up healthcare with another health care professional, to contact you further in relation to the nature of the referral or its outcomes, or for clinical supervision and quality audit.

Details of the service provided to you, but not clinical information, will be used for internal invoicing purposes, shared with your employer’s representative but not shared with your employer’s finance department.

The information may also be used for customer surveys; however, you are required to opt into this processing purpose.

We will not use your information for marketing or share it with others without your knowledge or consent*.

*It should be noted that the Occupational Health team does have a professional and ethical responsibility to act on information where there is a risk to others identified during the assessment. This may involve discussions with third parties such as your employer, your health care provider, or regulatory bodies such as DVLA. Information shared with your employer will be in the terms of fitness to work only. You will be advised of this.

Consent to release medical information

As health professionals, we will fulfil our professional duty of confidentiality as required by the common law and the ethical duties of our professions. Your legal rights and their implications are given below:

  1. You are free to decide to withhold your consent for the release of medical information in your occupational health or health surveillance report. Occupational Health is, however, sometimes unable assist you and your employer with the identification of steps that can be taken to help you at work without this further information and your employer is entitled to make a decision regarding your future employment based on the information that they have if you refuse consent to provide medical information.
  2. You are entitled to ask us to amend the report should you consider it to be factually inaccurate before sending it to your employer. However, the report gives the opinion of the Occupational Health Professional in relation to the management questions and cannot be edited to give your opinion or that of your relatives/advisers, though it may record your disagreement with the professional’s opinion. If you wish for additional information to be provided to your employer, you are able to contact them yourself directly.
  3. If you refuse to consent to release the report, Peritus Health Management will advise your employer that consent to release the report has not been provided. A basic report on your fitness to work status, without detail may be provided to you and your employer and your employer is entitled to make a decision based on the information in their domain. The absence of detailed occupational health information could disadvantage any rehabilitation planning or negotiations with your employer.

Sharing Information

If we identify concerns about your health, we may with your consent refer our concerns to another health care professional, such as a Consultant Occupational Physician or Clinical Supervisor, for guidance. The information will be managed as confidential medical/sensitive data in accordance with legal and medical professional guidance.

If we identify concerns about your health that need further investigation through the NHS, we may recommend that the information gained is shared with your consent with your GP to support this process. You will be informed that this is happening and the reasons for the concerns.

You will be made aware of the contents of the feedback reports and we will request your consent to release any medical information within the report*.

Security Information

Your records will be kept confidential and stored electronically with appropriate access restrictions and security, but they may need to be accessed by our IT Consultant or data processors for the purpose of processing or maintaining the system on a strictly confidential basis.

Access to your information and correction

You have the right to request a copy of the information that we hold about you. We want to make sure that your personal information is accurate and up to date. You may ask us to correct any statement of fact you think is inaccurate, but not an expression of opinion unless based on inaccurate facts.

To protect you from serious physical or mental harm when reading your records, your Occupational Health Professional may withhold information if they consider it could be harmful to you. This is very rare.

You are able to gain a copy of your occupational health records free of charge by applying in writing directly to the Data Protection Officer at Peritus Health Management at the email or address below, confirming your name, date of birth and current address and providing evidence of your identity and address, such as a utility bill or driving licence. This additional information will be retained with details of the access request for up to 6 years in case we need to refer to it for legal purposes. A form is available from Peritus Health Management’s Data Protection Officer that allows your employer to confirm your details and identity if you do not wish to provide additional documentation.

Retention Periods

The retention period of occupational health records will depend on the type of assessment undertaken. Health records relating to health surveillance for exposure to noise, vibration or substances hazardous to health must be kept for 40 years from the date of last entry in accordance with legal requirements. These will not contain clinical information and will be stored by your employer and not Peritus Health Management. Health records relating to exposure to lead or asbestos must be stored for 50 years from the date of last entry in accordance with legal requirements. Health records relating to exposure to ionising radiations must be stored for 30 years from the date of the last entry. Clinical records of health surveillance procedures and those relating to fitness to work assessments not containing any health surveillance information will be stored for up to 10 years following date of leaving employment and then erased unless there is a reason for retaining them such as a legal claim, HSE guidance or a research project. You do not have the right to request that these records are deleted before the retention period identified above as we may need to rely on this information for the defence of a legal claim.

Any further questions

If you have any questions relating to this process, please contact the Data Protection Officer on dpo@peritushealth.com and put in the title box, FAO Data Protection Officer. Please identify how you would like use to contact you in the main body of the text and the nature of your enquiry.


Published date: 18th May 2018

Last revision: 18th July 2019

Taking care of your workforce

Reduce sickness absence + Identify and take control of your health risks