fbpx

Privacy Statement

1. What is Insync Corporate Healthcare Ltd (ICH)?

We are an independent occupational health provider.  Occupational health is a specialist branch of medicine focused on maintaining health and wellbeing in the workplace. Occupational health specialists (nurses and doctors) are trained to provide advice on work-related illnesses and accidents, fitness for work including pre-placement screening and assessing employees for fitness for work after a period of sickness absence.  They also can provide health surveillance to help monitor wellness in the workplace, together with general advice on health and wellbeing, stress at work and ill health retirement. We are registered with the ICO under Z1316149.

Further information about us can be found at www.insynchealth.co.uk

2. Why do we process personal data?

Our occupational health specialists give advice to organisations on all aspects of occupational health.

3. What information do we process?

Organisations or other occupational health providers pass us information about workers so that we can arrange appointments and undertake relevant assessments.  The information we are given may include names, addresses, national insurance numbers, employment details and telephone and email contacts.  We need to make sure that our assessments are undertaken with the right person and will ask individuals to confirm some of the details we have been given and may request further evidence to confirm identity, such as photographic evidence, if so copies will be added to the occupational health record. 

We are the data “Controller” of the personal data provided to us.

4. What information is released?

The workers formal consent is required to provide any information to an employer or third party. The occupational health specialist will discuss the outcome of the assessment and the information that they aim to send to the employer/third party so that the worker can make an informed decision regarding the release of information.

5. Are we allowed to do this?

We have identified our lawful use of such data under under Article 6 (1 (f) (“Legitimate Interests”) and the special category condition is Article 9 (2) (h) (“Health – including occupational medicine”) of the UK GDPR. The specific condition we meet to process special category data is processing “necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”.

6. Is the information discussed at the appointment confidential?

Under the common law of confidentiality information shared with us will not be passed to any third party without the workers consent unless where we are required to by law or if it is in the public interest

All information given to us is kept securely and maintained in accordance with the data protection legislation1, and guidance produced by the General Medical Council and the Faculty of Occupational Medicine concerning confidentiality and privacy. 

It will only be accessed by ICH’s staff and clinical team for the purpose of providing occupational health services. At the end of our contract with the employer/organisation, workers will be informed of the new provider of occupational health services and the method for transfer of occupational health records.

7. How long is information retained?

Whilst workers remain in employment with the organisation, occupational health records will be held securely by ICH only being deleted 10 years (for case management), 40 years (if health surveillance has been undertaken) or 50 years (if statutory health surveillance has been undertaken) after the last entry in the notes once the worker has left the company.  Pre employment information will be deleted 12 months after the date of last entry, unless employment has been confirmed by the employing organisation.  Emails and general correspondence is deleted after 12 months.

Our record retention policy is in keeping with our medical malpractice insurance, recommendations for best practice in the field of occupational health and relevant statutory requirements.

8. Copies and amendments

Individuals have the right to request a copy of the information that we hold about them.  Copies can be requested from our administration team, who are also able to help with making sure that personal information is accurate and up to date; workers can ask us to correct or remove information they think is inaccurate.

The administration team can be contacted at enquiries@insynchealth.co.uk, or by writing to Insync Corporate Healthcare ltd, Excalibur Drive, Thornhill, Cardiff CF14 9BB.

9. How is the data shared and stored?

Paper records are securely locked away and can only accessed by personnel approved by ICH and/or occupational health specialists.

Electronic occupational health records are held in a secure cloud-based database that is accessible by authorised users and managed by CIVICA Group ltd which is ISO 27001 compliant and certified under the Cyber Essentials scheme. We also use third party expertise for IT support, telephony and for the electronic scanning of medical records and storage of archived paper records.

We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information in accordance with UK GDPR and they may not use your information for any other purpose.  All our third parties are bound by the same strict codes of conduct and confidentiality and have restricted access to occupational health information.

Microsoft Office 365 is our email platform and we ask organisations to make sure that information is transferred to us securely.  When sending information to organisations we use electronic encrypt documents containing personal data and confirm the identity of the recipient before releasing any details.

10. Your right to complain

We work to the highest standards when it comes to processing personal information.

We encourage contact if there are any concerns about how we use personal information.  Please email enquiries@insynchealth.co.uk.  If you are not satisfied with our response or believe we are processing your personal information incorrectly and not in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ICO.org.uk.

1 Data Protection legislation means any applicable law, and/or related issued judicial guidance, relating to the processing, privacy and use of personal data, including the UK GDPR, Data Protection Act 2018 and/or any corresponding or implementing national laws or regulations.

Download the Privacy Statement as a PDF here

Get in touch with InSync Corporate Healthcare today

15 + 9 =