workplace and medical assessments to protect employees and support businesses

Privacy Notice

Business and Health Consultancy Ltd is keeping and processing records that include personal information about clients and patients. Under the General Data Protection Regulation there are certain duties and rights related to holding this information. Due to the medical nature of our services we hold additionally medical, work and financial information. This type of information is classified as sensitive and there are additional legal and professional requirements safeguarding it.

What information do we hold?

The information we hold is kept to a minimum and required for the provision of occupational health services. This includes information we are required to hold to comply with professional standards. These standards are set by the General Medical Council, Nursing and Midwifery Council, Health and Safety Executive and others.

We do not hold the same details about every individual as every case is different and therefore different requirements may apply.

Data we may hold:

Name, date of birth, national insurance number, contact details, address

Employer details

Workplace details

Medical information

Results of medical tests

Details about your GP or specialists

Information from other parties like your GP or other professionals

Reason for holding this information

Our clinical staff needs to maintain personal information to meet statutory requirements and guidelines. It also enables us to keep an accurate record of contacts that we have had with you for medical and workplace assessments.

Article 9 of the GDPR refers to holding and processing special category data. This includes health data. In Article 9 paragraph 2 (h) processing of occupational health data is stated as being justified.

Source of information

To carry out occupational health assessment we receive information from your employer and yourself. In some cases we may receive additional information from other professionals.

Right to be forgotten

The GDPR does include a right of the data subject to request erasure. However regarding medical data this right is superseded by other laws and regulations. Therefore the right to be forgotten is limited due to other legal requirements.

Duration information is kept

The requirement to keep information and retention time is regulated by a number of laws and regulations. The most important ones are:

Health and Safety at Work Act 1974

Management of Health and Safety at Work Regulations 1999

Workplace (Health, Safety and Welfare) Regulations 1992

Control of Substances Hazardous to Health Regulations 2002

Control of Asbestos Regulations 2012

The Control of Lead at Work Regulations 2002

Ionising Radiation Regulations 2017

Work in Compressed Air Regulations 1996

The Control of Noise at Work Regulations 2005

Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995

The Control of Vibration at Work Regulations 2005

Confined Space Regulations 1997

Working at Height Regulations 2005, amendment 2007

Personal Protective Equipment Regulations 1992

Display Screen Equipment Regulations 1992

The Working Time Regulations 1998, amendment 2003

The Private and Voluntary Health Care (England) Regulations 2001


Retention period

Health surveillance medical information

40 years from last entry

Health surveillance medical related to ionising radiation

until age 75 and at least 30 years

Occupational health medical records

at least 8 years from date of last entry, best practice is 10 years from last entry

Financial information

minimum of 6 years from last entry

The listed retention times are minimum times and information is assessed individually if a longer retention time is required (for example for assessing vaccination and immunity the life time vaccinations schedule is required to assess appropriately).

Confidentiality and security

Medical records are kept confidential on a central server. The information is only accessed by occupational health staff for the provision of the service. Paper notes are used for a duration of 3 months to up to 3 years depending on details. They are then stored electronically according to GDPR requirements.

Due to professional requirements data cannot be anonymised for the performance of the medical assessment. We use encryption for safeguarding.

We do not share information with third party organisations without the consent of the data subject. We do only release a report to your employer with your consent. You can withdraw consent at any time until the time the report has been sent.

There are some legal requirements which can overrule the need for consent. There can be a legal obligation for disclosure due to the power to order a disclosure as it can be exercised by courts, tribunals or regulators or if a disclosure is in the public interest (e.g. if a person is putting others at significant risk).

Access to personal information

You have the right to request access to the information held about you. Please use our contact page to get in touch with us. The first copy is free which will usually be send by email. Repeated or excessive requests can be chargeable.

Due to the sensitive nature of the information we may request additional information to establish your identity.

Medical information has to comply with additional requirements. A healthcare professional can therefore withhold information if it is felt it may cause serious harm to the physical or mental health of the individual if disclosed.

Should any information we hold not be accurate we would expect you to inform us so we can amend your information.

Raising Concerns

If you have any concerns about the data we hold about you or how we use and process it, please get in touch with us via the contact page of the website to contact our Data Protection Officer. If you are still not satisfied you may contact the Information Commissioner’s Office. Our registration number is Z9181912.

Access to information from other healthcare professionals

We do not have access to your GP notes or the medical files of other healthcare professionals. In case we feel access to medical information of other healthcare professionals being of benefit we will ask you for consent before contacting your GP or specialist.

Decision making

We do not use automated decision making. Assessments are carried out by qualified healthcare professionals.

For answers to any further questions you may wish to refer to our Terms and Conditions at http://www.businessandhealth.co.uk/Business.php


Would you like to have a look at our building and consulting rooms!

 Follow BusinessHealthC on Twitter

Follow BusinessHealthConsultancy on Facebook
Follow businessandhealthconsultancy on Instagram
Audit of Occupational Health reports 2019
The audit shows over 99% of reports having complied with reporting standard in full. 
Audit of Occupational Health reports 2018
The audit shows over 99% of reports having complied with reporting standard in full.

Audit of Occupational Health reports 2017
The audit shows over 98% of reports having fully complied with reporting standards.

Audit of Occupational Health reports 2016
The audit shows 100% of reports having fully complied with reporting standards.
Audit of Occupational Health reports 2015
2015 shows over 90% of reports having fully complied with reporting standards.

Audit of Occupational Health reports 2014

The audit shows over 99% of reports having fully complied with reporting standards. 
Customer Satisfaction Survey - Occupational Health - 2019
Over 99% of the feedback indicates customers would recommend our services to others. Issues are dealt with quickly and efficiently, enabling business decisions without delay.
Over 99% of patients rate the service as excellent. They value the wealth of knowledge of our health professionals to explain health issues in a way easy to understand. Patients found the consultation helpful and the environment friendly, making the experience a positive one.
Customer Satisfaction Survey - Occupational Health - 2018
100% of the feedback indicates customers would recommend our services to others. Issues are dealt with quickly, enabling business decisions.
Over 98% of patients rate the service as excellent. They value great knowledge of health professionals, their professional conduct and being treated with respect.
Customer Satisfaction Survey - Occupational Health - 2017
Very good feedback with over 90% rating good and better. Great satisfaction has been expressed especially in the areas of professionalism and speed. 
Patients valued the service with 98% as excellent. They appreciate the friendliness and time to listen to their circumstances.

Customer Satisfaction Survey - Occupational Health - 2016
Occupational Health Practitioners scored over 90% excellent in professional manners, medical and workplace knowledge and friendliness  Read more 
Customer Satisfaction Survey - Occupational Health - 2015
The feedback demonstrates high standards can be maintained over several years  Read more 

Customer Satisfaction Survey - Occupational Health - 2014
Another great year of high customer satisfaction read more
 Good health is good business

  © Business and Health Consultancy - Occupational Health Services and Consultancy

last update 12.06.2020