Having recently read a report on Occupational Health Unit medical data by a
Dr. Diana Kloss (Manchester School of Law) in which she advises OH
departments to hold data protection notifications separately from the main
organisation they work for, I considered the question of control of OH data
with some surprising and supportive conclusions for Dr. Kloss.
When medical ethical guidelines are taken account the position within an
organisation of an OH doctor certainly appears to meet the definition of a
data controller.
Having some work to do on the OHU within my organisation the following
questions arose.
Do the circumstances of the work undertaken by an OH doctor mean they are a
joint controller under the DPA 1998?
or are they the controller of the organisations health data on their own?
With the organisation having no control?
Could an OH doctors position be said to be similar to a G.P's data
protection situation?
How do the other organisations out there deal with this?
Ian W,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|