It seems to me that the employer would still be a data controller in the
circumstances Ian B. describes. If the employer holds a notification for
the purpose, and fully determines the methods by which and manner in which
the OH doctor works in a contract it might be arguable the doctor is a data
processor. However, the doctor does seem still to appear to have some data
controller responsibilities for the OH data.
Doreen's <[log in to unmask]> comment
"I believe that the employer would still be the data controller as most
employees would sign a contract with the employer and within that contract
(at least as far as this Council is concerned) normal procedure would be a
referral to OH if there is a recurring problem with absence - therefore the
data subject by signing the contract agrees to that practice."
reflects the contractual issue but does not account for the control of the
data necesarily exercised by the OH doctor over which the employer will have
no say.
I understand that G.P's notify separately.
How do hospitals or clinics deal with this one I wonder?
Anybody out there aware?
Ian W.
----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, September 10, 2001 10:39 PM
Subject: Re: Control of OH medical data
> Whether or not the OHU is registered separately, the requirement for Human
> Resources / Personnel to have explicit consent to hold sickness details of
> staff would probably not apply to OH physicians.
>
> This would mean that self certification and doctors' notes would have to
go
> directly to OHU rather than the HR/personnel unit.
>
> Medical and DPA rules would of course prevent disclosure to the
HR/personnel
> department without consent but the OHU could perform the employer's duties
in
> terms of welfare counselling and non-sensitive details (e.g. dates of
> absence) could be given to the employer as part of the employee's contract
> for SSP purposes.
>
> But does this mean that the employer is still the controller because they
> have decided the route of the sensitive personal data?
>
> Ian Buckland
> MD
> Keep IT Legal Ltd
>
> Please Note: The information contained in this document does not replace
or
> negate the need for proper legal advice and/or representation. It is
> essential that you do not rely upon any advice given without contacting
your
> solicitor. If you need further explanation of any points raised please
> contact Keep I.T. Legal Ltd at the address below:
>
> 55 Curbar Curve
> Inkersall, Chesterfield
> Derbyshire S43 3HP
> (Reg 3822335)
> Tel: 01246 473999
> Fax: 01246 470742
> E-mail: [log in to unmask]
> Website: www.keepitlegal.co.uk
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|