Provide occupational health assessments and advice (for example fitness for work, adjustments, surveillance).
Meet legal, regulatory and professional obligations (for example health surveillance record‑keeping where required by HSE regulations).
Improve services and respond to enquiries in a way that respects confidentiality and data protection law.
Information is only collected where it is relevant to the occupational health purpose and is not used for unrelated reasons.
Medical information handled by Clarity is treated as confidential “special category” data and is protected by professional ethics as well as GDPR.
In practice this means:
Clinical information from appointments is stored by occupational health and not shared with managers in full.
Management receives clear recommendations and outcome summaries, not your detailed medical notes.
Information is usually shared only with your explicit, informed consent, except in rare situations such as a court order or serious risk of death or serious harm.
Clarity explains what will be included in any report, why it is needed and who will see it, so you can give informed consent.
Clarity uses secure electronic systems and controls to keep occupational health records safe.
Key safeguards include:
Secure, password‑protected systems for storing clinical information, aligned with SEQOHS and data protection requirements.
Access controls so only appropriate occupational health staff can see your full clinical record; managers only see agreed reports.
Retention in line with legal and clinical guidance – for example, longer retention for some health surveillance records required under HSE regulations.
Data is kept only for as long as necessary to meet legal, clinical and regulatory obligations, after which it is securely destroyed
Under UK GDPR, you have specific rights in relation to your occupational health data.
These include the right to:
Access your personal data, including occupational health records, by making a request (subject access request).
Request correction of inaccurate information.
Request restriction of processing or raise an objection in some circumstances.
For health data there are some limitations – for example where erasing data would conflict with legal record‑keeping duties, or where disclosure could cause serious harm – but these are clearly defined in law and applied by healthcare professionals. Clarity’s privacy policy explains how to make a request and how it will be handled, including response times.
For employers, Clarity’s approach means occupational health advice is based on robust, confidential records that are handled in line with GDPR and professional standards. For employees, it means your medical information is kept separate from HR records, shared only on a need‑to‑know basis and managed by clinicians who owe you a duty of confidentiality.
For further guidance on how Clarity Occupational Health manages your data, please refer to our Privacy Notice.
If you have any further queries, please contact our DPO: dpo@clarityoh.co.uk