Your rights & how we look after your information
We provide occupational health advice and services to our employees and to other customer organisations and their employees. We are Data Controllers of personal data of users of RUH OHS services for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation 2018 (GDPR).
The Occupational Health service works within the framework of the RUH Information Governance (IG) Policy, which ensures appropriate governance of medical and non-clinical information in line with the Data Protection Act 2018 (which includes the General Data Protection Regulation) and other relevant legislation and guidance.
The following is a list of the key policies that underpin our approach:
| Accessing Confidential Information policy | Health Records Documentation Management and Archiving Policy |
| Acceptable Use Policy | Health Records Management Policy |
| Code Of Expectations of Employees | Health Records Content Policy |
| Communication of Personal Identifiable Information - Safe Haven Policy | Information Governance - Overarching Information Policy |
| Corporate Records Management Policy | Information Risk Management Policy |
| Data Quality Policy | Information System Security Policy |
| Destruction of Confidential Waste Policy | Medical Photography Policy |
| Freedom of Information Act 2000 Policy | Mobile Information Handling and Computing Policy |
| Freedom of Information Publication scheme | Web Content and Editorial Policy |
The Trust's IG framework reflects:
- The need for an appropriate balance between openness and confidentiality in the management and use of information. It recognises the Caldicott principle that patient information should be shared if it within the patients best interests to do so but that this should be done securely and within the law
- The principles of corporate governance and public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard personal information about patients, staff and Trust sensitive information
- The need to share patient information with other health organisations and other agencies in a controlled manner consistent with both data protection legislation and the Caldicott principles