Medical reports
[ch 7: pages 222-223]The Access to Medical Reports Act 1988 entitles individuals to see medical reports by their GP, or any other medical practitioner responsible for their care, in connection with their employment. The Act says that:
• the employer must obtain the individual’s consent before seeking a report from their GP;
• the individual has the legal right to a copy of the report before it is forwarded to the employer and to query items in it; and
• if the doctor refuses to accept the employee’s objections, they should be attached to the report.
Medical information is sensitive personal data and the employer must comply with all the requirements of the Data Protection Act 1998 and Part 4 of the Information Commissioner’s Code of Practice: Information about workers’ health, available from the website of the Information Commissioner.
In particular, the Code says that information must be kept confidential and secure, should be relevant and accurate, and must be kept for no longer than necessary. For example, employers should have a confidential waste policy for the shredding of medical reports that are no longer required, after a specific time period.
https://ico.org.uk/media/for-organisations/documents/1064/the_employment_practices_code.pdf