Medical reports and the law 




GP reports, and reports by any consultant following a GP referral, are covered by the Access to Medical Reports Act 1988 (AMRA). AMRA entitles individuals to see medical reports by their GP, or any other medical practitioner responsible for their care, in connection with their employment. AMRA says that:





• the employer must obtain the individual’s consent before seeking a report from their GP;





• the individual has the legal right to a copy of the report before it is forwarded to the employer and to query items in it; and





• if the doctor refuses to accept the employee’s objections, they should be attached to the report.





AMRA only applies to reports by a medical practitioner “responsible for the clinical care of the individual” (that is, a GP or consultant). It does not apply to reports by a company doctor or external occupational health adviser. However, like GPs, these medical professionals are bound by legal and professional duties of confidentiality. They must only send a medical report to the employer with the worker’s informed consent, and a worker’s consent can only be “informed” if they know what the report contains. In any event, it is usually sensible for the worker to spell out that they want to see the final report before consenting to its release to the employer.




Data protection laws apply to medical reports. Medical information is a “special category of data” (previously known as “sensitive personal data”) under the General Data Protection Regulation. The employer must comply with Part 4 of the Information Commissioner’s Code of Practice: Information about workers’ health. In particular, medical information must be kept confidential and secure, should be relevant and accurate, and must be kept for no longer than necessary. A medical report should not be shared with management or HR without the employee’s express consent. See also Chapter 15: Data Protection.