How Should Companies Handle Sensitive Information Obtained From Workplace Medical Audits?

Quick Overview:Companies should handle sensitive information obtained from workplace medical audits with utmost care and in compliance with privacy laws. This includes ensuring secure storage, limited access to the information, obtaining informed consent, and properly disposing of the data when no longer needed.

Answer:
1. Secure Storage: Sensitive information obtained from workplace medical audits should be stored securely, such as in encrypted databases or password-protected systems.
2. Limited Access: Only authorized personnel who have a legitimate need for accessing the information should be granted permission to do so.
3. Informed Consent: Employees’ consent must be obtained before conducting any medical audit and their understanding of how their personal health information will be handled should be ensured.
4. Privacy Laws Compliance: Companies must comply with applicable privacy laws (e.g., Personal Information Protection and Electronic Documents Act in Canada) while handling sensitive employee health information.
5. Proper Disposal: When the collected data is no longer needed, it should be disposed of properly to prevent unauthorized access or breaches.

FAQs:

1. What is considered sensitive information in workplace medical audits?
Sensitive information may include employees’ medical history, diagnoses, treatment plans, prescription details, mental health records, etc.

2. Can companies share this sensitive information with others?
No; sharing such sensitive employee health information without proper consent or legal justification would likely violate privacy laws.

3. Do all employees need to undergo a workplace medical audit?
Not necessarily; employers typically conduct these audits on a case-by-case basis for specific reasons like disability claims management or return-to-work programs.

4. Are there any legal requirements for companies regarding handling this type of data?
Yes; companies must comply with applicable federal and provincial privacy legislation governing the collection and protection of personal health information.

5. How long can companies retain this sensitive data?
Retention periods vary by jurisdiction but generally range between 7-10 years after an individual’s employment ends or until no longer required for legal or business purposes.

6. Can employees access their own medical audit records?
Yes; employees have the right to request access to their personal health information collected during a workplace medical audit, subject to certain exceptions and limitations.

7. What should companies do in case of a data breach involving sensitive employee health information?
Companies should promptly notify affected individuals, take necessary steps to mitigate harm, and comply with any applicable reporting requirements under privacy laws.

BOTTOM LINE:
Companies must handle sensitive information obtained from workplace medical audits securely and in compliance with privacy laws. This involves proper storage, limited access, obtaining informed consent, adhering to retention periods, allowing employee access rights, and taking appropriate measures in case of a data breach.