Updated 22nd May 2018 – Version 2
OPA Health takes your privacy seriously.
OPA Health uses a secured and encrypted icloud for the storage of data. The business data servers are based within the UK. OPA Health clinical and administrative staff only have access to the data stored on the icloud and it is only viewed when required. All data is kept within the provision of the General Data Protection Regulations (GDPR) 2018 and the Data Protection Act 2018. OPA Health is committed to retaining information as laid out in the company retention schedules and will not keep information for longer than is required under recommended clinical and health surveillance records.
OPA Health is committed to maintaining high levels of confidentiality. No information will be passed to others in any form including third parties without the written consent of the employee unless there is an identified clinical risk and this is in the interest of the employee, their safety and the safety of others as set out in the NMC confidentiality guidelines www.nmc.org.uk/standards/code
Employee consent will be gained prior to releasing any occupational health report to the referring managers as laid out in the company policies. Employee data may be used anonymously in data analysis and trend analysis to lead business specific health initiatives and health education. It is advised that businesses encrypt all personal information being sent to OPA Health. Any occupational health reports will be sent to referring managers using an encryption code.
There may be some circumstances where we might be obliged by law to share information with government bodies or regulatory authorities such as criminal investigations, anti-terrorist investigations and where a court make an order for information disclosure. OPA Health will use reasonable endeavours to notify you in advance if we are required to disclose information in these circumstances unless we are legally prohibited from making such advanced disclosure. OPA Health will ensure that all requests meet the provisions set out in the relevant articles of the GDPR 2018 and Data Protection Act 2018.
If for any reason you have sent your personal data (as defined by the Data Protection Act 2018) to us you have the right to ask us for the scope of the information we process about you, the purpose and nature of the processing and any information on who we might have shared it with. If we have any personal data you can request that it is updated, corrected or deleted (assuming that it is not required for authenticating your use of services in the future) at any time. While we will attempt to accommodate any request we may not be able to do so for technical reasons, where it might compromise a legal process or the safety and security of another person.
As a company registered and operating in the United Kingdom we will not send any information or data outside of the European Economic Area.
Notification of Changes