Embedded Files
UPDATE 15th Feb 2025
To ensure continued compliance with GDPR and Data Protection legislation, we have introduced stricter access controls for Health Surveillance, DSE records and injury accidents, which contain sensitive personal information classified as 'special category data'.
Key Changes
Previously, all OCC managers could view health surveillance records for their staff (but not other managers unless they had access at a higher level within the company hierarchy).
Now, an additional 'Heath Data' authorisation is required to access health surveillance and DSE records.
This authorisation is not automatically granted to OCC managers, as some may be line-managed by others and should not have access to their records. So this permission may not be appropriate for assistant managers.
Injury accidents do not need an additional authorisation to access but they still follow the same access process once the accident is resolved i.e. historic accidents.
How to Get Health Data Authorisation
If you need the authorisation, you can request it from a colleague who already has the permission.
Once granted, you can assign this authorisation to others in your organisation.
Authorisation
Authorisation
Who can access tasks and records that have sensitive health data?
Any manager who:
Has access to the site where the employee works AND Has been granted health data access authorisation.
How to grant authorisation?
The authorisation for sensitive health data can be found on the manage employee record just above site access:
If you have the authorisation yourself, you can add it to an employee record by clicking on site access and ticking the checkbox:
The authorisation will show on the employee record just above site access:
NOTE - you can also see who has this access employee wide via the Authorisations & Tags filter on the employee pages. It's also included in the staff export too.
Accessing Records that contain Sensitive Employee Health Data
Accessing Records that contain Sensitive Employee Health Data
If you have any Health Surveillance or DSE corrective action tasks, the data will appear redacted (randomly obscured) and marked with a sensitive label that displays a padlock symbol:
If you don't have authorisation and click on the task, you will a message like this:
If you need access then please ask someone in you company who already has it. There will be at least one person who has this authorisation.
Access Process
Access Process
If you do have the authorisation you will see this access screen that you need to complete for audit purposes.
Access Reason – For example, "Line manager resolving health surveillance" or "Health & Safety Manager reviewing open tasks".
Access Expiry – Select the minimum period necessary. Note that the maximum expiration periods may vary for different types of sensitive tasks.
Access Scope – Choose the appropriate scope of access. Select a single employee if you are just going to be accessing one person's records. But if you need to access other records during your session, use the All Employees or Company level to access all records for this period of time.
For accidents you will just have a choice of the site or further up your organisational hierarchy (if you have access)
Once you've configured your access, click on 'Access Task' to proceed as usual. The tasks will appear unredacted based on the access scope you've chosen.
Note - If you only need to grant yourself access without entering the task, select 'Grant authorisation only'. This will return you to your previous screen with the tasks unredacted according to your chosen access scope. This option is particularly useful for running reports when you need to export unredacted information in a CSV file.
Injury Accidents
Injury Accidents
These records will also contain health data - for resolved 'historic' accidents an access process step is still required.
Unlike health surveillance and DSE these not require an additional authorisation i.e. any OCC manager can still access these.
Access Tracking & Audit Trail
Access Tracking & Audit Trail
The task side panel for sensitive tagged tasks will show:
Current temporary access holders.
Past 7-day access history (including expired access).
Hover over a name to see their reason for access.
A full audit trail is retained for compliance which you can find under Audit Trail under Manage site - additional options.
Why Is The Access Process Necessary?
Why Is The Access Process Necessary?
1. Authorisation Does Not Mean Unlimited Access
Being authorised means a user can access records, but it doesn’t mean they should have unrestricted access at all times.
Health data is sensitive and protected by GDPR, which means access must be justifiable, time-bound, and monitored.
2. Legal & Regulatory Compliance (GDPR & Data Protection Requirements)
GDPR (General Data Protection Regulation) requires that access to sensitive personal data be:
Justified – You must state a reason for access.
Limited in scope – You should only access records relevant to your role at that moment.
Logged for accountability – Every access event must be auditable.
🚨 If we bypass the audit process, we risk breaching GDPR, which can lead to regulatory fines and legal action 🚨
3. Protecting Employee Privacy & Trust
Employees have a right to privacy regarding their health surveillance and DSE records.
Without an audit check, an authorised user could access records without a valid reason, which might be seen as an invasion of privacy or even data misuse.
By requiring a justification before access, we ensure that employees' personal data is only accessed when necessary and for the right reasons.
4. Reducing Business Risk & Protecting the Company
If a data breach or misuse of health records occurs, the Access Audit Log serves as evidence of who accessed what and why.
Without this safeguard, the company would have no clear record of who viewed sensitive information, exposing it to legal disputes and regulatory scrutiny.
5. Minimising Unnecessary Access ("Need-to-Know" Principle)
The Access Audit process prevents casual or habitual access to sensitive records.
Without it, an authorised user might repeatedly view records without immediate necessity, increasing the risk of data leaks or internal misuse.
Balancing Compliance & Usability
Balancing Compliance & Usability
We understand the importance of efficient workflows. However, the slight friction of completing an Access Audit is a necessary safeguard to:
✅ Keep your company compliant with GDPR and Data Protection legislation.
✅ Protect employee privacy and ensure trust in the system.
✅ Reduce legal and reputational risks for your business.
Report abuse