Can employers see audiometric testing results?
Is it medical data and subject to full medical confidentiality, or is it a lesser standard of workplace safety data, or something between? It doesn't help that external audiometry service providers have several different approaches and not all the reasons for their approaches are to do with confidentially and can often be more about locking a client in to them by making it hard for them to go elsewhere.
What do the Noise Regs and L108 say about it?
To be clear, the noise regulations say absolutely nothing about it. Not a word. From there on it is purely guidance and the HSE themselves seem to be in a complete muddle over it.
These are some key entries in the L108 Controlling Noise at Work bible:
This says that the employer should only see anonymous audiometry data - basically the number of people tested and the percentages who scored which Category of result.
This however says that the results should be maintained by the employer, separate from HR records, which completely contradicts the previous advice as it requires the employer to hold the data.
This is all for a visiting service by the way - one where someone comes in, does a batch of tests on a specific group of people, and then leaves again. An in-house Occ Health provision is very different as they will have the type of management relationship where the rest of the company simply doesn’t need to see the audiometry results and just needs the Occ Health person’s advice on specific individuals.
We give you all the audiometric testing results data.
It is YOUR data, being generated for YOUR legislative compliance, on YOUR employees, and YOU are paying for it. You are hiring a specialist tool to gather data for you and provide you with some interpretation of it.
If you have the audiometry data you can choose any screening provider you want in the future and have the testing history to hand for continuity.
Think of it as renting a bit of kit to do a specific job to meet a need within your business and to comply with your legislative requirements, just that as the kit is specialist it comes with someone to operate it for you, that's all. Like hiring a crane. When we come in, from the equipment to the technician, we are a tool being used by the employer for their legislative compliance therefore the information gathered belongs to you. And if you choose another provider in the future then you can ensure continuity of testing without any hassle as you have the old data for reference - we have plenty of experience in the past of screening providers throwing up a lot of hurdles to transferring data between them and a new provider.
You know how you will store your data, you have no control over how the provider stores it.
For GDPR, you know how you are storing your data but do you know the details of how a service company is storing it? How secure are their servers, their backups, their cloud service providers, etc. Where in the world, literally, are their cloud service or backup providers located so where in the world is your audiometry data going? Do they use tape backups and if so, where do they go? What levels of encryption are used on their data stores and backups? Who are they employing who has access to it? Do they use an external IT service provider, and if so, who there has access to the data? Are the records in a proprietary file format or an open one like PDF? And so on and so on.
For your own company, you can answer all those questions now and in the future as well - you are as good at storing the audiometric test results data securely as anyone else!
Don’t fall for the nonsense that you aren't capable of holding onto a copy of it as though you are somehow otherwise leaving paperwork scattered all over the staff canteen for all and sundry to see. (Or a genuine case I heard recently, an employer was told they could have the data but had to lock it up in a specific dedicated filing cabinet and send the provider the only key for it - absolutely bonkers!).
Yes, the provider needs to hold a copy of the results for as long as they are have an ongoing working relationship with you, but they are no better at storing the data than you are.
GDPR says you shouldn't retain data which is of no further use.
GDPR prohibits the retention of data which has no business or compliance use. At least 98% of all the medical data collected during the audiometry process is of no future use once the test is done as it is no longer relevant or quickly becomes out of date, especially information on the questionnaires. But, it is highly personal, not only to the individuals concerned but even their relatives, (for example - history of medical issues within the family - did their mother, dad, brother, etc. give consent for data about them to be held?). GDPR specifically says this data should not be retained however I guarantee no service provider is deleting bits of the hearing health questionnaires they retain to comply with this.
My advice therefore is don't let the provider keep the all the health questionnaires in full in the first place - a lot of the data is irrelevant as soon as the test is done, keeping it ‘just in case’ or ‘because you can’ or ‘because that’s what has always been done’ is not a good enough justification.
I would even go so far as to say that you, the employer, also shouldn't keep the questionnaires - the supplier should just record any relevant information which is important to retain, which is the pertinent information GDPR permits retention of, then give them back to the employee or destroy them.
Unless you have thousands of employees, anonymous statistics are totally useless to you.
Statistical analysis of audiometric testing results is so pointlessly useless for all but the largest companies that I am surprised the HSE wrote that into their guidance, (again, not law, guidance). Let's be frank about the 'anonymous grouped data' idea - unless you have thousands of employees then statistics are useless, you may as well ask a passing pigeon for their thoughts on the matter for all the accuracy it will have.
In L108’s guidance, the nonsense about anonymous percentages continues with statements such as comparing tables of percentages of Cat 1, Cat 2, etc. from one year to the next and using changes in that to identify whether there are problems with the hearing conservation programme, (L108, page 122). Aside from the uselessness of these percentages without high numbers of employees in the first place, comparing percentages of audiometry results categories from year to year is also often nonsense. For example, in Year 1 and Year 2 of a programme you are testing everyone, but from then on you are not testing comparable groups of people.
In Year 3 you are testing your Cat 3s and 4s only so a large percentage will ‘fail’ naturally.
In Year 4 you are testing your Cat 2s, 3s and 4s but not your Cat 1s, again, a larger percentage of lower results.
Then in Year 5 you are testing your Cat 1s, Cat 3s and Cat 4s but not your Cat 2s so maybe an artificially high percentage of good results.
That makes any comparison of percentages of each Category scored absolutely useless from Year 2 onwards. Sometimes I can’t help but think the Powers That Be who wrote the guidance in L108 told an unpaid work experience kid to get on with it and everyone else went to the pub for a long lunch.
Retest dates break anonymity anyway
Just to seal the nonsense of anonymous data somehow keeping the category of result secret and confidential, anyone with half a brain can easily work out what an individual's result was from their retest frequency. If they are getting retested every three years then it was clearly a Category 1, if it's every two years then it was a Category 2, while if it's every year it must be a Category 3 or 4. This makes the anonymous statistical approach even more of a nonsense as clients need to know in advance who is going to be tested and when so they can budget for it appropriately.
You have to protect individuals and treat people differently where needed, so you need individual results.
Having individual audiometry results means you can protect individuals, not just groups. In health and safety you have to protect individuals and treat people as individuals, varying protection where needed, which again means anonymous data fails to meet that basic need. That’s so important I wrote that in bold which makes it very important indeed.
For example, it is decades-long established in law that an employer has to provide extra protection to someone with one eye rather than two as the potential outcome of an eye injury is not good either way, but is so much more severe if they lose their one good eye. The same is true with noise - some people with poor hearing can have a small additional loss in their hearing and it can have a major impact on their life whereas for others the same annual drop in ability will be negligible. Anonymised grouped data means the employer cannot comply with this basic duty.
You know who can access the data if you have it.
If you have the data you know who has access to it, you know who they are and their background. Do you know what the 3rd party screening company’s recruitment policy is? Who at their end has access to the data? Who in their office has access to the data? What contractors used by them, from IT systems to cleaners, have possible access to your data? What is the background of everyone in their company who can see and access your data?
How sure are we that you can see it?
We have been doing this for years and years now and know for a fact that the HSE have seen our audiometry reports many times and have always been happy with them. In some cases employers have told us the HSE have been in and done an inspection and all was good, or in others new clients have been informally recommended to talk to us by HSE Inspectors who have seen our work elsewhere. In other cases still we have spoken directly to HSE Inspectors about screening specifically and never once had a problem. We have even trained Inspectors in audiometry at work.
Remember, the point of audiometric testing at work is for the safety of your employees, and only the employer can do that and to do it they need the best information possible.
Audiometric test record keeping advice
Appoint one person in the company to manage the testing process and hold the data. And to repeat the information above, this must be separate from HR records. HR love to control all records relating to an employee but the HSE are very clear on this one that audiometry records must not be kept in the general personnel files.
As for 3rd party suppliers, clearly they do need to keep an electronic copy of the result as it is then used in future testing for comparison and Category 4 calculations, and that's fine.
And don’t let them keep the hearing health questionnaires at all - they don’t need them in full. Full stop.
Transfer of historical audiometry data when you move screening provider
To be clear, should you decide to move away from us then you will already have all the data on any screening we have done for you so can let your employees know you have a new provider and after consulting with your employees, you can then just send it to them.
To go the other way then unfortunately you are at the whim of your previous provider and some a more amenable than others. In just the first few months of 2019 we came across cases where:
A large employer wanted to change provider and received confirmation from their insurer that it was perfectly fine for the historical audiometry and spirometry data to be sent to the Health and Safety Manager and for them to store it securely.
Another employer wanted to change provider but their previous screening provider said the Health and Safety Manager there couldn’t have it. It was dressed up in all kinds of nonsense and obfuscation but at the heart of it, it came down to nothing more than that provider’s own in-house policy being dressed up as some kind of pseudo-external rule.
It is always worth remembering that a competitor to us are companies renting their own kit to do tests in-house. The tests are usually absolute not very good, but it does mean that ANYONE in a company can rent the kit and operate tests on employees. They gather in exactly the same data as would be provided by an external provider so if that is permissible then there is no reason at all why they could not hold and store data provided by a third party. Nothing says screening audiometry has to be overseen by a GP or GMC member, just someone ‘competent’ and who then treats the data securely.