How should companies store audiometric testing data?
As clients receive all the data from us, it is important that client companies have a good system for holding and storing the data arising from the audiometry process. GDPR has had little impact on how a company should be setting up workplace audiometric testing programmes and the requirements on the employer remain pretty much as they always have been. The key elements of managing audiometric testing data are:
Informing employees before the day
Before the testing process starts, clients should inform their employees that the hearing tests are being done, who is doing it, why it is being done and what will be done with their data, including what the employer will see, and the employees given the opportunity for some input into the process or comment on it.
Storage of audiometric testing data by the client
There should be one nominated individual within the employer's company who can see the screening results and holds the hearing test data securely. This information may not be seen by anyone else, other than an employee looking at their own record or where an employee gives permission for someone else to see it.
The data may not be kept with HR records - this is a specific requirement in L108 and, much to the chagrin of many HR departments the length and breadth of the UK, is an important point.
This principle of only one person having access and controlling the data is important and nobody else within the company should have access to or sight of the audiometric test reports.
We provide the data as password-protected electronic files therefore there are no paper records to store or file.
Store the files with the password protection intact. As belt and braces, if you can store them within a password protected encrypted folder then so much the better. Only one person should have access to the storage location.
Access to the audiometry data
Employee access to their information
If an employee requests it, you should provide them with access to their own result but care must be taken not to provide access to the results for any other individuals. The simplest solution is to use the PDF report we supply and print the one page with that employee’s audiogram result on it.
Insurer access to audiometric testing data
Clients should be careful with bodies such as insurers. Letting them view anonymous data which confirms trends and that the audiometric tests have been taking place is perfectly fine, but they have no legal basis for seeing individual personal audiometry results. If an insurer wants to see the full report where results categories per individual are given, or the audiograms, then consent for that from all the employees concerned must be obtained.
HSE access to audiometric testing data
As the HSE are accessing data for regulatory compliance then access to the full report can be given however we would still recommend a discussion takes place first to determine if the HSE inspector concerned is happy to see anonymous data confirming the audiometry programme is in place rather than handing over personally identifiable information immediately. If they want to see it all then that is OK, but it's worth asking the question before handing it over.
New service provider access
We have deliberately made our systems as simple as possible should you wish to use another provider. If you decide that for whatever reason you wish to use a different service provider in the future then you already have all the audiometry data you need from us. You should notify your employees of this proposed change and give them chance to comment, then providing all is OK you can send the PDF of the results (the audiograms - the part with the graphs) to the new provider.