Can employers see audiometric testing results?
Well here is a right can of worms and it is important as it has a direct impact on how useful the results are to you. Is it medical data and subject to full medical confidentiality, or is it a lesser standard of workplace safety data, or something between? It doesn't help that external audiometry service providers have several different approaches and not all the reasons for their approaches are to do with confidentially and can often be just about locking a client in to them by making it hard for them to go elsewhere.
To tick the 'full medical confidentially' thought off first, this is not the case as the person doing the screening test is not a Doctor, Audiologist or Nurse and is more of a technician, so that doesn't meet the same standard as say the medical information a GP would hold. It's not the same as asking a GP to give you the medical records for one of your employees.
What do the Noise Regs and L108 say about it?
To be clear, the noise regulations say absolutely nothing about it. Not a word. From there on it is purely guidance and the HSE themselves seem to be in a complete muddle over it.
These are some key entries in the L108 Controlling Noise at Work bible:
This says that the employer should only see anonymous audiometry data - basically the number of people tested and the percentages who scored which Category of result.
This however says that the results should be maintained by the employer, separate from HR records, which contradicts the previous advice as it requires the employer to hold the data.
This is all for a visiting service by the way - one where someone comes in, does a batch of tests on a specific group of people, and then leaves again. An in-house Occ Health provision is very different as they will have the type of management relationship where the rest of the company simply doesn’t need to see the audiometry results and just needs the Occ Health person’s advice on specific individuals.
We give you all the audiometric testing results data.
It is YOUR data, being generated for YOUR legislative compliance, on YOUR employees, and YOU are paying for it. You are hiring a specialist tool to gather data for you and provide you with some interpretation of it.
If you have the data you can choose any provider you want in the future and have the audiometric testing history to hand for continuity.
Think of it as renting a bit of kit to do a specific job to meet a need within your business and to comply with your legislative requirements, just that as the kit is specialist it comes with someone to operate it for you, that's all. When we come in we are a tool being used by the employer for their legislative compliance, therefore the information gathered belongs to you exactly as it would if you had operated it yourself. And if you choose another provider in the future then you can ensure continuity of testing without any hassle - we have plenty of experience in the past of screening providers throwing up a lot of hurdles to transferring data between them and a new provider.
It is not the same as full medical records
Sometimes I would swear that screening providers are failed wannabe-GPs or hospital consultants. Audiometric testing data gathered for screening employees at work is not the same as the records a GP or hospital may generate on a person, as much as some providers seem to see themselves otherwise.
You know how you will store your data, you have no control over how the provider stores it.
For GDPR, you know how you are storing your data but do you know the details of how a service company is storing it? How secure are their servers, their backups, their cloud service providers, etc. Where in the world, literally, are their cloud service or backup providers located so where in the world is your data going? Do they use tape backups and if so, where do they go? What levels of encryption are used on their data stores and backups? Who are they employing who has access to it? Do they use an external IT service provider, and if so, who there has access to the data? Are the records in a proprietary file format or an open one like PDF? And so on and so on.
For your own company, you can answer all those questions now and in the future as well - you are as good at storing the audiometric test results data securely as anyone else!
Don’t fall for the nonsense that you aren't capable of holding onto a copy of it as though you are somehow otherwise leaving paperwork scattered all over the staff canteen for all and sundry to see. (Or a genuine case I heard recently, an employer was told they could have the data but had to lock it up in a specific dedicated filing cabinet and send the provider the only key for it - absolutely bonkers!).
Yes, the provider needs to hold a copy of the results for as long as they are have an ongoing working relationship with you, but they are no better at storing the data than you are.
GDPR says you shouldn't retain data which is of no further use. You can manage that, I guarantee the provider won't.
GDPR prohibits the retention of data which has no business or compliance use. At least 98% of all the medical data collected during the audiometry process is of no future use once the test is done as it is no longer relevant or quickly becomes out of date, especially information on the questionnaires. But, it is highly personal, not only to the individuals concerned but even their relatives, (for example - history of medical issues within the family). GDPR specifically says this data should not be retained however I guarantee no service provider is deleting bits of the hearing health questionnaires they retain to comply with this.
As another example, if you have used a service provider for several years and have say five sets of audiometric tests for an employee, who’s hearing has remained constant. What use are the oldest records now? They are too old to use in comparison to new tests, plus you have other more recent tests showing their hearing to be good. That means the old data is now pointless and technically, under GDPR should be deleted. Are screening providers doing this? I guarantee they are not.
My advice therefore is don't let the provider keep the all the health questionnaires in full in the first place - a lot of the data is irrelevant as soon as the test is done, keeping it ‘just in case’ or ‘because you can’ or ‘because that’s what has always been done’ is not a good enough justification and is specifically now not allowed.
I would even go so far as to say that you, the employer, also shouldn't keep the questionnaires - the suppler should just record any relevant information which is important with the audiogram, which is the pertinent information GDPR permits retention of, then give them back to the employee or destroy them.
In summary, GDPR specifically prohibits the holding of data which is not directly relevant and is being held ‘just in case’. Most of the health questionnaire information is no longer needed after the test and also may include data on a third person who has definitely not given permission for their information to be held (such as a family history of hearing loss) so my advice is to make sure nobody keeps it, including the service provider.
Unless you have thousands of employees, anonymous statistics are totally useless to you.
Statistical analysis of audiometric testing results is so pointlessly useless for all but the largest companies that I am surprised the HSE wrote that into their guidance, (again, not law, guidance). Let's be frank about the 'anonymous grouped data' idea - unless you have thousands of employees then statistics are useless, you may as well ask a passing pigeon for their thoughts on the matter for all the accuracy it will have.
In L108’s guidance, the nonsense about anonymous percentages continues with statements such as comparing tables of percentages of Cat 1, Cat 2, etc. from one year to the next and using changes in that to identify whether there are problems with the hearing conservation programme, (L108, page 122). Aside from the uselessness of these percentages without high numbers of employees in the first place, comparing percentages of results from year to year is also often nonsense. For example, in Year 1 and Year 2 of a programme you are testing everyone, but from then on you are not testing comparable groups of people.
In Year 3 you are testing your Cat 3s and 4s only so a large percentage will ‘fail’ naturally.
In Year 4 you are testing your Cat 2s, 3s and 4s but not your Cat 1s, again, a larger percentage of lower results.
Then in Year 5 you are testing your Cat 1s, Cat 3s and Cat 4s but not your Cat 2s so maybe an artificially high percentage of good results.
That makes any comparison of percentages of each Category scored absolutely useless from Year 2 onwards. Sometimes I can’t help but think the Powers That Be who wrote the guidance in L108 told an unpaid work experience kid to get on with it and everyone else went to the pub for a long lunch.
Retest dates break anonymity anyway
Just to seal the nonsense of anonymous data somehow keeping the category of result secret and confidential, anyone with half a brain can easily work out what an individual's result was from their retest frequency. If they are getting retested every three years then it was clearly a Category 1, if it's every two years then it was a Category 2, while if it's every year it must be a Category 3 or 4. This makes the anonymous statistical approach even more of a nonsense as clients need to know in advance who is going to be tested and when so they can budget for it appropriately.
You have to protect individuals and treat people differently where needed, so you need individual results.
Having individual audiometry results means you can protect individuals, not just groups. In health and safety you have to protect individuals and treat people as individuals, varying protection where needed, which again means anonymous data fails to meet that basic need. That’s so important I wrote that in bold which makes it very important indeed.
For example, it is decades-long established in law that an employer has to provide extra protection to someone with one eye rather than two as the potential outcome of an eye injury is not good either way, but is so much more severe if they lose their one good eye. The same is true with noise - some people with poor hearing can have a small additional loss in their hearing and it can have a major impact on their life whereas for others the same annual drop in ability will be negligible. Anonymised grouped data means the employer cannot comply with this basic duty.
You know who can access the data if you have it.
If you have the data you know who has access to it, you know who they are and their background. Do you know what the 3rd party screening company’s recruitment policy is? Who at their end has access to the data? Who in their office has access to the data? What contractors used by them, from IT systems to cleaners, have possible access to your data? What is the background of everyone in their company who can see and access your data?
Audiometric test record keeping advice
Screening companies clearly need access to the data for ongoing testing so I am not arguing they shouldn’t have it, but when providers of audiometric testing say they and only they can see the results as only they can properly safeguard it, even though I guarantee them themselves don’t comply with some elements of GDPR, it is such utter nonsense as to be almost laughable. It's an entirely unjustified over-inflated sense of their own self-importance.
I am not saying only the employer should hold the data as clearly the testing company also need to have access to it to do their jobs as that includes comparison of one year against a previous year’s, but what I am getting at is that the audiometric testing company is not somehow better at securing and retaining the data than the employer thus rendering the employer too inferior to hold it.
Appoint one person in the company to manage the testing process and hold the data. And to repeat the information above, this must be separate from HR records. HR love to control all records relating to an employer but the HSE are very clear on this one that audiometry records must not be kept in the general personnel files.
There is a specific page giving advice on storage of audiometric testing results here.
As for 3rd party suppliers, clearly they do need to keep an electronic copy of the result as it is then used in future testing for comparison and Category 4 calculations, and that's fine, just don't ever fall for the nonsense that they are somehow better at it than you and that you shouldn't have it at all.
And don’t let them keep the health questionnaires at all - they don’t need them in full. Full stop.
Circulation of hearing test data at work
This is where I perhaps make it a bit more complicated for the poor sod who didn't sit down fast enough when the music stopped and got lumbered with arranging and managing the audiometry programme...
There are other people within the company who may have an interest in the results - a safety committee for example, senior management, etc. For this I would recommend that the audiometry report has two sections, one with the actual data and one with the HSE's beloved trends only. This way the committee or management can be reassured with soothing noises that the programme is progressing and being managed, while the person responsible for it has all the information they need to take individual-specific action.
What do we give employers?
We review the health questionnaire with the attendee, make any notes of important details of it only, then it is given back to the attendee. We do not keep the questionnaires to minimise the retention of unnecessary data which will become out of date.
We give the employer’s nominated person in charge of the programme a full report including all categories and all audiograms for everyone.
We include a paragraph of information on all Category 3 and 4 cases, stating what further action is needed by the employee or employer or whether no further action is needed.
You get some anonymous stats to keep safety committees happy.
We send that to you as an encrypted PDF.
We store electronic versions of the audiometry results for use as comparison in future tests.