Storage of audiometric testing data
As clients receive all the data from us, it is important that client companies have a good system for holding and storing the data arising from the audiometry process. GDPR has had little impact on how a company should be setting up workplace audiometric testing programmes and the requirements on the employer remain pretty much as they always have been.
Informing employees before the day
Before the testing process starts, clients should inform their employees that the hearing tests are being done, who is doing it, why it is being done and what will be done with their data, including what the employer will see, and the employees given the opportunity for some input into the process or comment on it.
Storage of audiometric testing data by the client
There should be one nominated individual within the employer's company who can see the screening results and holds the hearing test data securely. This information may not be seen by anyone else, other than an employee looking at their own record or where an employee gives permission for someone else to see it.
The data may not be kept with HR records - this is a specific requirement in L108 and, much to the chagrin of many HR departments the length and breadth of the UK, is an important point.
Storage alongside training records
Similarly, unless one person within a training department is the only person managing the audiometry programme, then training departments must not be holding onto these reports or results and they should not be kept in generally-accessible training records, either a paper or electronically. Even in the case that one person within the training department is the person responsible for the audiometric testing programme, the rest of the training department or other individuals outside of it must not have access to the audiometry results or reports. This covers not just the actual report but also category of result, and even retest dates as it is easily interpreted from these which category of result an individual scored.
This principle of only one person having access and controlling the data is important and nobody else within the company should have access to or sight of the audiometric test reports. They can see the summary data in Section 1 but nothing else within the report.
As we provide the data electronically, there are NO paper records to store or file, meaning a simple secure folder on a server will suffice.
Employee access to their information
If an employee requests it, you should provide them with access to their own result but care must be taken not to provide access to the results for any other individuals. The simplest solution is to use the PDF report we supply and print the one page with that employee’s audiogram result on it.
Insurer access to audiometric testing data
Clients should be careful with bodies such as insurers. Letting them view anonymous data which confirms trends and that the audiometric tests have been taking place is perfectly fine, but they have no legal basis for seeing individual personal audiometry results. If an insurer wants to see the full report where results categories per individual are given, or the audiograms, then consent for that from all the employees concerned must be obtained.
HSE access to audiometric testing data
As the HSE are accessing data for regulatory compliance then access to the full report can be given however we would still recommend a discussion takes place first to determine if the HSE inspector concerned is happy to see anonymous data confirming the audiometry programme is in place rather than handing over personally identifiable information immediately. If they want to see it all then that is OK, but it's worth asking the question before handing it over.
Noise Chap Ltd. Storage of the Data
As some background into how the data is stored and accessed within The Noise Chap Ltd.
All computers used to access or store the data have a fully encrypted password-protected drive - Bitlocker for the Windows equipment and Mac drive-level encryption for those on the warm and cosy Dark Side. All computers also have user passwords enabled.
All data is backed up to a second fully-encrypted computer in the office to give an on-site secure backup.
All the data is also then backed up offsite to a could provider to ensure it is never lost. The offsite backup is encrypted.
No paper records are retained or filed. We retain nothing on paper at all.
Audiograms are not emailed between Noise Chap technicians and the office, with off-site cloud backup used to move them between computers as needed.