Storage of audiometric testing data
As clients receive all the data from us, it is important that client companies have a good system for holding and storing the data arising from the audiometry process. GDPR has had little impact on how a company should be setting up workplace audiometric testing programmes and the requirements on the employer remain pretty much as they always have been.
Before the audiometric tests takes place
Before the testing process starts, clients should inform their employees that the hearing tests are being done, who is doing it, why it is being done and what will be done with their data, including what the employer will see, and the employees given the opportunity for some input into the process or comment on it.
Storage of audiometric testing data by the client
For ongoing storage of the audiometry data, there should be one nominated individual within the employer's company who can see the screening results and holds the hearing test data securely. This information may not be seen by anyone else, other than an employee looking at their own record or where an employee gives permission for someone else to see it.
The data may not be kept with HR records - this is a specific requirement in L108 and, much to the chagrin of many HR departments the length and breadth of the UK, is an important point.
Insurer access to audiometric testing data
Clients should even be careful with bodies such as insurers. Letting them view anonymous data which confirms trends and that the hearing tests have been taking place is perfectly fine, but they have no legal basis for seeing individual personal audiometry results. If an insurer wants to see the full report where results categories per individual are given, or the audiograms, then consent for that from the employees concerned must be obtained.
HSE access to audiometric testing data
As the HSE are accessing data for regulatory compliance then access to the full report can be given however we would still recommend a discussion takes place first to determine if the HSE inspector concerned is happy to see anonymous data confirming the audiometry programme is in place rather than handing over personally identifiable information immediately. If they want to see it all then that is OK, but it's worth asking the question before handing it over.
Noise Chap Audiometry Data Storage
As some background into how the data is stored and accessed within The Noise Chap Ltd.
All computers used to access or store the data have a fully encrypted password-protected drive - Bitlocker for the Windows equipment and Mac drive-level encryption for those on the Dark Side. All computers have user passwords enabled.
All data is backed up to a second fully-encrypted computer in the office to give an on-site secure backup.
All audiometry data is also backed up offsite to a could provider to ensure it is never lost. The cloud backup is encrypted.
No paper records are retained or filed.
Audiograms are not emailed between Noise Chap personnel, with the secure off-site cloud backup used to move them between computers as needed.