What happens if a patient is admitted to hospital during the pandemic?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The best advice is that parties should proceed as they would have done before the crisis began.

The guidance gives numerous examples of the types of performance adjustment which parties should consider. For example this includes:

• Varying deadlines (e.g. for performance or payment)
• Varying compensation (e.g. to recognise increased costs)
• Varying the nature of performance (e.g. allowing substitute goods, allowing pert delivery of services)

The guidance also encourages a reasonable approach to enforcement, which might encourage delaying issuing formal proceedings, increased use of mediation or providing more information to the other party than would be volunteered under normal circumstances.

The Home Office has provided useful guidance on how to carry out a compliant Right to Work check using the temporary adjustments in place for Covid-19. In summary:

• You will need to ask the job applicant to send you digital copies of their original documents, for example by scan, photo or mobile app.
• Hold a video call with the job applicant and ask them to show their original documents on camera so you can check them against the digital copies you have already received.
• On the date you made the check, record that you have done this by using the following wording “adjusted check undertaken on [insert date] due to Covid-19”. Evidence of right to work checks still need to be held securely either in paper or electronic format.
• You can use the online RTW checking service where the job applicant has Biometric Residence Permit or pre-settled or settled status under the EU Settlement Scheme. You should do this whilst on the video call with the applicant/employee, and you must first obtain their permission to view their details on this scheme.

You should already have a written furlough agreement with your furloughed employees, but if you move them to flexible furlough then you need a new agreement that confirms the new furlough arrangement.

So, you’ll need to speak to your employees and confirm the hours of work with them in writing (or reach a collective agreement with a recognised Trade Union.

As before, an employee does not need to provide a written response. But the agreement needs to be documented in writing.