As an employee you may have found yourself involved in the debate on “medical testing” and your personal medical information to see if you are fit to do the job you have applied for. And in many cases these medical tests are somewhat invasive and often a bit embarrassing.
And although there is nothing preventing a company to enforce medical screening of staff if it is done according to the law, there are some cases where your personal medical information are made public without your consent.
And the biggest culprits of disclosing your personal medical information could be your company Safety Officer or consultant.
The Safety File syndrome has been labeled as the “best legal scam ever designed” and it is this syndrome that have resulted in so many “Safety Officers” insisting on your personal medical information being made available in the file. And they will tell you that it is a legal requirement. Yet, that is not true at all.
Let’s look at the Safety File first. Where can you find it? Well, if you work in construction, it is likely to be somewhere in a site office collecting dust amongst 100’s of other files containing copies of ID’s, results of hearing tests, blood tests, lung function tests, drug tests etc etc. So everyone who has access to the site office, indirectly has access to your personal medical information.
But what does the law say? Most of these data crimes are committed in the name of “compliance” by someone who does not quite understand their own jobs.
Under the Construction Regulations a contractor must ensure that their employees are certified medically fit to work by an occupational health practitioner and this certificate must be issued in the form of Annexure 3 to the regulations. The regulation only says that every contractor must ensure that all his or her employees have a valid medical certificate of fitness specific to the construction work to be performed and issued by an occupational health practitioner in the form of Annexure 3. It does not say the medical information must be included.
And that is the ONLY document your employer is entitled to have! Nothing more!! The rest is confidential between you and your medical practitioner.
If your Safety Officer insists to see the Annexure 3 AND your medical examinations, he or she is in direct breach of the Protection of Personal Information Act (4 of 2013), firstly, because of the unlawful collection of personal medical information, secondly the unlawful storage and distribution of your information and thirdly, for failing to properly secure and protect your personal data from unauthorised use.
Now they probably will tell you that the POPI also says that it does not apply if the purpose of collecting your personal medical information is for the administration of an Act of parliament. And while this is true to some extent, the Act they will refer to, does not have such an administrative requirement and the argument is thus invalid.
In addition, the Bill of Rights provides you the ultimate protection of privacy and any action by your employer will be an infringement of your rights.
In other instances, like where you work with Asbestos, Lead, Chemicals or Biological Agents, medical screening is also required. But there is no requirement in any law that states this information must be kept in a “Safety File”.
Even big companies are guilty of this breach of data protection and privacy. Some JSE Listed companies have been mentioned by concerned individuals.
So what can you as employee do?
Firstly, the first person who has access to your personal medical information is your medical practitioner. There is no other way that information can fall into public domain if not first released by your medical practitioner.
Lodge a complaint with the SA Health Professions Council against your medical practitioner for unlawful disclosure of your medical information. Please ensure you approach the correct Board when lodging your complaint.
What does the OHSAct say about confidentiality of Personal medical Information?
Section 36 prohibits the disclosure of any information of another person unless it meets the requirements of this section. These requirements are:
- Disclosure must be for the purpose of the administration of the Act. We have covered the requirements above.
- Disclosure must be for the administration of justice. Here it is notable to mention the Promotion of Administrative Justice Act (PAJA), which came out after the OHS Act. Any administrative justice must therefore be done in accordance with the PAJA. A requirement to include medical information in a safety file is not subject to PAJA as it is a mere contractual requirement and not a legal requirement. Case law to this effect is quite clear.
- Disclosure must be at the request of a H&S Representative or Committee entitled to the information.
The last point opens a new debate. When is a H&S Rep entitled to medical information of an employee? The short answer is hardly ever, but it could be a bona fide reason if the H&S rep has reason to believe the employee is over-exposed to a risk and the employer is with-holding such a fact.
In any event, you has employee, must give permission for your personal medical information to be used by another person, other than a medical practitioner in the performance of his/her duties. (Be careful of a “small print clause” in your contract of employment where you give such permission.)
You can also lodge a complaint with your H&S Rep if your personal medical information has been disclosed without your permission. Ask your H&S Rep to report it to the Regional Office of the Department of Labour.
You can also report your OHP or Safety Officer on AfricaISE.org, a free platform to name and shame unethical and incompetent practitioners.
The National Information Regulator is the administrators of the POPI Act and the Promotion of Access to Information Act, 2000 (Act 2 of 2000).