We’ve had a number of enquiries about health data and visitors. This blog will address what you can do when a visitor asks you about the health of your staff and residents. Due to the majority of Care Home residents being in the vulnerable category, it is important that the utmost care is taken to ensure the protection of the staff, residents, visitors. However, it is also incredibly important to ensure that residents’ data is just as protected.
Clearly show your COVID-19 policy
To start with, you should have a COVID-19 policy that details how you are dealing with the situation. Having this information clearly displayed will also help visitors understand the terms of your care home, and help them know how to behave when they are on their visit.
Secondly, you should have an addendum to your data protection policy that outlines how the home is protecting and securing health data during the pandemic.
Health data is special category data under the GDPR and must be treated differently from other data.
What can I tell Care Home visitors about resident health?
When you have a concerned visitor question the health of a relative or friend, it can be easy to feel under pressure and wish to share. But the question is, what can you legally tell visitors about the health of your staff and residents?
The answer is:
You can’t tell them anything. That’s right, nothing.
Because health data is special category data, you need both a legal basis under Article 6 and an exemption under Article 9 in order to process it. There are no appropriate exemptions that will allow the sharing of staff or residents’ health data just because a visitor wants to know.
So, what can you do? Show or give the visitor a copy of your COVID policy and your data protection policy. Reassure the visitor that you are following the policies and explain to them why you can’t share the health data of others with them.
How can I ensure that my Care Home protects data properly?
If you are looking to ensure you follow correct guildines and procedures when it comes to data protection, our team of Data Protection Officers can help you do so. We offer a range of services, such as outsourced DPO, training and e-learning, audits and reviews and a variety of support services to help your business.