skip to content

Managing Confidentiality

Any records in relation to an employee's health are confidential and any information that is collected and stored should be held in accordance with the Data Protection Act 1998. The following principles should be followed:

  • Only information necessary to the monitoring and management of sickness absence should be sought (e.g. from discussions between the employee and manager or via a management referral to Occupational Health);
  • All relevant and necessary information (e.g. self-certification form (CHRIS 62), records of Absence Review Meetings, management referrals and reports etc.) should be stored securely (e.g. with restricted access), and for no longer than necessary;
  • Information is shared only with those directly involved in the management of the case, enabling the employee to see information relating to them on request;
  • It is important to retain a record of all intervention/support and decisions taken to evidence compliance with the Sickness Absence Policy our obligations under the Equality Act 2010. These records may also be helpful as a personal aide memoire to aid the effective management of sickness absence cases.


These principles apply to all personal data, whether it is stored in an electronic or paper format.