Access to NHS Staff COVID-19 Test Results
People who are eligible are taking COVID-19 tests. This includes staff who work for the NHS. Further information about who is eligible is in the Privacy Notice here. This guidance provides advice on employers accessing the COVID-19 test results of NHS staff.
- I'm a patient/service user - what do I need to know?
- I work in a health and care organisation - what do I need to know?
- I'm an IG Professional - what do I need to know?
Guidance for patients and service users
As a patient/service user you will be aware that staff in health and care organisations may be taking COVID-19 tests during the outbreak. This guidance provides advice on how staff test results should be accessed by their employers to safeguard staff confidentiality.
Guidance for healthcare workers
You may be invited by your employer to take a COVID-19 test. Tests are entirely voluntary. If you decide to be tested, you may need to take further action following your result such as self-isolation or returning/continuing to work. Your employer can ask you if you have been tested (and if so the result of the test). You do not have to disclose the result, unless this impacts on your working ability (e.g. if you need to self-isolate for 7 days your employer will need to make plans to manage your absence).
Guidance for IG professionals
Staff in your organisation may take a COVID-19 test. There is no compulsion to be tested. Staff may test positive or negative. They may need to take further action following their result such as self-isolation or returning/continuing to work. Employers can ask staff if they have been tested (and if so the result of the test). Employees do not have to disclose the result, unless this impacts on their working ability (e.g. if they need to self-isolate for 7 days the employer will need to make plans to manage their absence). If there is a possibility coronavirus was contracted in the workplace it would require the employer to report this to the Health and Safety Executive (as part of the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) 1995).
Samples are tested in local laboratories and then the results are recorded in a database called the local Integrated Clinical Environment (ICE) database. This enables clinicians to access results to help provide individual care for their patients, which may include clinical interventions or planning next steps.
ICE holds the records of all tests an individual has received for example it may include results from cancer tests or HIV status. Access to ICE is strictly controlled by the use of Smartcards or username/password functionality and fully audited to ensure access is legitimate and necessary.
The ICE database must only be accessed for clinical reasons by those caring for the patient. It must not be accessed by non-clinical staff such as HR.
Accessing results without the knowledge or permission of the staff member is a breach of confidentiality and is illegal under the Data Protection Act (Section 170 - unlawfully obtaining personal data). If this is happening it should cease immediately. If access continues following the publication of this guidance, then it should be reported as an IG breach through local reporting measures including reporting to the Information Commissioner’s Office (ICO) where necessary.
There is no requirement for non-clinical hospital (or other settings) management to access staff test results held in ICE or similar environments for non clinical reasons. Dashboards have been made available to support local analysis of COVID-19 data. In addition, staff who test positive will inform their employer through their need to self-isolate and this way the employer can take necessary actions to support staff. Likewise if a staff member tests negative, then there is no need for the employer to know this, as this will not change the employee’s behaviour. In all cases, employers should not be encouraging their staff to access ICE unless access is required for legitimate and necessary reasons.