{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Requesting Medical Reports for Staff Policy

1. Purpose

The purpose of this policy is to set out how {{org_field_name}} will request, obtain, use, store and review medical reports and occupational health advice relating to staff, workers and prospective workers where this is necessary, proportionate and relevant to their role. The policy is intended to support safe recruitment, safe deployment, sickness absence management, return to work, workplace risk assessment, and consideration of reasonable adjustments.

This policy supports compliance with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, including Regulation 17 (Good governance), Regulation 18 (Staffing), Regulation 19 (Fit and proper persons employed) and Schedule 3 (Information required in respect of persons employed or appointed for the purposes of a regulated activity), together with the Access to Medical Reports Act 1988, the UK GDPR, the Data Protection Act 2018, and the Equality Act 2010.

{{org_field_name}} will only request medical information where there is a clear lawful purpose, where the information is directly relevant to the employment decision or support required, and where the same purpose cannot reasonably be achieved by a less intrusive means.

2. Scope

This policy applies to all prospective and current employees, bank staff, agency workers, volunteers, students, contractors and any other person engaged in work for the purposes of carrying on a regulated activity at {{org_field_name}}.

For job applicants, this policy applies only where health information is requested lawfully and at the appropriate stage of recruitment, for example after a conditional offer of appointment has been made or where a permitted exception applies. It applies to requests for:

• a medical report from a GP or other medical practitioner who is, or has been, responsible for the individual’s clinical care;
• an occupational health assessment or report; and
• any related fitness-to-work advice used to support lawful employment decisions, risk management, or reasonable adjustments.

3. Related Policies

• CH02-Fit and Proper Persons: Employed Staff Policy
• CH16-Health and Safety at Work Policy
• CH18-Risk Management and Assessment Policy
• CH27-Staff Supervision, Training, and Development Policy
• CH31-Disciplinary and Grievance Policy
• CH34-Confidentiality and Data Protection (GDPR)-Service User Policy

4. Policy Statement

{{org_field_name}} is committed to promoting a safe, healthy and supportive working environment while protecting the privacy, dignity and employment rights of all staff. Medical information will only be sought where there is a legitimate employment, safety, regulatory or occupational health reason for doing so, and where obtaining that information is necessary, relevant and proportionate.

We will not request, obtain or use medical information routinely or unnecessarily. We will consider whether the purpose can be met by a less intrusive measure first, such as a self-declaration, fit note, return-to-work discussion, risk assessment or occupational health advice limited to functional capacity. Where medical information is required, it will be processed fairly, lawfully, transparently and confidentially.

No employee or applicant will be treated unfavourably because of disability, ill health or a long-term condition without an individual assessment, consideration of reasonable adjustments, and compliance with the Equality Act 2010.

5. Key Principles and Procedures

When Medical Reports or Occupational Health Advice May Be Requested

Medical reports or occupational health advice may be requested only where there is a clear and lawful reason, including:

• after a conditional offer of employment, where health information is required to assess fitness for the role, identify reasonable adjustments, or confirm that the applicant can safely undertake duties that are intrinsic to the post;
• following long-term, repeated or pattern sickness absence where further medical advice is necessary to support absence management, return-to-work planning or workplace adjustments;
• where there is a documented concern that a staff member may not currently be able to carry out duties safely or effectively;
• where medical information is necessary to inform a workplace risk assessment, manual handling assessment, night work assessment, exposure-related assessment, or other health and safety process;
• where there is a need to understand functional capability, prognosis, likely duration of impairment, reasonable adjustments, redeployment options, or support needs;
• during capability, ill-health, or phased return processes, where such information is necessary for a fair and evidence-based decision.

{{org_field_name}} will not ask unnecessary health questions or seek excessive clinical detail. Health-related enquiries in recruitment will only be made at the lawful stage of the recruitment process or where a statutory exception applies.

Consent and Employee Rights

Where {{org_field_name}} wishes to obtain a medical report from a GP or other medical practitioner who is, or has been, responsible for the staff member’s clinical care, this will be done in accordance with the Access to Medical Reports Act 1988.

Before any application is made, the staff member will be informed in writing of:

• the reason the report is being requested;
• the name and address of the doctor or medical practitioner being contacted;
• the nature of the information being sought;
• their right to withhold consent;
• their right to ask to see the report before it is supplied to {{org_field_name}};
• their right to contact the doctor within 21 days of the application being made if they wish to see the report before it is sent;
• their right to request amendment of any part of the report they consider inaccurate or misleading;
• their right to refuse consent for the report to be supplied after seeing it; and
• their right to request access to the report for up to 6 months after it has been completed.

Where the information sought is through an occupational health referral rather than a report covered by the Access to Medical Reports Act 1988, {{org_field_name}} will still obtain the individual’s informed written consent and will explain the purpose of the referral, what information will be disclosed to the service, and how the report will be used.

Information Contained in the Request

Any request for a medical report or occupational health advice must be limited to information that is relevant to the employment purpose identified. Wherever possible, questions will focus on functional capability and workplace implications rather than unnecessary clinical detail.

A request may include:

• the individual’s job title and current duties;
• the physical, emotional or cognitive demands of the role;
• relevant workplace risks, including any moving and handling, medication, behavioural support, lone working or night working requirements;
• the reason advice is being sought; and
• specific questions about fitness for work, likely duration of impairment, adjustments, restrictions, phased return, redeployment options or risks that need to be managed.

{{org_field_name}} will apply the principle of data minimisation and will not ask for irrelevant medical history or excessive personal health information.

Handling, Access, Use and Storage of Reports

Medical reports and occupational health reports will be received and held in strict confidence by the Registered Manager, HR lead, or another authorised senior person with a legitimate need to know. They will be stored securely as confidential employment records with access restricted to authorised personnel only.

The full report will not be circulated unnecessarily. Managers will only be given the minimum information necessary to implement any recommendations, manage risk, or support the staff member. Where possible, this will be limited to practical advice about fitness, restrictions, adjustments or review dates rather than detailed diagnosis.

Any decision made following receipt of a report must be documented, together with the rationale, any adjustments offered, any risk controls required, and any review arrangements. Records will be kept accurate, complete and secure and retained only for as long as necessary in accordance with the organisation’s records retention schedule and data protection requirements.

Occupational Health Referrals

Where appropriate, {{org_field_name}} may refer a staff member to an occupational health professional or service for an independent assessment. This is often the preferred route where advice is required about fitness for work, workplace adjustments, phased return, redeployment, or the impact of the job on the individual’s health.

The referral will explain the purpose of the assessment, the questions to be answered, the information to be shared with the occupational health provider, and what information will be returned to {{org_field_name}}. The staff member’s informed consent will be obtained before the referral proceeds.

Occupational health advice should, wherever possible, focus on the individual’s functional capacity, restrictions, recommendations, review period and workplace support needs rather than unnecessary clinical detail.

Reasonable Adjustments and Risk Management

Where medical advice indicates that a staff member has a disability or health condition that may affect work, {{org_field_name}} will consider reasonable adjustments in line with the Equality Act 2010 and will consult with the individual about what support is likely to be effective.

Adjustments may include amendments to duties, hours, shift pattern, supervision arrangements, moving and handling tasks, use of equipment, phased return, temporary redeployment, additional training, or changes to the working environment. Recommendations will be considered alongside a role-specific risk assessment and the operational needs of the service.

No adverse decision relating to capability, deployment or continued employment will be made until relevant medical advice, workplace risk, available adjustments and alternatives have been properly considered.

Staff Support and Fair Process

{{org_field_name}} will ensure that staff are treated fairly and sensitively throughout any process involving medical information. The staff member will be kept informed about the purpose of any request, the stage reached, the information being sought, and how the outcome may affect them.

The individual will be given an opportunity to discuss concerns, provide relevant information, comment on proposed actions, and be accompanied at formal meetings where this is appropriate under the organisation’s procedures. Decisions will be based on the evidence available, the needs of the service, the safety of people using the service, and the rights and wellbeing of the staff member.

Refusal or Withdrawal of Consent

If a staff member refuses or withdraws consent to a medical report or occupational health referral, {{org_field_name}} will explain the practical implications of that decision, including any impact on the organisation’s ability to assess fitness for work, manage workplace risks, consider adjustments, or make informed employment decisions.

A refusal to consent will not automatically lead to disciplinary action or an adverse outcome. However, where necessary information is unavailable because consent is refused, decisions may need to be made on the basis of the information already available, including attendance records, fit notes, risk assessments, observed capability concerns, and any information voluntarily provided by the individual. Any such decision will be fair, reasonable, proportionate and documented.

Confidentiality, Lawful Processing and Data Protection

Medical information relating to staff is personal data and, in most cases, special category data. {{org_field_name}} will process such information in accordance with the UK GDPR, the Data Protection Act 2018, and any amendments to those laws in force at the relevant time.

Before collecting or using health information, {{org_field_name}} will identify an appropriate lawful basis for processing and an appropriate condition for processing special category data. Medical information will only be processed where it is necessary, proportionate and relevant to the employment purpose identified. The organisation will be transparent with staff about how their information is used, who may access it, and how long it will be retained.

Health information will be kept secure, access will be restricted, and only the minimum necessary information will be shared. Confidential medical information will not be disclosed more widely within the organisation unless there is a lawful and necessary reason to do so.

Recruitment, Regulation 19 and Schedule 3 Compliance

{{org_field_name}} will operate robust recruitment and employment processes to ensure that persons employed for the purposes of carrying on a regulated activity are of good character, have the qualifications, competence, skills and experience necessary for the work to be performed, and are physically and mentally fit for the role after reasonable adjustments have been considered.

Medical reports are only one possible source of evidence and will not be requested routinely in every case. Where fitness information is needed, the organisation will decide on the least intrusive and most relevant method of obtaining it. All employment decisions will be considered alongside the wider recruitment record and the information required under Schedule 3 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014.

Where requested by the Care Quality Commission, {{org_field_name}} will make available the information required in respect of persons employed or appointed for the purposes of a regulated activity.

Retention, Review and Disposal

Medical reports, occupational health reports and related correspondence will be retained only for as long as necessary for the purpose for which they were obtained and in accordance with the organisation’s records retention schedule. Records will be reviewed periodically to ensure they remain accurate, relevant and necessary. Information that is no longer required will be confidentially and securely deleted or destroyed.

Staff Privacy Information

All staff will be provided with clear privacy information explaining how {{org_field_name}} collects, uses, stores, shares and retains workforce personal data, including health information. This will include the lawful basis relied upon, the circumstances in which health information may be requested, the individual’s rights in relation to their personal data, and who to contact with any data protection concerns.

6. Roles and Responsibilities

The Registered Manager {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}} has overall responsibility for ensuring this policy is implemented lawfully, consistently and in a way that supports safe care, safe staffing and fair employment practice.

The Nominated Individual {{org_field_nominated_individual_first_name}} {{org_field_nominated_individual_last_name}} is responsible for organisational oversight, ensuring suitable governance arrangements are in place, and ensuring that the provider can demonstrate compliance with regulatory requirements where requested by CQC.

Managers must:

• identify when medical advice is genuinely necessary;
• ensure requests are relevant, proportionate and documented;
• obtain and record informed consent where required;
• maintain confidentiality;
• act on recommendations appropriately;
• complete or update risk assessments and adjustment plans; and
• keep accurate records of decisions and follow-up actions.

HR or the nominated senior person responsible for employment records must ensure that staff medical information is stored securely, retained appropriately, and made available only to authorised persons.

Staff are expected to cooperate reasonably with lawful requests for information relating to fitness for work, to provide fit notes or other relevant evidence where required, and to inform their manager where they need support, adjustments or review in relation to their health and work.

7. Policy Review

This policy will be reviewed at least annually and sooner where there are changes to legislation, statutory guidance, CQC guidance, ICO guidance, employment law, equality law, or organisational practice. This includes any relevant amendments to UK data protection law.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.