CVChecl logo
CVCheck Checkpoint logo

5 ways to mitigate risk when managing health check records for your organisation

istock 1054552124 1024x541

The requirement for organisations to collect information about employees’ vaccination status has refocused attention on the need for privacy and security in organisational health check records.

Depending on the employer, the role, and regulatory requirements, employers require pre-employment medical checks and assessments including laboratory drug and alcohol screening, general medical examinations, audiogram and spirometry, and functional capacity assessments. Understandably, candidates and employees may feel uncomfortable with organisations managing this sensitive information.  

In this article, we explore five ways for organisations to mitigate risk when managing health check records.  

Document privacy and security policies

Put candidates and employees at the heart of your privacy and security policies by structuring them around the most commonly asked questions. For example, a candidate who has been asked to complete a drug and alcohol test may ask what the organisation will do with the data, who will have access to it, how will they keep it secure, and how long they will keep it for.  

Remember, a policy is no good without compliance training for the people involved in handling the information. Privacy and security training should be included in induction training for new staff members to ensure they are aware of relevant privacy legislation and security protocols that apply to their role. Conduct ongoing refresher training session to maintain high levels of security and privacy awareness. 

Privacy and security policies should be easily accessible and use plain English rather than complex language or “legalese”. They should be live documents that are regularly updated in response to regulatory changes.

Go paperless to reduce the risk of a physical security breach

Even the most sophisticated cybersecurity measures can be thwarted if a staff member thoughtlessly prints out a document and leaves it lying on their desk.  

If you must have sensitive paper documents, they should be kept in a secure and controlled access environment. The organisation should dispose of all paper-based documents using secure shredding or incineration services.  

While paper document security can be managed, a paperless environment eliminates the risk of a physical breach altogether (assuming your systems have an acceptable level of security).  

Prioritise cybersecurity

Best-practice software and systems security includes: 

  • File and database encryption at rest, meaning data is protected all the time rather than just when it is being transferred.   
  • Role-based security to ensure data is only available on a need-to-know basis.  
  • Firewalls, anti-virus software, login and password protection and threat monitoring.  
  • Secure sockets layer (SSL) for establishing an encrypted link between a server and a client (such as a web server and a browser).   
  • Secure point-to-point transport mechanisms to transfer sensitive data. In other words, medical records should be sent via a secure platform rather than an unsecure channel such as email.   
  • Rigorously updated patches/security maintenance.  
  • Regular, independent audits and penetration testing.  
  • On-shore data centres. 

While malicious cyberattacks make the headlines, keep in mind that human error is another significant cause of data breaches. Organisations can reduce this risk by conducting periodic, ongoing refresher training and by having clearly established data protocols and processes. 

Supply chain privacy and security

The safety and security of a supply chain is only as strong as its weakest link. Every organisation that is handling your candidates’ or employees’ data should meet your security standards.

In the case of medical checks and assessments, your supply chain will likely include medical clinics and medical labs. Work with your organisation’s procurement team to ensure only compliant suppliers are shortlisted before making a decision about a medical assessments service provider 

Outsource to a trusted partner

Best-in-class security is expensive to procure and challenging to manage, which is why many organisations choose to outsource the collection of medical checks and assessments records to a trusted partner with a sophisticated security architecture and privacy policy. Contact[email protected] to find out more.  

Visit Cited to learn about our range of pre-employment medical checks and medical assessments.  

CVCheck logo icon

CVCheck is a leading provider of background screening services in Australia and New Zealand, conducting over 300,000 checks every year for businesses, government organisations, and individuals. To learn more about our team and business, sign up to our blog today.

Recent Articles

certification for quality control, which ensures that the company product meets its standards. on the virtual screen, there is a concept.

Organisations may not have the visibility needed to comply with the Critical Infrastructure Protection Bill

blog headers

Managing the burden of government oversight with ease

Child Worker Checks To Lower Child Abuse

Children’s Worker’s Safety Checks: How they can help lower NZ’s alarming child abuse statistics

businessman hand stopping falling blocks on table

Mitigating the risk factors your organisation faces every day

Browse by

You may also like

Loading...
CVCheck Checkpoint logo
Powered by
CVCheck logo white

Browse checks

Quick links

Checkpoint Newsletter

Subscribe now

Connect with us

Facebook-f Linkedin-in Twitter Youtube Instagram
  • Copyright 2022 - CV Check Ltd

Get the latest news straight to your inbox

Checkpoint provides smart and creative insights in the form of useful tips, resources and relevant information. Each month we will send you the best updates so you stay informed.