Traditionally there has been no requirement to allow employees to see the records that the employer generates concerning them - although this has been changed by the passing of the DATA PROTECTION Act 1998. However, for some time legislation has governed the provision of medical records and reports, and grants to employees rights of access to them.

Access to Medical Reports Act 1988
This Act primarily covers reports originated prior to employment - for example, where an employer asks a prospective employee to undergo a medical examination. A person has a right of access to any medical report concerning him which is prepared by his own doctor. If the subject requests access to the report then the doctor may not send the report to the company for 21 days which gives time for the subject to inspect the report. If the subject disagrees with anything in the report then (s)he has a right to request alteration or, should the doctor refuse, to attach their objections or alterations to the report. The subject can also refuse to allow the report to be sent to their employer. The doctor can refuse access if it is felt that disclosure would seriously affect the well-being of the subject or access should be restricted to certain parts only of the report.

Where a report is prepared by a doctor who is retained by the employer, the employer has no right of access, although if this report then became part of the employee's personnel records they might then have rights of access because they have a right of access to such records under the Data Protection Act.

Access to Medical Records Act 1990
This Act covers ongoing records held by the employer primarily during employment and covers all records (whether generated by the employee's own doctor or one retained by the employer). Employees have a right of access to these medical records concerning them and their access to such records may only be restricted where the doctor feels that the physical or mental state of the subject could be affected by knowledge of the content (although in practice many employers might consider that stating this as a reason for denying access could result in a worse situation that disclosing the content of the report).

Data Protection Code
The Information Commissioner published a draft code of practice concerning medical records in early 2004. It recommends:

  • there should be a clear policy covering medical testing;

  • applicants should have to undergo medical examination only if they are likely to be appointed;

  • examinations should take place only if it is a 'necessary and justified' measure;

  • nothing should be done covertly or use data for another purpose than that originally stated; and

  • data no longer relevant for the purposes taken should be destroyed