Health information is needed for successful work ability management, but what is health information and how should it be protected in an organization?

Many organizations want to succeed and set an example in work ability management by supporting the well-being of their personnel and reducing sickness absences. Happy, healthy employees increase the productivity of work.

Available information on the health of the personnel is key to successful work ability management. Systematic work ability management is based on data, on the basis of which the supervisor, HR manager or occupational health services, for example, can make timely decisions to protect a person's work ability.

Legislation on the use of personal and health information has become stricter and misuse will result in heavy sanctions for the organization

Legislation on the use of personal data and health information has become stricter in recent years. For example, the EU's General Data Protection Regulation (GDPR), which entered into force in 2018, imposes obligations and restrictions for the controller on how to store and use personal data and health information.

Potential misconduct is subject to heavy penalties as the fines are calculated on the basis of revenue. In Finland, the Data Protection Ombudsman has recently issued the first decisions on the incorrect storage of sensitive health information of staff, in which the penalties amounted to hundreds of thousands.

The legislation is also stricter as to whether the processing of data takes place in the EU/EEA and in which situations the data may be disclosed outside these areas. Public cloud services, in particular, cause a problem; storing unencrypted or lightly encrypted data in a public cloud service can be seen as transferring data outside the EU/EEA, even if the service is acquired from a European location.

So what should a work ability management system be designed to do in practice?

Organizations are controllers of personal data and health information if they employ at least one person. This means that almost every organization must ensure that their work ability management systems comply with legislation.

In practice, this means, for example, that the employer must ensure that health information and personal data are not stored in the same location, such as a HR system. In addition, it must be ensured that the service has appropriate protection measures in place to prevent the unintended transfer of data outside the EU/EEA area, for example from a public cloud service that is administered by a party outside the area in question.

Employees must also be able to obtain their data from the controller. Therefore, it is important that a system that supports work ability management, for example, also enables such functionality.

What to consider when evaluating work ability management systems

When evaluating work ability management systems, attention should be paid to ensuring that they support work ability management in the best possible way and comprehensively take legislation into account.

Terveystalo has strong experience in the development of work ability management systems. The background is a massive amount of data and the best experts, whether they are occupational health professionals or software development experts.

For example, our system supporting work ability management ensures that the storage and processing of data is always in accordance with legislation. The data is stored in Finland and processed safely right from the start. The system ensures the implementation of the rights of the data subject, in other words, the employee. One of the major advantages is that the company itself acts as the controller of the system in question.