Registration in an absenteeism system
Employers, company doctors and occupational health and safety services can register data about employee absenteeism due to illness in an absenteeism system. This can be an internal system managed by the employer or a system that is managed externally. On this page, you can read who is allowed to register what and where, and what other rules apply to registration in an absenteeism system.
On this page
Absenteeism data versus medical data
An employer is allowed to process limited numbers of absenteeism data of a sick employee. The employer is not allowed to process medical data, such as data about the nature and cause of the illness. Only the company doctor or occupational health and safety service is allowed to process these medical data on behalf of the employer.
Employer: rules internal system
As an employer, you are allowed to register absenteeism data in an internal absenteeism system managed by you. You are not allowed to ask the company doctor or occupational health and safety service to store medical files of your sick employees in your internal absenteeism system. The reason for this is that you are not authorised to access these data.
Employer: rules external system
As an employer, you can opt for an absenteeism system that is managed by an external party. In that case, you must conclude a processing agreement with this external party. You are allowed to register absenteeism data in the external absenteeism system only when such an agreement has been concluded.
Processing agreement external absenteeism system
Controller and processor
During the guidance and rehabilitation of sick employees, you are the controller for processing data about sickness reports and the limitations and capabilities of your employees (determined by the company doctor). These are absenteeism data.
If you process this absenteeism data in an external absenteeism system, the administrator of this system is a processor. This means you must conclude a processing agreement.
Company doctor/occupational health and safety service: rules internal system employer
As a company doctor or occupational health and safety service, you are not allowed to store medical files in an absenteeism system that is managed by the employer (your client) itself. The reason for this is that the employer is not authorised to access these data.
If you are a company doctor or occupational health and safety doctor who is employed by the employer, you are not allowed to simply use the same IT system as the rest of the organisation. This is only allowed if it is assured that only you (or an employee working under your responsibility) have access to the employees’ medical data.
Others who use the IT system are not allowed to have access to these data, such as managers or the employer’s system administrator.
Company doctor/occupational health and safety service: rules external system employer
If an employer (your client) wants you to store the medical files of sick employees in an absenteeism system selected by this employer, for example, the (externally managed) absenteeism system that the employer also uses, this is only permitted under certain conditions.
Under the GDPR, the employer must at least meet these requirements:
Processing agreement
You are the controller of the employee’s medical file, and you must be able to effectively exercise this responsibility. The employer must therefore ensure that, to manage the medical files, you can conclude a processing agreement with the administrator of the absenteeism system.
Processing agreement external absenteeism system
Employee rights
The employer must pass on your contact details to employees who wish to exercise their privacy rights. For example, if they want to access their medical file.
New company doctor/occupational health and safety service
If the employer appoints a new company doctor or occupational health and safety service, or in the event of a reorganisation or merger, you can, under certain conditions, transfer part of the medical files to the new company doctor or occupational health and safety service.
You can only transfer the files under these 3 conditions:
- The provision is necessary. This is the case with ongoing cases of illness or if the employee is absent again within 4 weeks of their notification of recovery.
- The works council has given its consent.
- The employees have been informed about the transfer and have been given the opportunity to object.
In all other cases, you are not allowed to transfer the medical files to the new company doctor or occupational health and safety service. The new company doctor/occupational health and safety service can request specific information (i.e. not entire files) from you if this is necessary for the guidance and rehabilitation of the sick employee, provided that the employee in question has given explicit consent for this.
Company doctor/occupational health and safety service: rules of self-determined external system
As a company doctor or occupational health and safety service, you may only store medical files in an external absenteeism system if you have concluded a processing agreement with the party that manages the system.
Controller and processor
During the guidance and rehabilitation of sick employees, you are the controller for processing the health data of these employees in their medical files. If you process these data in an external absenteeism system, this external party is a processor. This means you must conclude a processing agreement.
Processing agreement external absenteeism system
If you, as a company doctor or occupational health and safety service, process employee medical files in an absenteeism system managed by an external party, you must conclude a processing agreement with the administrator of the system. In your case, pay particular attention to the following points:
- Access: the administrator only gives you access to the employees’ medical records. Your client (the employer) or employees of this employer are not allowed access.
- Security: if the absenteeism system is accessible via the Internet, you can only access the system with multi-factor authentication. The system must also meet all other security requirements from Article 32 GDPR.
- Retention period: the administrator must retain the medical files for 20 years and then destroy them immediately. In the event of a risk of an occupational disease that could manifest itself over an (even longer) period of time, the medical data must be retained longer for that reason.
- Access during retention period: the medical file is your responsibility. That is why you (as the only doctor) must continue to have access to the medical file as long as the file is retained.
- Employee rights: employees must be able to exercise their privacy rights. This means, among other things, that you must be able to provide the files in a readable form to (former) employees who want to access them. These privacy rights of employees apply as long as their file is retained.