219 Kensington High Street,
24 November 2017
IMPORTANT UPDATE TO ALL HEALTHCARE RECRUITMENT AGENCIES
Re: The appropriate handling of locum healthcare professionals’ information and what statements in a job advert are at risk of contravening ASA codes
Background on us:
Before getting into the meat of the advice we wish to offer on how to help you meet your legal obligations with respect to data protection and appropriate advertising, we should likely start by pointing out our organisation’s rebranding.
Many of you will be familiar with the name the Locum Doctors Union - which received significant coverage in a number of headlines when NHSI backed down admitting blanketing was illegal and accepting individual assessments must occur in response to our instigating the pre-action process of judicial review against them. Since that time, we have redefined our scope to include all branches of independent health professionals –not just doctors – and, as such, have rebranded as the Independent Health Professionals Association. The Locum Doctors Union still exists as a wholly owned unincorporated subsidiary body within our organization, advocating for the rights of locum doctors specifically. We are very keen to forge good relationships with recruiters and support you in providing the best possible service to all parties and helping you avoid legal pitfalls in some of the advice being given by other organisations. We would also like to extend the hand of friendship to you in the hope that information sharing between ourselves will enable both parties to react quickly to a highly fluid situation on the
We would firstly like to voice our sympathy for the pressures you are operating under in what we know has been a challenging time for all concerned. We do appreciate that, owing to concerted efforts of a number of different public bodies targeting Independent Health Professionals, agencies, and umbrella companies, this has been a very trying time for this sector. The introduction of Part 3 of the Criminal Finances Act 2017, “Corporate offences of failure to prevent facilitation of tax evasion”, has also somewhat brought some confusion. In the Act, conduct includes both acts and omissions, but does not encourage nor direct any body, employee of the body, or agent of the body, to wilfully or otherwise, flout any other laws of the country; in this case, the Data Protection Act 1998.
We offer the advice below in the hope that it simplifies your obligations and makes this process easier, and potentially giving you something that you can refer to should you feel pressurised into breaching your DPA (Data Protection Act 1998) obligations or ASA rules by other bodies. We have seen documentary evidence of such behaviour from various bodies and are appalled at the position you are being placed in by such baseless ‘compliance’ edicts. We recognise that this is placing huge strain on your organization and that you may feel threatened by such bodies.
Regarding Personal Information:
This section relates to personal information regarding locum health professionals, including but not limited to, payslips, pay amounts, and details of which payroll or umbrella company is elected (where the payment comes from the agency whilst awaiting reimbursement from the Trust). Only if the Trust is directly paying the payroll company without your involvement would they have a right to know the name of the company used. We are aware of ‘compliance’ demands from NHSI/Chapstix demanding that payslips (or other pay information) for locums be sent back to them and/ or to Trusts. There is no basis in law for this and unless you have express consent to do so you will be acting unlawfully in complying with the request.
As an agency you should be registered with the Information Commissioner’s Office as a data controller under the Data Protection Act 1998 (the Act applies whether or not you have taken this step). This law clearly forbids the sharing of any personal information without an individual’s consent. As a result, where you have not asked permission and had explicit agreement for this to happen, you MUST NOT do this.
Where the agency does not pay any locum directly, it should not hold any payslip information whatsoever –these are personal documents issued by the payroll company/umbrella to the contractor. You should recognise that you are asking these companies to breach the Data Protection Act 1998 in requesting this information from them (and that if you in turn give them to anyone else you would fall foul of the same rules). As we have previously stated, healthcare professionals and recruitment agencies have a symbiotic relationship, and it is not in anybody’s interest for this relationship to be strained by actions that are contrary to the law. We are very keen to forge good relationships with recruiters and support you in providing the best possible service to all parties and helping you avoid legal pitfalls in some of the advice being given by other organisations. We would also like to extend the hand of friendship to you in the hope that information sharing between ourselves will enable both parties to react quickly to a highly fluid situation on the ground.
You can request a statement that the result of an appropriate assessment is respected and tax and NI are deducted in all instances as required by the law from the Umbrella company and forward this to anyone who asks (provided the name of the company has been disclosed); where the name hasn’t’ been disclosed, you can make a statement that you require such a statement from all umbrella companies, but individual data must not be shared. Though you should not normally hold this information, where you do hold it, sharing it would leave you breaching the Data Protection Act 1998 yourself. Similarly, which payroll or umbrella company a locum may use is also personal information which should not be disclosed to a third party.
Where you receive such a request we would suggest:
- Take your own independent legal advice (which should confirm this position)
- State that you are unable to disclose this information because of your duties under the Data Protection Act 1998 or that you do not hold this information and that, even if you did, the Data Protection Act 1998 would prevent its disclosure.
- Remind the organization of their right to appeal to the Information Commissioner’s Office if they disagree and give your registration number with that office.
- Politely refer back to this advice if further requests occur.
- Respect the result of any ICO decision or court order, although these are overwhelmingly likely to be in favour of non-disclosure.
- Feel free to cite that the Independent Health Professionals Association objects to the disclosure of members personal details without their consent where the individual is a member of our organization (we would urge you to recommend that your locums join us to ensure they can request our assistance should it be needed).
- Do not engage in protracted discussion with those requesting this information. Direct them to appeal to the ICO’s office.
Be aware that locums can check whether their data is being disclosed without their permission by making Subject Access Requests under the Data Protection Act to Trusts, Chapstix, and NHSI (and many of our members likely will), and that unlawful disclosure by agencies may end up been brought to the attention of the ICO. IHPA will also be advising their members accordingly regarding this matter.
Regarding Advertisements of Contracts to Locums:
We attach an anonymized example of a communication from one Trust (and have written to the Trust in question to educate them about where they are incorrect as a matter of fact and law, and to attempt to work with them to prevent further such unlawful demands being made of agencies).
As our previous victory has forced NHSI to admit:
- Blanketing contractors under IR35 is unlawful
- An individual assessment must take place in all instances.
As a result:
- All requests to blanket from Trusts such as the above are unlawful. Please refuse such requests and consider forwarding all such communications to firstname.lastname@example.org
- Claiming a job is ‘inside’ (or outside) of IR35 prior to such an assessment is unlawful, hides material information (an assessment must take place), and is misleading (no job can be inside or outside prior to an assessment).
- Advertising a post as either inside or outside IR35 is a breach of numerous ASA advertising standards codes, (See 3.1, 3.3, 3.4.5, 3.17, 3.19, and 20.2 for example).
- All candidates will need forwarding to the Trusts regardless of such requests and IR35 status will need to be determined by the Trusts with due care and in accordance with the law. Trusts cannot skip this step (many are trying to, and actually doing so, in an attempt to reduce administrative burden).
In our fora, we have requested that our members avoid reporting agencies for breach of either the DPA 1998 or the ASA codes at present, as we appreciate that agencies may not have been aware that such behaviour was not permitted, but we would hope to see this behaviour change now that it has been brought to your attention. You will find us extremely willing to help in any way we can to help you manage these responsibilities and we are, as said before, very sympathetic to the pressure being put on you by these bodies.
Contact Details for your Agency:
We are very keen to have good relations and up-to-date contact details for all agencies and would very much appreciate if you could let us know with whom we ought to correspond at the agency. We will shortly be undertaking the next stage of our legal action to resolve this matter – namely the issuing of detailed guidance to the Trusts to help them conduct their assessments lawfully and with due care. We would like to make sure key members of your management structure are given a copy of this guidance. We can also confirm that, should Trusts not comply with this, we will have no option but to proceed to judicial review against them, but we are hopeful that the guidance itself will bring about a change in assessment practices to reflect the realities of the law in and of itself.
Sent on behalf of the Committee & Board of Directors