Logo
Media Centre

The Protection of Privacy Authority’s recommendations regarding disclosure of medical data in employee hiring process

Ohad Elkeslassy Nurit Dagan

30 November 2022

Dear clients and colleagues,

We wish to update you that on November 20, 2022, the Protection of Privacy Authority (the “PPA“) published a draft statement for public comments, including highlights and recommendations concerning the protection of privacy of candidates with respect to the disclosure of their medical data as part of the hiring process. According to the draft statement, due to the power relations between candidates and employers, candidates’ consent to provide their medical data may not be given freely. Therefore, employers who request medical data in order to assess the candidates’ suitability for a position are required to be aware of the rules and recommendations relevant to their activities, in order to minimize the breach of privacy as much as possible. The draft statement sets out the following main recommendations:

  • Candidates’ consent to disclosure of medical data – it is recommended that employers request for the candidate’s medical data, if possible, only after the candidate is hired. In addition, when obtaining the candidate’s consent, employers should present to the candidate a detailed explanation regarding the purpose and relevance to the position of the data.
  • Relevance – employers should avoid the broad collection of medical data that is not fully compliant with the purpose of the collection, and accordingly, avoid having candidates sign broad and general confidentiality waiver forms, health questionnaires, or blanket health declarations. In cases where extensive data is relevant, it must be clarified to the candidates before granting their consent to the transfer of the data.
  • The purposes of using the data – employers should use the medical data only for the purposes of assessing the candidates’ suitability for the specific position. Any other use of the data may constitute a breach of the Protection of Privacy Law, 1981 (the “PPL“). To the extent that an employer wishes to retain and use the data for other legal and legitimate purposes, the employer should obtain the candidates’ specific consent for the additional use of the data.
  • Reduction of additional data – employers should review the relevance of retaining the medical data. In the event the data is no longer required, there is no justification to its retention.
  • Access and correction rights – according to the PPL, candidates and employees have a right to access medical data collected and retained about them within the framework of the hiring process, and the right to request correction of medical data which is incorrect, incomplete, unclear or not up-to-date.
  • Possible actions to reduce breach of privacy – examples include transfer of medical data from the health care provider to an occupational physician and not to the employer, and the employer receive only the occupational physician’s opinion regarding the candidate’s suitability for the position. Alternatively, an employer could ask candidates who are found to be suitable, to provide a summary of their medical data, an examination form, and a declaration about their medical condition.

To read the draft statement in full (in Hebrew) >> click here 

Public comments to the draft statement may be submitted to the PPA until December 20, 2022. 

Sincerely,
Herzog, Fox & Neeman

Ohad Elkeslassy | Partner
Tel: 03-6927424
elkeslassyo@herzoglaw.co.il

 

Nurit Dagan | Partner
Tel: 03-6927424
dagan@herzoglaw.co.il

 

 

Related Practice Areas

Related Lawyers

More news

US FTC Rule Banning Non-Compete Agreements
Published for Public Comments: Directives for Payment Companies Regarding Corporate Governance, Compliance and Risk Management, and Regarding Outsourcing
Together we will overcome
JOIN OUR
Newsletter

    © 2020, All rights reserved, Herzog Law
    Site by Gootte

    The information contained in this web site is provided for informational purposes only and should not be construed as legal advice on any subject matter and should not be relied upon as such. Herzog accepts no responsibility for any consequences whatsoever arising from use of the information contained in this web site. The accessing of information contained in this web site shall under no circumstances be considered as creating an attorney-client relationship between Herzog and any party accessing this web site. Contacting through email any lawyer named in this web site or sending information without prior agreement of Herzog shall not be construed as automatically creating an attorney-client relationship between Herzog and the party sending an email or information. The material contained in this web site has been created by and remains the property of Herzog. No reproduction, transmission, publication or any other form of dissemination shall be permitted unless the prior written consent of Herzog has been obtained. This web site may contain links to other web sites operated by third parties. Herzog does not sponsor, approve or endorse the content of any such web site and is not responsible for the materials appearing in such sites.

    Search by
    Search by +

    Search