ON HEALTH SCREENING AND OTHER EMPLOYEE SURVEILLANCE

A guide to introduction

By John Berry. TimelessTime Ltd, December 2011
www.timelesstime.co.uk  © TimelessTime 2011

Synopsis

Management has the right to manage.  But it has to behave reasonably and have good reason for its actions.  This paper addresses the general question often asked: can management implement routine screening, testing or other surveillance of employees, their goods, information and health?  It goes on to show how management should go about its introduction in cases where screening or surveillance is appropriate.

The Issue

There are a number of domains where management might want to monitor employees’ activities.  Conversely, employees have the right to privacy whilst at work.  Some examples of the arguments for and against are shown below.
 

As individuals, we can all understand both sides of the arguments.  Management can’t just bully staff to accede to intrusive screening, particularly where there is no obvious negative effect to employee performance.  And conversely, where there is good reason for screening, employees can’t just say no to everything.  The key to resolution is the phrase ‘good reason’.  Management has a duty of care to its employees.  That duty of care extends to being able to prove, possibly in a court of law, that it has taken such steps as necessary to protect staff and systems such that the business can continue to provide benefit to all its stakeholders.  That duty of care gives management good reason but action must only be sufficient to control the problem and no more.

This paper shows then that management can't simply start screening or surveillance. It must follow a process to prove that it is behaving reasonably to protect the business and stakeholders.  That process has two aims: the first to show that the action is both necessary and proportionate and second to build trust in the staff who will be the subject of the action.

This paper goes on to take one of the common topics for surveillance, health screening, and uses that as example of how management should proceed.

Approach to Health Screening

There is an established management approach to determining the actions that are needed to protect a firm.  This applies in quality assurance, in information security, in health and safety and in a host of other areas that we normally see covered by various standards and institutions.  It is the approach of risk management.  The diagram below shows the essence of the approach.

Let us assume that the firm is in a business that uses processes that might be a hazard to employees’ health.  In this case there is perhaps some history that suggests that protection of the workforce is an issue or legislation may be in place[1].  Management in their strategy should determine objectives that express the desire to control risks.  In health and safety the Health and Safety Executive give guidelines.  These objectives are likely to be compliance with HSE guidelines or measurable targets from other agencies[2].  The assets in this case are human – staff.  Management is acting to protect its assets.  It is not acting to protect itself from lawsuits.  If it protects its staff, there will be no lawsuits.

The second activity is to draw up a risk register by investigating the processes undertaken by the workforce.  A risk register is a list of the untoward events and hazards that might beset the assets (the workforce) when running the process.  Once the list is available, each can be scored for chance of occurrence and severity of effect.  A final score is arrived at by multiplying the risk by the severity.  Only risks scoring over a value (decided on by management) are mitigated.  The rest are accepted.  How this is done is well documented3.

Many risks to health occur when exposure is over a long period.  The effect must therefore be assessed considering ‘normal’ operation.  An example might be use of hand tools which vibrate and where normal use is near-continuous.  The effect is felt in time by the operative.

The process of risk management then requires the company to determine the controls needed to reduce the effects of the various risks to acceptable levels.  These acceptable levels or in the case of exposure, exposure action values (values above which management must act to control) are key to risk management.  No risk will ever be eradicated but all can be managed.  In the above example a simple control might be to reduce the time taken using the vibrating tool.  This may demand use of an alternative low exposure tool in order to run the process and the risk has been managed to below the exposure action values.  Controls manage risks.

And finally, management must be able to prove that the risks are maintained below accepted levels or exposure action values.  It’s here that health screening might play a part but only after the risks have been identified and the controls put in place.  Management must keep records and these records must be proven valid.  In the case of the vibrating tool, a simple paper log of the number of hours a day each employee uses that tool might suffice. This can be captured from time to time and presented graphically to show that the control is working.  Audit involves inquisitorial investigation to determine if the records are true – often by simply asking the employees, then observing the process to see that it can be completed without falsifying records.  The best auditors are other staff from other departments.  Modern methods of audit are well documented.

Health screening can be part of the process and provides measurement – and measuring health deterioration should drive modified controls.  But it does not replace other measures and controls.  In the case of non-ionising radiation (cited above as a footnote), we don’t go measuring employees for cancer.  We control exposure levels.  If health effects are seen, one could argue that it’s too late.  Ultimately then, management should be able to confirm that the controls are in place.  They can underpin their assertion that the process is safe by referring to the body of knowledge that exists, for example about the effects of vibration and the exposure action values.  And in some cases, perhaps where the effects are so severe and difficult to measure4 or perhaps where the body of knowledge does not exactly apply to the industry or is as yet not conclusive, additional security may be needed to show that the duty of care has been discharged.  In this case, management may implement screening for specific health symptoms identified when analysing the effects during risk analysis.  By identifying the risks, controlling them and identifying occasion when control may fail or be inadequate, management has demonstrated necessity and proportionality.

Interim Conclusions and Recommendations

We have demonstrated that surveillance and specifically health screening is one part of a management process that starts with the firm’s board of management determining strategy and ends in controlling the chance of untoward events and reducing the effects of exposure to hazards.  In many cases, the effects of these untoward events and the effect of prolonged exposure on the health of workers can be controlled by changing the process or perhaps having operatives wear personal protective equipment.

In the first part of this paper we don’t discuss how surveillance or health screening might be introduced – for there are many problems.  The positive psychological contract between staff and the firm can easily be destroyed by mandatory and potentially unnecessary screening.  We started this paper with a discussion about how employees feel about such management action.  Part of the process of introduction is the proof to staff that management is discharging its duty of care; that it is determining what is necessary and proportionate to safeguard employees’ health.  That done, it can legitimately begin the process by which it will introduce screening should that be necessary.

There’s still a long way to go before staff will be happy to submit to screening.  We discuss the employee relations issues in the next part.

To be continued...