ATOS Healthcare, when is a medical not actually medical?

13thHouR/ May 5, 2013/ Uncategorized/ 1 comments

With so many peeps becoming desperately ill or even dying as the result of listening to the outcome of the Work Capability Assessment, as carried out by ATOS Healthcare on behalf of the Department of Work and pensions. I thought it was important to Highlight one important thing.

Do not listen to the Doublespeak. read and take note of the following;

******** ‘The Work capability assessment is not a medical assessment!’******

Do not be fooled by the Department of Work and Pension or ATOS Healthcares continued reference to a Medical, it is intended to fool you into sharing your information with persons who do not even bother to declare themselves correctly under UK law.

Data Protection Act and the WCA.

If the Department of Work and Pensions where to be believed then ATOS Healthcare is just a contracted company, of which their sole purpose is to process information on their behalf. In reality this could not be any farther from the truth.

Lets for the moment consider the loose term of a Work Related Medical. Most peeps only real dealing with such things are when they apply for a new job, that has specific health criteria. At which point the company may well ask you to attend a private medical assessment.  At no time does this company or the assessor ever try to even imply that such an examination is a medical diagnosis or that such a medical will declare you fit, it only declares if you have any medical issues which may affect your employment with that company.

However a number of years ago the issue of this being a separate organisation assessing potential employees was raised to the Information Commissioner. The outcome of which is that if they

“Offer an ‘opinion’ which may alter a later outcome or decision”

They are defined as a Data Controller.

Now many of us are aware of Baron Freud’s definition of the Work Capability Assessment as not being a medical diagnosis, and that they only offer an ‘opinion’.  Thus arises the legal issue. As they are offering an ‘opinion’ they are no longer just processing the information, they are controlling the later interpretation of the information.

Therefore as the ICO is very clear to define, they are in fact a Data Controller.  A matter which both ATOS Healthcare and the Department of Work and Pensions have been well aware of since November 2011.

The response of the Rt Hon Iain Duncan Smith MP, to this?…….. yep you probably guessed it, absolutely no response at all.

ATOS Healthcares Senior Manager of their Customer Relations Departments response?

“As a contractor for the Department of Work and Pensions, we are acting as a Data Processor, therefore we do not have to declare to the Information Commissioner in respect of customers confidential information”.

This was followed up by referring the matter to the Department of Work and Pensions, policy, communications section, who stated.

“”As a contractor for the Department of Work and Pensions, they are acting as a Data Processor, therefore they do not have to declare to the Information Commissioner in respect of claimants confidential information”.

An almost identical scripted response. Which on both occasions is designed to mislead the enquirer so that they do not ask any more questions.

Obviously I did the opposite of what I was supposed to do and I asked more questions. Citing the Information Commissioner ruling, the phone went silent for nearly 10 minutes whereupon the person I was speaking to stated.

“This conversation is going around in circles”.

My response, was: “Well to be factual this conversation has not existed for 10 minutes whilst you where keeping me waiting on the phone”, ” However setting that aside, you still have not responded to the fact that the information commissioner would consider ATOS Healthcare in the capacity of the WCA to be a Data Controller”, “Of which neither the DWP or ATOS Healthcare have complying with the Data Protection Act”.

The Response to this was.

“That is a policy matter, we do not deal with policy matters” and he terminated the call.

So if the communications section for the Department of Work and Pensions Policy Division do not deal with Policy Related matters, what do they exist for?

Setting all this aside, lets look at the two terms as defined by the Data Protection Act

Data controller
means … a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Data processor,
in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Now looking at those in isolation it would be easy to see how the DWP has been getting away with this, as both the DWP and ATOS Healthcare have been insistent that the DWP ‘determines the purpose’ and ” the purposes which and the manner in which any personal data are, or are to be, processed”

However if you dig a little deeper into the Data Protection Act definition of ‘Processing’ their argument starts to unravel


in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including –

(a) organisation, adaptation or alteration of the information or data,

(b) retrieval, consultation or use of the information or data,

(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or

(d) alignment, combination, blocking, erasure or destruction of the information or data.

To put it more simply, a Data Processor (ATOS Healthcare)  is only allowed to alter, adapt information according to predefined rules set by the Data Controller (Department of Work and Pensions). At no point is a Data Processor allowed to apply their own rules, (Offer an opinion) which would alter the rules for adaptation or alteration of the information. As the second they offer an opinion they change from the definition of a Processor to that of a Controller.

Why is this definition so important?

  • A Data Controller cannot share private or sensitive data with another Data Controller without receiving signed authorisation from the Data Subject.
  • A Data Controller cannot obtain this authority by subterfuge, it must be clearly explained to the Data Subject
  • A Data Controller must allow the Data Subject the right to refuse the sharing of their data with any other Data Controller


As you will see here

Edit 12.06.13, oddly its been moved here

ATOS IT (ATOS Healthcare) rather surprisingly, are not actually registered with the Information Commissioner as Either a Data Processor or a Data Controller in respect of these face to face assessments.

As purpose 8 is as close as one can get to what they are claiming to do, however the description of purpose is “The provision and administration of patient care.” which as we already know benefit claimants are not ‘patients’.

So the further we dig, the more intriguing this becomes.

ATOS Healthcares response to this alarming finding?

“As a contractor for the Department of Work and Pensions, we are acting as a Data Processor, therefore we do not have to declare to the Information Commissioner in respect of customers confidential information”.

Which is interesting given that they have openly declared as processors in respect of the Majority of their other contracted purposes for other organisations, that plus even as a processor, they would be processing sensitive data from the Data Subject. Thus their would be a requirement to register that Purpose even in the Capacity of being a Data Processor.

Now that we have established that ATOS Healthcare are in fact a Data Controller and have been breaking the law in the United Kingdom.

I will move on to the fact that the Department of Work and Pensions as well as the Rt Hon Iain Duncan Smith MP, where fully aware of this issue from the start.

Declaration 4,  Page 18, ESA50 Questionnaire.

Now for a moment, let once again set aside the fact that we have established within the definition of law that ATOS Healthcare are a Data Processor and look again at the comment from the Department of Work and Pensions. (Which is somewhat standard issue to anybody that enquires”.

“As a contractor for the Department of Work and Pensions, they are acting as a Data Processor, therefore they do not have to declare to the Information Commissioner in respect of claimants confidential information”.

So if that is the case, then obviously the Department of Work and Pensions would have no reason to seek further authority to share claimants Private/Sensitive Data with ATOS Healthcare.

So you think…. yet there is this anomaly

Declaration 4, Page 18, ESA50 Questionnaire states as follows;

I agree that

  • the Department for Work and Pensions
  • any health care professional advising the Department
  • any organisation with which the Department has a contract for the provision of medical services

May ask any of the people or organisations mentioned in this questionnaire for any information which is needed to deal with

  • this claim for benefit
  • any request for this claim to be looked at again and that the information may be given to that health care professional or organisation or to the Department or any other government body as permitted by law.


If ATOS Healthcare was a Data Processor, then in law there would be no need to seek further permission to talk to named persons or organisations for them?

If  the DWP and ATOS where to be believed in law this declaration is not actually required.  So what do you think would happen if a claimant decided to redact this declaration, after all it is not require is it?

The Decision Maker on behalf of the Secretary of State for the Department of Work and pensions (Rt Hon Iain Duncan Smith MP) will declare, that because the claimant has redacted this declaration that they have ‘failed to return the questionnaire’, and that person will be declared as ‘not having limited capability for work’.

Which gets all the more intriguing, however it does not stop there, last year a claimant took ATOS Healthcare to court, for failing to make reasonable adjustments under the Equality Act, so they could attend a Work Capability Assessment.

Originally ATOS Healthcare where trying to claim that as a Contracted assessor, Data processor for the Department of Work and pensions, that the liability fell upon the Department of Work and Pensions to ensure reasonable adjustments are made.

If they where just a Data Processor then this would in law be a reasonable counter argument, meaning that the claimant should have in fact taken the DWP court.

However after over a year of making this claim, ATOS Healthcare backed down and made an out of court settlement with the claimant for £2000 compensation for failure to make reasonable adjustments under the Equality Act.

Even though this is an out of court settlement which prevented the ruling of fault in respect of the equality Act. What is did do was to clearly define that ATOS Healthcare are not just a Data Processor, they are a Data Controller, with all the liabilities that entails.

Including that of failure to correctly notify the Information Commissioner of their intentions as a Data Controller, to handle, Private and Sensitive Data,  pertaining to claimants of Social Security Benefits.



Share this Post

1 Comment

  1. Excellent information and very appropriate to my situation.
    I completed an ESA50 just over a year ago and redacted all third party consent (due to past past with atos). I also sent form back to dwp, not atos.
    atos made first appointment on a day i had stated my assistant wasn’t available. They cancelled but claimed this was at my request – but admitted they had not seen form (so were processing data before they even knew about my non-consent).
    The catalogue of errors has continued for a year now. 7 appointments issued then cancelled due to their cock-ups.
    Got sick of being fobbed off by their “Customer Care”, so wrote to CEO. Got a response letter back from a manager at Leeds – 1 answer, 14 fob-offs and a “wish” to apologise.
    I am in the process of writing to CEO again. I may have some dynamite information, but have no idea whether it will have any effect.
    After a year of this atos farce I am really struggling to retain a sense of reality. I may have mental health problems, but I seem to have a better grasp of reality than any of the atos staff.
    I have another visit arranged for next fri (5 Jul) so time is v tight.
    Hope we could get together and exchange notes for mutual benefit.

Leave a Comment

Your e-mail address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>