Workplace Substance Misuse Policies: Testing, Treatment, and Recovery
Most employers know they have a duty to keep people safe at work. Fewer have a written plan for what happens when substance misuse becomes part of that picture. Effective workplace substance misuse policies do not need to be complicated, but they do need to exist. They should balance safety with practical support for the people involved.
What follows is a practical walkthrough: what a good policy covers, when and how to test, how to handle data properly, and how to connect someone to treatment and plan a safe return to work.
What workplace substance misuse policies cover
A written policy sets the ground rules for everyone. At its simplest, it tells staff what is expected, what support is available, and what happens if those expectations are not met. HSE recommends a clear, written approach to drug and alcohol misuse at work. If employers choose to use screening or testing, the policy should explain when and how it will be used.
A useful policy typically addresses:
- Scope and definitions, including which substances and work settings are covered
- Routes for disclosing prescription medication that may affect safety
- Support and referral options, such as an EAP, GP, or community services
- When testing may occur, and who authorises it
- Consent, fair process, and the right to appeal
- Confidentiality and data handling
- Disciplinary thresholds and how they connect to support
- Manager training requirements
- A review schedule, at least annually
Acas advises consulting recognised trade unions or worker representatives when developing and reviewing health and safety policies. Even in smaller businesses without union recognition, involving staff in the process can build trust and catch practical issues early.
Risk First, Not Surveillance
Testing should follow from a health and safety risk assessment, not the other way around. Start by identifying roles where impairment could cause serious harm, such as forklift operators, drivers, employees working at height, and anyone using dangerous machinery.
For desk-based teams with no safety-critical exposure, blanket random testing is hard to justify on proportionality grounds. A risk-based approach means testing is triggered by clear circumstances:
- For-cause or reasonable suspicion, based on observable signs such as slurred speech, coordination problems, or the smell of alcohol
- Post-incident, where substance misuse may have been a contributing factor
- Return-to-duty, following treatment, as part of an agreed plan
- Pre-employment, for safety-critical roles where testing is justified and disclosed upfront
- Random, limited to safety-critical roles with a clear policy basis
Document your reasoning. If you cannot explain why testing is necessary for a particular role or situation, it probably is not proportionate.
Testing Methods and When to Use Them
Not all tests measure the same thing. Choosing the right method depends on what you are trying to find out and the context in which the test is carried out.
- Breath alcohol provides a real-time proxy for impairment. Results are immediate, making it the closest option to measuring current intoxication.
- Urine offers a broader detection window and is well suited to lab-led confirmatory analysis. It is more invasive and may require supervised collection in some protocols.
- Oral fluid (saliva) detects recent use, making it practical for for-cause and post-incident scenarios. Collection is less invasive and can be done onsite.
- Hair provides a much longer detection window, often weeks to months, but says nothing about current impairment. It is rarely appropriate for incident-triggered testing.
Impairment vs. Presence
This distinction matters. Guidance from CIPD and BMA notes that a positive drug test does not itself prove impairment. A screening result indicates the presence of a substance above a threshold, not that someone is unfit for work at that moment. That is why confirmatory testing and interpretation by a Medical Review Officer or qualified clinician are important before any employment decision is made.
A Note for Multi-Region Teams
If your business has staff in Australia or New Zealand, onsite oral-fluid testing there commonly follows AS/NZS 4760:2019, which sets out procedures for specimen collection, screening, chain of custody, and confirmatory analysis. For Australian operations considering onsite screening, a mouth saliva drug test delivered to that standard can be a practical option when paired with confirmatory lab analysis and clear chain-of-custody steps.
Always take local legal advice on consent, privacy, and any applicable industrial instruments before introducing testing in another jurisdiction.
Privacy and Data Governance
Drug and alcohol test results are health information. Under UK GDPR, they are classified as special category data, which means stricter rules apply to how you collect, store, and share them.
The ICO states that drug and alcohol testing involves collecting workers' health information and must be necessary, proportionate, and supported by an appropriate condition for processing. Employers should also remember that consent to give a sample is separate from the lawful basis for processing health data. In many workplace situations, consent alone is unlikely to be the right data protection basis.
In practice, this means:
- Carry out a data protection impact assessment before introducing testing
- Collect only the data you need
- Restrict access to results, with raw results managed by a designated person or occupational health provider rather than line managers
- Set clear retention periods and delete data when it is no longer needed
- Tell workers what data is collected, why it is collected, and how long it is kept
- Give workers access to their own results and a route to challenge them
Treatment and Recovery Pathways
A policy that only punishes is unlikely to reduce risk over time. CIPD advises a preventative and supportive approach alongside clear disciplinary procedures. The goal is to help someone get better and return safely where possible, while still managing serious safety or conduct concerns.
In the UK, treatment pathways include GP referral, NHS community drug and alcohol services, residential detox, inpatient rehabilitation, outpatient programmes, and mutual-aid groups. The NHS provides guidance on accessing these services, and most can be reached through a GP or local authority. An Employee Assistance Programme, if your business has one, can also offer confidential assessment and onward referral.
If you have staff based in Victoria, Australia, you can signpost local support options for alcohol rehab in Melbourne that cover detox, inpatient and outpatient care, family support, and continuing care pathways.
When offering support, document the conversation, any referrals made, and any agreed-upon next steps. This protects both the employer and the employee if the situation later moves into a formal process.
Return-to-Work Planning
Returning to work after treatment is a process, not a single event. A good return-to-work plan covers:
- A fit note from the employee's GP or treatment provider
- Temporary adjustments, such as reduced hours, supervised duties, or a temporary move away from safety-critical tasks
- A defined monitoring period with agreed check-ins
- A written relapse plan that sets out what happens if difficulties recur, without stigma but with clear steps
- A safety reassessment before the person returns to any high-risk role
For practical support-first guidance on employees returning from treatment, align phased duties, check-ins, and any relapse plan with occupational health advice.
Under the Equality Act 2010, addiction to non-prescribed drugs or alcohol is generally excluded from the definition of disability. However, related conditions, such as depression arising from or alongside substance misuse, may still qualify. Take advice if you are unsure.
One-Screen Policy Checklist
Use this checklist when drafting or reviewing your policy:
- Written policy reviewed within the last 12 months
- Scope covers all relevant substances and all work settings, including work events
- Risk assessment completed for roles where testing is proposed
- Testing triggers are clearly defined, including for-cause, post-incident, return-to-duty, and pre-employment for safety-critical roles
- Consent process documented
- Confirmatory testing and clinical review are built in
- Support and referral routes are listed, such as EAP, GP, and NHS services
- The data handling section covers lawful basis, access controls, retention, and worker rights
- Manager training scheduled
- Staff or union consultation completed
- Return-to-work template available
- Annual review date set
A 30-60-90 Day Implementation Plan
Days 1 to 30: Carry out a risk assessment across your roles. Review any existing policy or informal practices. Identify your data protection obligations and begin a data protection impact assessment.
Days 31 to 60: Draft or update the written policy using the checklist above. Consult staff representatives. Identify an occupational health provider or Medical Review Officer if testing will be part of your approach. Set up or review your EAP provision.
Days 61 to 90: Train managers on recognising reasonable suspicion, documenting concerns, and making referrals. Communicate the policy to all staff. Run a short tabletop exercise by walking through a post-incident scenario to test your process before you need it.
After that, review the policy annually. Policies that sit in a drawer help no one. The ones that work are the ones that people know about, trust, and use.
(Source)
(1).jpg)
.jpg)
.jpg)