//WebSights Header HTML Script
Speak to an Advisor: 800.727.4114
phone location_on
Blog

Protecting Employees’ Medical Information in the Workplace

Posted: in Human Resources , FMLA , Americans with Disabilities Act - ADA


Employers obtain employees’ medical information for various reasons, such as verifying a reasonable accommodation request, certifying leave or confirming eligibility for disability benefits.

At the federal level, there are several laws restricting when employers can ask for employees’ medical information and requiring employers to keep such information confidential. These laws include the Americans with Disabilities Act (ADA), the Family and Medical Leave Act (FMLA), the Genetic Information Nondiscrimination Act of 2008 (GINA), and the Health Insurance Portability and Accountability Act (HIPAA).

The ADA is the main federal law that protects employees’ medical information in the workplace. The ADA limits when covered employers can request employees’ medical information (or require medical examinations) and broadly requires all employee medical information to be kept confidential, regardless of why the information was provided. To comply with the ADA, employees’ medical information should be maintained separately from personnel files and only accessible to authorized individuals.

State and local laws may impose stricter confidentiality requirements on employees’ medical information. Employers should be familiar with the laws for the locations where employees are working and adhere to the strictest applicable requirements.

Federal Laws

The following federal laws include confidentiality requirements for employees’ medical information:

  • ADA (applies to all medical information);
  • FMLA (applies to leave certifications and family medical history);
  • GINA (applies to genetic information, including family medical history); and
  • HIPAA (applies to health information from a group health plan, not to employment records).

Compliance Tips

To maintain confidentiality, employers should:

  • Use secure storage that is separate from personnel files;
  • Limit access to authorized individuals;
  • Train employees on confidentiality practices;
  • Ensure electronic systems are secure; and
  • Promptly address any suspected breaches of confidentiality.

Compliance Tips

In general, employers are required to protect the confidentiality of all employee medical information, regardless of how the information is received or the purpose of the disclosure. The ADA imposes this broad confidentiality protection on employers with 15 or more employees, although other federal laws provide additional protections for specific types of medical information (e.g., genetic information). To keep employees’ medical information confidential in accordance with the ADA, employers should consider the following best practices: 

  • Develop clear policies for the collection, storage, access and use of employees’ medical information;
  • Maintain medical records in a separate file from the employee’s other employment records; 
  • Use locked cabinets or storage for physical files and secure digital storage for electronic information;
  • Limit access to authorized personnel, such as HR personnel;
  • Train employees who handle medical information on confidentiality requirements, including the limited situations when information can be disclosed; and
  • Promptly respond to any suspected breaches of confidentiality.

ADA

The ADA is a federal law that prohibits employers with 15 or more employees from discriminating against qualified individuals with disabilities in all employment practices, such as recruitment, compensation, hiring and firing, job assignments, training, leave and benefits. The ADA requires covered employers to provide reasonable accommodations to employees or applicants with disabilities unless doing so would impose an undue hardship on the operation of the employer’s business. The ADA also restricts when employers can require employees or applicants to undergo medical examinations or provide disability-related information and imposes confidentiality requirements on employees’ medical information. 

Restrictions on Obtaining Medical Information

The ADA prohibits covered employers from requiring employees or applicants to undergo medical examinations or provide disability-related information, except under certain circumstances. An employer’s ability to require medical examinations or make disability-related inquiries is analyzed at three stages: pre-offer, post-offer and employment. These stages are as follows:     

  • Prior to an offer of employment, all medical examinations and disability-related inquiries are prohibited, even if they are related to the job. An employer may ask job applicants whether they can perform the job and how they would perform the job, with or without a reasonable accommodation;
  • After an applicant is given a conditional job offer, but before the individual starts work, medical examinations and disability-related inquiries are allowed regardless of whether they are related to the job as long as they are also required for all entering employees in the same job category; and
  • After employment begins, an employer may require medical examinations and make disability-related inquiries only if they are job-related and consistent with business necessity. In general, these standards are met if an employer can show that it has a reasonable belief, based on objective evidence, that the employee’s ability to perform essential job functions will be impaired by a medical condition or the employee will pose a direct threat due to a medical condition.

As an exception, medical examinations and disability-related inquiries are permissible after employment begins if they are part of a voluntary wellness program.

Confidentiality

With limited exceptions, the ADA requires employers to treat any medical information they receive about an applicant or employee as a confidential medical record. This includes health information that employers obtain from a medical examination or disability-related inquiry, as well as any medical information that is voluntarily disclosed by an employee (for example, in connection with a leave request or a request for a reasonable accommodation). Medical information must be treated as confidential even if it does not contain a medical diagnosis or treatment course and even if it is not generated by a health care professional. This ADA protection broadly applies to all applicants and employees, not just those who have a disability.

To maintain confidentiality, the medical information must be kept in separate medical files that are only accessible to designated individuals. In addition, health information obtained as part of a voluntary wellness program must be kept confidential. Generally, employers may only receive medical information in aggregate form that does not disclose, and is not reasonably likely to disclose, the identity of specific employees. Also, employers cannot require employees to agree to the sale, exchange, transfer or other disclosure of their health information to participate in a wellness program or receive an incentive.

Employers may only share confidential medical information in the following limited circumstances: 

  • To supervisors and managers where they need medical information to provide a reasonable accommodation or meet an employee’s work restrictions;
  • To first-aid and safety personnel if an employee would need emergency treatment or require some other assistance (such as help during an emergency evacuation) because of a medical condition;
  • To individuals investigating compliance with the ADA and with similar state and local laws; and
  • Pursuant to workers’ compensation laws (e.g., to a state workers’ compensation office to evaluate a claim) or for insurance purposes.

FMLA

The FMLA is a federal law that provides eligible employees of covered employers with unpaid, job-protected leave for certain family and medical reasons. In general, the FMLA covers private-sector employers with 50 or more employees and governmental employers of any size. Eligible employees may take FMLA leave for the following qualifying reasons...

Continue reading this SSG Compliance Advisor to learn more about laws that apply to:

  • FMLA
  • GINA
  • HIPAA Privacy and Security Rules

 

 

Previous Icon Prev
See All News See All News Icon
Next Next Icon
Employee Benefits
Health Benefits Consulting Market Management Plan Administration HR Advocacy Workplace Wellness
Explore
Company Blog Webinars Careers
Resources
Compliance Support Insurance Providers Privacy
Connect
Contact Us
We know you’re busy, but you still need to be informed.
No spam, just straight-forward, valuable benefits related content and important compliance updates.
Subscribe