Employers must take great care with medical records
Question: My wife applied for an ADA accommodation at her new job, which asks us to supply personal medical records. I am concerned about that information circulating throughout management. What are the rules for handling someone’s medical information? – Lee
Answer: I understand your sensitivity to protecting your wife’s personal information. However, to accommodate her Americans with Disabilities Act request, her employer requires access to her medical information. They are responsible for using that information to evaluate her needs and fully comply with federal laws and guidelines. It’s crucial for employers to handle this information with the utmost confidentiality and only share for accommodations.
If you have concerns about how her medical information is being handled or shared, it’s essential to address them directly with her employer to ensure compliance with the ADA and other relevant regulations. Under federal employment laws like the ADA and the Health Insurance Portability and Accountability Act, handling someone’s medical information requires strict confidentiality. Let’s break down the key points regarding rules for handling medical data:
Special to USA TODAY
Employers are legally required to keep employee medical information confidential, regardless of whether it falls under ADA or HIPAA regulations.
Americans with Disabilities Act
Employers must maintain the confidentiality of medical information obtained from a medical inquiry or examination, including data from voluntary health or wellness programs.
Medical information can be shared with supervisors and managers if needed to provide reasonable accommodation or meet an employee’s work restrictions.
Access to medical records must be restricted to designated officials and must be kept separately from an employee’s general personnel file.
hhhHealth Insurance Portability and Accountability Act
HIPAA requires employers to maintain the confidentiality of employee medical information derived directly from the group health plan.
Information obtained through summary claims reports from the insurance carrier or plan administrator falls under HIPAA regulations.
Other medical records obtained through the employer’s role, such as sick leave notes or workers’ compensation records, are not covered under HIPAA but are protected under the ADA.
hhhState laws
Many states have confidentiality rules for medical information, which may be more restrictive than federal laws.
Employers should be aware of and comply with state-specific regulations regarding the handling of medical data.
In summary, employers are legally required to keep employee medical information confidential, regardless of whether it falls under ADA or HIPAA regulations. If there are concerns about the handling or dissemination of medical information, your wife should reach out to the HR department or consult legal counsel.
Johnny C. Taylor Jr. is president and CEO of the Society for Human Resource Management and author of “Reset: A Leader’s Guide to Work in an Age of Upheaval.” The questions are submitted by readers, and Taylor’s answers have been edited for length and clarity.
hh