Employers obtain employees’ medical information for various reasons, such as verifying a reasonable accommodation request, certifying leave or confirming eligibility for disability benefits. At the federal level, there are several laws restricting when employers can ask for employees’ medical information and requiring employers to keep such information confidential. These laws include the Americans with Disabilities Act (ADA), the Family and Medical Leave Act (FMLA), the Genetic Information Nondiscrimination Act of 2008 (GINA), and the Health Insurance Portability and Accountability Act (HIPAA).
State and local laws may impose stricter confidentiality requirements on employees’ medical information. Employers should be familiar with the laws for the locations where employees are working and adhere to the strictest applicable requirements.
Federal Laws
The following federal laws include confidentiality requirements for employees’ medical information:
- ADA (employers with 15 or more employees) — applies to all medical information;
- FMLA (private-sector employers with 50 or more employees and governmental employers of any size) — applies to leave certifications and family medical history;
- GINA (employers with 15 or more employees) — applies to genetic information, including family medical history; and
- HIPAA (employers that receive protected health information (PHI) to administer their health plans) — applies to health information from a group health plan, not to employment records — which is a common misperception.
Compliance Tips
To maintain confidentiality, employers should:
- Use secure storage that is separate from personnel files;
- Limit access to authorized individuals;
- Train employees on confidentiality practices;
- Ensure electronic systems are secure; and
- Promptly address any suspected breaches of confidentiality.
For more information, contact The MBA’s Legal and HR Services team at hrservices@mbausa.org or 814/833-3200.
Tammy Toman, JD, PHR, SHRM-CP,
is the vice president and employment counsel at The MBA. Contact her at 814/833-3200, 800/815-2660 or ttoman@mbausa.org.
