As of April 14, 2003 employers must start complying with the privacy provisions of HIPAA (“Health Insurance Portability and Accountability Act”) when using protected health information about their employees.
Where might these issues arise?
ADA compliance accommodation of a disabled employee
Safety avoiding exposure to workplace conditions that would adversely affect the employee
Consideration of a request for FMLA leave Compliance with HIPAA’s privacy rules requires obtaining employee consent. The contents of this consent, which must be written “in plain English,” are set forth in these rules:
- specifically describe the protected health information you will use or disclose;
- identify any person or class of persons who will use or disclose the protected health information;
- identify any person or class of persons to whom the protected health information will be disclosed;
- describe each purpose of the use or disclosure;
- have an expiration date or event that ends the authorization;
- state that the individual has a right to revoke the authorization in writing and explain how the authorization is revoked;
- state the disclosed protected health information may be subject to redisclosure by the person receiving the information and privacy protections may be lost;
- include the individual’s signature and date;
- if a personal representative signs the authorization, ensure the authorization includes a description of the representative’s authority to act for the individual; and
- state that treatment, payment, enrollment or eligibility for benefits may not be conditioned on obtaining the authorization to the extent the privacy rules prohibit the imposition of the condition. When a FMLA leave is being requested based on the employee’s own “serious health condition,” these rules can be avoided:
- get the information directly from the employee; and
- use the DOL Medical Certification Statement form
The DOL form works because it provides only the information necessary to determine whether the employee has a “serious health condition” that would entitle the employee to FMLA leave. FMLA Regulations carefully limit an employer’s direct access to the medical records of the employee’s health care provider.
Although the ADA generally prohibits employer inquiries about an employee’s disability, when an employee comes forward and requests an accommodation for a non-apparent disability, an employer may ask for medical documentation. Again, the scope of the employer’s inquiry should be limited and tailored to determining whether the employee has a protected disability. The EEOC has published Guidelines for these inquiries. These Guidelines say an employer has enough information if it:
- describes the nature, severity and duration of the employee’s impairment, the activities the impairment limits and the extent to which the impairment limits an employee’s ability to perform the activities; and
- substantiates why a requested reasonable accommodation is needed.
Discussion of the HIPAA administrative requirements, such as designating a privacy officer to develop and implement an employer’s policies and procedures for compliance and to act as the contact person for receiving complaints and providing information, is for another day.